How Spammers Get Email Addresses

Fighting spam is difficult. How exactly do spammers get your email address? In this article we will look at how the spammers get your email address.

How Do Spammers Get Your Business Email Address?

Spam email takes up valuable time and resources of a business. Here’s some ideas on how you helped the spammers along:

  1. Mailto Links

    Do you have a mailto: link on your website?

    This is a link that someone clicks to email you. The link opens the visitor’s resident email program.

    e.g. Send Mail

    <a href="mailto:someone&#64;yourdomain.com">Send Mail</a>

    &#64; is the HTML ASCII code for the @ sign. Your link may use the @ sign instead of the HTML ASCII code.

    The spammers use robots to surf the net looking for this coding in webpages. They have smartened up over time and look for the HTML ASCII code and the @ sign.

  2. Website Forms

    Do you have a form on your website?

    If you have a contact form on your website it may have the same problem as the mailto: link. The spammer robot finds the email address within the coding of the form.

  3. WHOIS records

    WHOIS records is the registery containing the contact information for each website. There are different WHOIS records and some do not contain all the records for the world. I found that the Allwhois.com to be the most complete resource when looking up WHOIS records. It includes Canadain domains, which some WHOIS services do not.

    Update: As of June 2008, the CIRA (Canadian Internet Registration Authority) has changed their privacy policy and now hide domain name registration contact information. You have to specifically request that your domain registration information be shown when someone uses a WHOIS service to find the domain owner information.

    You likewise can use this record to lookup the offender’s hosting record if it is from a specific domain name. You can then report their behavour to their hosting company.

    It is possible to paid for your email address to be hidden in the records. The down side to this is if a legit person needed to contact you they can’t.

  4. Service Signups

    You have signed up for type of service and gave your business email address. Their Terms of Service or Privacy statement probably said they will sell or give out your email address and you missed that.

How do Spammers Get My Personal Email Address?

Spam is also a problem for those who do not have a business. Let’s look at the ways spammers get your personal email address:

  1. You Gave Out Your Email Address

    Just like a business owner, you helped the spammers along by giving them your email address. You signed up for something (say a game site) and did not notice (or did not untick ) the section on their site where they stated that they will sell or otherwise give out your email address.

  2. Spammers Use Dictionary Attacks

    Spammers use a technique a called dictionary attack which in the computer security world means they try every combination of names and letters at an email address. This can also happen with business email addresses.

    “In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because most people have a tendency to choose passwords which are easy to remember, and typically choose words taken from their native language.”

    Dictionary attack – Wikipedia, the free encyclopedia

    Basically, the spammers try every combination possible at the domain.

  3. You Replied to an Email You Shouldn’t Have

    Again, you have helped spammers along by giving them confirmation that the email they sent the spam to is a valid email address.

    Those “If you wish to be deleted from our mailing list click here” links in unsolicitated emails are a way for the spammers to confirm that the email reached a valid email address and they just add you to the valid list.

  4. You Participated in a Chain Letter or Pass it Along Email

    Your dear friend has passed on some kind of chain letter or other “pass it along” email and you did just as requested, passed it on.

    Now, everyone in future “pass it on” mailings has your email address.

  5. You Signed Up for an Email Group

    You decided to signup for an email group and your email address is public knowledge. This can happen to those who use their business email address also.

    The group owner can set up the email group so your email address is hidden from other members. The group owner can also make the postings of the group private. This means only members of the group can see postings.

    If on the home page of the email group (or forum for that matter) shows the postings of the group and you can see the posters’ email address, then so can the spammers.

  6. Your Friend Submitted Your Email to a Refer a Friend Scheme

    Your friend submitted your email address to a Refer a Friend scheme to get something for free or some other Refer a Friend promotion.

    Although they thought they were doing something good, they actually were helping the spammer build a list of working email addresses.

    Some of these Refer a Friend schemes share their lists. This only multiplies the number of people that have your email address.

So as you can see from the lists above, you contributed to the problem by making your email address available.

Now what?

Well, one way would be to change all your email addresses, using different ones for different purposes.

This solution may not be practical for some so we’ll look at some ways to fight spam in our next post.

Fighting Spam

What's next?: Get Updates via RSS | Read our latest posts or share on your favourite social network:

Have some thoughts on this article? We would like to hear them. Use the form below.