How Do Spammers Get My Email Address?

Office worker with metaphorical spam email at desk

Tim Robberts / Getty Images

If you've ever wondered how spammers get your email address, you're not alone. There are four ways that spam senders get people's email addresses:

  1. Spammers will illegally buy lists of real people's email addresses.
  2. Spammers will use "harvesting" programs that scour the Internet like Google and copy any text that contains the "@" character.
  3. Spammers will use "dictionary" (brute force) programs like hackers.
  4. You will unwittingly volunteer your email address to dishonest subscribe/unsubscribe online services.

Buying Illegal Lists of Real Email Addresses

Dishonest employees of ISPs will sometimes sell information that they take from their work servers. This can happen on eBay or on the black market. From outside the ISP, hackers can also break in and steal ISP customer lists and then sell those addresses to spammers.

Harvesting Programs or "Crawl and Scrape" Programs

Any text on a web page that contains "@" character is fair game for these programs, and lists of thousands of addresses can be harvested within an hour via these robotic harvesting tools.

Dictionary Programs

Also commonly known as "brute force programs," are the third means to get spam target addresses. Just like hacker programs, these products will generate alphabetic/numeric combinations of addresses in sequence. While many of the results are incorrect, these dictionary programs can create hundreds of thousands of addresses per hour, guaranteeing that at least some will work as targets for spam.

Dishonest Subscribe/Unsubscribe Newsletter Services

Dishonest newsletter services also sell your email address for a commission. A very common unsubscribe tactic is to blast millions of people with a false "you have joined a newsletter" email. When users click on the "unsubscribe" link, they are actually confirming that a real person exists at their email address.

How to Defend Against Spammers Harvesting Your Email Address

There are multiple manual techniques to hide from spammers, including:

  1. Disguise your email address using obfuscation.
  2. Use a disposable email address.
  3. Use an email address encoding tool for publishing your address on your website or blog.
  4. Avoid confirming an "unsubscribe" request from a newsletter you do not know. Simply delete the email.

What Happens When the Spammer Gets Your Email Address?

Spammers feed your email address to their spamming software ("ratware"), and then will often use botnets and falsified email addresses to spam you.