How do spammers harvest email addresses ?

Tuesday, 06 November 2012
(1 Vote)

How do spammers harvest email addresses ?

There are many ways in which spammers can get your email address. The ones I know of are : If you want to know about this pls read more and leave comment .... ;)

Spam is the closest thing we’ll ever find to an Internet plague. No matter who you are, spam will one day find you and you’ll have no choice but to put up with its pestilence. It’s a pandemic that people have been trying to fight for decades, yet it’s still as strong as ever. But how do spammers find you in the first place?

The primary method of spamming is through email. So, logically, you might think that as long as spammers don’t grab a hold of your email address, you should be clear from its reach, right? But it’s not that simple. Spammers have had many years to innovate and perfect their techniques, and as it turns out, they have a whole bunch of ways in which they could lay hands on your email address.

As always, knowledge is power. If you know the techniques that spammers use, then you’ll be better equipped to at least hinder them. Instead of 500 spammers knowing your email address, maybe only 5 will know it. To me, that’s better than nothing.

Mailing Lists

One of the oldest methods that spammers have used to harvest email addresses has been through mailing lists. It makes sense; mailing lists are basically compilations of valid email addresses already. But the specifics of it may be a surprise.

Mailing list services observe certain protocols to help prevent the leakage of their email addresses to outside sources. If a mailing list service was known for a lack of email address protection, their customer base would dwindle. Even still, spammers often make requests from mailing lists to obtain a list of all the people subscribed to that list. The services will frequently deny these requests–but sometimes it works.

Furthermore, spammers can actually request a list of all mailing lists rather than a list of all the individual email addresses. They then send spam email to the mailing lists themselves, which is then sent out to all the hidden addresses on those lists.

Unsubscribe Links

On the topic of mailing lists, here’s another method that spammers sometimes use–and it’s a tricky one. If you’ve ever been subscribed to a newsletter or mailing list, you should know that at the bottom of every email they usually have an unsubscribe link.

Now, for most legitimate businesses, this unsubscribe link will do exactly what it’s supposed to do. If you’re receiving a newsletter from somewhere and it’s a newsletter that you purposely signed up for, then there shouldn’t be any problem with unsubscribing later.

But sometimes you’ll get spam email that poses as a newsletter and presents you with an unsubscribe option. In this case, that link could very well be deceptive.

Spammers send out these kind of emails en masse to randomly generated email addresses. By clicking on the unsubscribe link, you could actually be confirming the validity of your email addresses. This tells the spammer that your email address should be targeted with spam later.

Brute Force

And that brings me to the next method: brute force generation. In other words, the shotgun approach to finding email addresses.

Every email address is designed with a specific structure: [name]@[domain].[com/net/org/etc]. The domain part is easy to figure out since all you have to do is look for the most popular email services and use that as a basis.

So the only important part, really, is the [name] section. At this point, the spammer can just generate a bunch of random letter-and-number combinations and send out emails to [randomly-generated-name]@[popular-domain].com. For example:

    [email protected]
    [email protected]
    [email protected]

Suppose your email address was johnsmith700 Eventually, the randomly generated email will hit your real email address and send out spam to you.

Over the course of one spam campaign, a spammer could generate millions and millions of random email addresses. If even 1% of those email addresses are legitimate, that’s still a ton of people who have to deal with spam.

Web Crawler Bots

Another common tactic is to use bots (called crawlers) that crawl through webpages, searching for email addresses that are laid out in the open. This might sound scarier than it actually is, so let me explain.

Every time you access a certain web page, the contents of that web page are sent to you through the Internet and then your browser is responsible for displaying that data to your screen. However, spammers have coded programs that request web page data from web servers without having to use a browser.

Once the data comes in, the program can quickly read through all of its contents and determine if there are any email addresses on that web page. If there are, they’re stored away into a database. And because these programs are only requesting data (not displaying it), they can go through a ton of web pages quickly.

So what kind of web pages do they crawl? Forums are a popular target. User profiles on forums often have user email addresses out on plain display. These web bots can crawl through the entire members list of a forum and pull out tons of email addresses there.

Another popular target is social networking websites. Visit the profile of one of your friends on Facebook and chances are you’ll see their email address. If you can see it, it’s likely that a bot can see it, and if a bot can see it, that email address will be stored away for spam.

Obtaining Email Databases

Lastly, sometimes all a spammer has to do is offer up some cash and they’ll land themselves a hefty list of valid email addresses. That’s right: some companies will sell their database of email addresses in exchange for a lot of money.

Any time you register on a website or sign up for a newsletter, your email address gets inputted into a server-side database. This could be for anything–online games, forum accounts, social networking services, news outlets, blogs, what have you. Whenever you enter your email address into an online form, the risk is there.

“But what about privacy policies?” you might ask. Well, not every company practices honesty and integrity. Sometimes a company will build up a large pile of email addresses then give their own privacy policy the middle finger. Most of the time, however, email address leaks are usually performed by a single rogue employee who has high-level access.

More rarely, spammers will hack into company databases and steal their email addresses without their knowledge.

Now that you know about the various ways in which spammers can obtain your email address, it’s your responsibility to be more protective over your information. Like with any piece of personal data–credit card numbers, social security numbers, home addresses and phone numbers–be diligent in keeping it off the Internet.

Source: makeuseof


Is it not a great idea to follow me to be recieve my last posts? Follow me now!

Follow me on Twitter, Like me on Facebook or Subscribe on YouTube


3426 times

Monday, 06 October 2014

Ibrahim Jabbari

I am Ibrahim Jabbari Web Designer / Developer since 2006, This is my blog, I'll share my experiences, Useful resources and all update news from IT world with you all, I hope you enjoy surfing my blog. Connect with me on Facebook, Twitter and and Instagram.