How Do Spammers Get My Email Address?

Learn why you're receiving unwanted email, and how to stop it

Spam email on a computer screen
MichaelUtech / Getty Images

You open your email and see a flood of messages touting free consultations, sales, "breaking" news, and a host of other unwanted information. You didn't ask for any of it, so why is your inbox filled with spam email?

Many spam emails can be caught in a spam folder in your email program. Check your junk mail or spam filters to catch as much unwanted email as possible.

Four Ways Spammers Get Your Email Address

There are four main ways spammers get your email address. Here's a look at each method and what you can do to defend your inbox against these unwanted intrusions.

Buying Email Addresses From a List

Spammers purchase email addresses both legally and illegally. When you create an account on a website or service or make an online purchase, read the privacy policy carefully. Your email address could be sold to a marketing list, creating unwanted junk mail.

Dishonest employees of ISPs sometimes sell email lists via eBay or on the black market. Cybercriminals can also break in and steal ISP customer lists and then sell those addresses to spammers.

Using Harvesting Programs

Any text on a web page that contains the @ character is fair game for email harvesting programs. Spammers and hackers use complex automated tools to scan the web and gather email addresses. Spammers harvest email addresses from mailing lists, websites, chat rooms, domain contact points, and much more. Understand that if you list your email address online, a spammer will find it.

Dictionary Programs

Also commonly known as "brute-force attacks," dictionary programs generate alphanumeric combinations of email addresses in sequence. While many of the results are incorrect, these dictionary programs can create hundreds of thousands of addresses per hour, guaranteeing that at least some will work as targets for spam.

Dishonest Newsletter Services

Dishonest newsletter services will sell your email address for a commission. A very common tactic is to blast millions of people with a false "you have joined a newsletter" email. When users click on the Unsubscribe link, they are actually confirming that a real person exists at their email address.

After a spammer gets your email address, they feed it to their spamming software ("ratware") and then will often use botnets and falsified email addresses to spam you.

Protecting Your Email Address From Spammers

While there's no foolproof way to steer clear of spammers, there are a few manual techniques that can help hide your email address.

Disguise Your Email Address

One tactic is to hide your email address using obfuscation techniques. For example, insert strings, characters, or spaces into your email address when you post it online. Posting your email address as an image is another way to disguise it.

Use a Disposable Email Address

Another method is to use a disposable email address when you need an email address to sign up for something online, or you need to post online. When you use a disposable email address you're actually using an alias of your real email address. Move on to a new disposable address if one starts getting spam.

Use an Encoding Tool

To take the obfuscation a step further, use an email address encoding tool when you publish your address on your website or blog.

Delete Without Unsubscribing

If you receive an unsubscribe request from a newsletter you never actually subscribed to in the first place, simply delete the email. Don't follow the unsubscribe link, as that may just validate your email address for spammers.