How do Spammers get my Email Address?
There are many ways in which spammers can get your
email address. There are some of them:
1. From posts to UseNet with your email address.
Spammers regularily scan UseNet for email address, using ready made programs
designed to do so. Some programs just look at articles headers which contain
email address (From:, Reply-To:, etc), while other programs check the articles'
bodies, starting with programs that look at signatures, through programs
that take everything that contain a '@' character and attempt to demunge
munged email addresses.
There have been reports of spammers demunging email
addresses on occasions, ranging from demunging a single address for purposes
of revenge spamming to automatic methods that try to unmunge email addresses
that were munged in some common ways.
As people who where spammed frequently report that
spam frequency to their mailbox dropped sharply after a period in which they
did not post to UseNet, as well as evidence to spammers' chase after 'fresh'
and 'live' addresses, this technique seems to be the primary source of email
addresses for spammers.
2. From mailing lists.
Spammers regularily attempt to get the lists of subscribers to mailing lists
[some mail servers will give those upon request], knowing that the email
addresses are unmunged and that only a few of the addresses are invalid.
A different technique used by spammers is to request
a mailing lists server to give him the list of all mailing lists it carries
(an option implemented by some mailing list servers for the convenience of
legitimate users), and then send the spam to the mailing list's address,
leaving the server to do the hard work of forwarding a copy to each subscribed
[I know spammers use this trick from bad experience
- some spammer used this trick on the list server of the company for which
I work, easily covering most of the employees, including employees working
well under a month and who's email addresses would be hard to find in other
3. From web pages.
Spammers have programs which spider through web pages, looking for email
addresses, e.g. email addresses contained in mailto: HTML tags [those you
can click on and get a mail window opened]
Some spammers even target their mail based on web
pages. I've discovered a web page of mine appeared in Yahoo as some spammer
harvested email addresses from each new page appearing in Yahoo and sent
me a spam regarding that web page.
4. From various web and paper forms.
Some sites request various details via forms, e.g. guest books &
registrations forms. Spammers can get email addresses from those either because
the form becomes available on the world wide web, or because the site sells
/ gives the emails list to others.
Some companies would sell / give email lists filled
in on paper forms, e.g. organizers of conventions would make a list of
participants' email addresses, and sell it when it's no longer needed.
Domain name registration forms are a favourite
as well - addresses are most usually correct and updated, and people read
the emails sent to them expecting important messages.
5. Via an Ident daemon.
Many unix computers run a daemon (a program which runs in the background,
initiated by the system administrator), intended to allow other computers
to identify people who connect to them.
When a person surfs from such a computer connects
to a web site or news server, the site or server can connect the person's
computer back and ask that daemon's for the person's email address.
Some chat clients on PCs behave similarily, so
using IRC can cause an email address to be given out to spammers.
6. From a web browser.
Some sites use various tricks to extract a surfer's email address from the
web browser, sometimes without the surfer noticing it. Those techniques include
1. Making the browser fetch one of the page's images
through an anonymous FTP connection to the site. Some browsers would give
the email address the user has configured into the browser as the password
for the anonymous FTP account. A surfer not aware of this technique will
not notice that the email address has leaked.
email to a chosen email address with the email address configured into the
browser. Some browsers would allow email to be sent when the mouse passes
over some part of a page. Unless the browser is properly configured, no warning
will be issued.
3. Using the HTTP_FROM header that browsers send
to the server. Some browsers pass a header with your email address to every
web server you visit.
7. From IRC and chat rooms.
Some IRC clients will give a user's email address to anyone who cares to
ask it. Many spammers harvest email addresses from IRC, knowing that those
are 'live' addresses and send spam to those email addresses.
This method is used beside the annoying IRCbots
that send messages interactively to IRC and chat rooms without attempting
to recognize who is participating in the first place.
This is another major source of email addresses
for spammers, especially as this is one of the first public activities newbies
join, making it easy for spammers to harvest 'fresh' addresses of people
who might have very little experience dealing with spam.
AOL chat rooms are the most popular of those -
according to reports there's a utility that can get the screen names of
participants in AOL chat rooms. The utility is reported to be specialized
for AOL due to two main reasons - AOL makes the list of the actively
participating users' screen names available and AOL users are considered
prime targets by spammers due to the reputation of AOL as being the ISP of
choice by newbies.
8. From finger daemons.
Some finger daemons are set to be very friendly - a finger query asking for
john@host will produce list info including login names for all people named
John on that host. A query for @host will produce a list of all currently
Spammers use this information to get extensive
users list from hosts, and of active accounts - ones which are 'live' and
will read their mail soon enough to be really attractive spam targets.
9. AOL profiles.
Spammers harvest AOL names from user profiles lists, as it allows them to
'target' their mailing lists. Also, AOL has a name being the choice ISP of
newbies, who might not know how to recognize scams or know how to handle
10. By guessing and cleaning.
Some spammers guess email addresses, send a test message (or a real spam)
to a list which includes the guessed addresses. Then they wait for either
an error message to return by email, indicating that the email address is
correct, or for a confirmation. A confirmation could be solicited by inserting
non-standard but commonly used mail headers requesting that the delivery
system and/or mail client send a confirmation of delivery or reading. No
news are, of coures, good news for the spammer.
Guessing could be done based on the fact that email
addresses are based on people's names, usually in commonly used ways
(first.last@domain or an initial of one name followed / preceded by the other
Also, some email addresses are standard - postmaster
is mandated by the RFCs for internet mail. Other common email addresses are
postmaster, hostmaster, root [for unix hosts], etc.
11. From white and yellow pages.
There are various sites that serve as white pages, sometimes named people
finders web sites. Yellow pages now have an email directory on the
Spammers go through those directories in order
to get email addresses. Most directories prohibit email address harvesting
by spammers, but as those databases have a large databases of email addresses
+ names, it's a tempting target for spammers.
12. From a previous owner of the email address.
An email address might have been owned by someone else, who disposed of it.
This might happen with dialup usernames at ISPs - somebody signs up for an
ISP, has his/her email address harvested by spammers, and cancel the account.
When somebody else signs up with the same ISP with the same username, spammers
already know of it.
Similar things can happen with AOL screen names
- somebody uses a screen name, gets tired of it, releases it. Later on somebody
else might take the same screen name.