Tuesday, March 23, 2010

How Spammers Get Your Email Address

Each minute of each day, there are literally thousands upon thousands of spam email messages flooding inboxes the world over. Some of that email even goes out from what appears to be your very own email address! Where on earth do spammers get your email address? There are various ways - some are legitimate, and most are not.
Typically, spammers will "harvest" email addresses from legitimate web sites, such as USENET groups, chat rooms, message boards, AOL profile pages and special interest group postings. These are sites you have visited and requested more information from, or corporate sites where you may have placed an order.

The spammers collect these addresses using automated programs called spambots. Spambots are designed to harvest the email addresses from these web sites. They scan every page on the site, collecting any text containing the symbol "@" they find. The email addresses they collect are compiled into a database, loaded into a bulk-emailing program and out goes the spam. Often, these harvested email addresses are also sold to other spammers ; once you email address makes it to a spammer's mailing list, it will make it onto their fellow spammer's lists.

Some websites require you to register before you can place an order or access certain parts of the site. Not all these websites will be as protective of your email address as you may wish. Newsgroups are particularly notorious for exposing their users' email addresses to the spam gatherers. Most newsgroups do not take a great deal of care to hide the email of their users, and each and every email member email address is exposed and up for grabs by spammers. Some of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply guess or make up every possible variation of email address based on the domain name, for example @yourDomain.com . They create a mailing list of these addresses and then spam them. Corporate emails are especially vulnerable, as their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers because they can and do send out millions of this type of junk mail a day. A small proportion of the emails will actually be legitimate and will receive the spam - that is good enough for the spammer. This method of gathering email addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to harvest your email. When you place your email address on a web site, remove the @ symbol and replace it with the word "at." This makes it far more difficult for the spam harvester to gather your address, because it cannot be gathered mechanically; it can only by read by a human who is actually reading the site. Alternatively, you should display your email address as an image rather than as text.

No comments:

Post a Comment