Each minute of each day, there are thousands upon thousands of spam email messages flooding inboxes worldwide. Some of that email even goes out from what appears to be your very own email address! Where on earth do spammers get your email address? There are various ways – some are legitimate, and most are not.
Typically, spammers will “harvest” email addresses from legitimate websites, such as USENET groups, chat rooms, message boards, AOL profile pages, and special interest group postings. These are sites you have visited and requested more information from, or corporate sites where you may have placed an order.
The spammers collect these addresses using automated programs called spambots. Spambots are designed to harvest the email addresses from these websites. They scan every page on the site, collecting any text containing the symbol “@” they find. The email addresses they collect are compiled into a database, loaded into a bulk-emailing program, and out goes the spam. Often, these harvested email addresses are also sold to other spammers; once your email address makes it to a spammer’s mailing list, it will make it onto their fellow spammer’s lists.
Some websites require you to register before you can place an order or access certain parts of the site. Not all these websites will be as protective of your email address as you may wish. Newsgroups are particularly notorious for exposing their users’ email addresses to the spam gatherers. Most newsgroups do not take a great deal of care to hide the email of their users, and every email member’s email address is exposed and up for grabs by spammers. Some of the websites that ask you to register may also sell to spammers.
Another method commonly used by spammers is to target a domain. They simply guess or make up every possible variation of email address based on the domain name, for example, @yourDomain.com. They create a mailing list of these addresses and then spam them. Corporate emails are especially vulnerable, as their emails have a distinct format such as @BusinessName.com.
While most of the spam will bounce, it does not bother the spammers because they can and do send out millions of this type of junk mail a day. A small proportion of the emails will be legitimate and will receive spam – that is good enough for the spammer. This method of gathering email addresses is called a brute-force spam attack.
One way to defend against this is to make it more difficult for the spider to harvest your email. When you place your email address on a website, remove the @ symbol and replace it with the word “at.” This makes it far more difficult for the spam harvester to gather your address because it cannot be gathered mechanically; it can only be read by a human who is reading the site. Alternatively, you should display your email address as an image rather than as text.