How Spammers Get Your Email Address

Where the bad guys look for them, and how to prevent them finding yours

A new email notification popping out of a laptop

vladwel / iStock

All it takes to get on the mailing lists used by spammers is an email address. There's no need to sign up for anything or ask for email; it just starts coming. What's frustrating is that spammers find your mailbox when sometimes even good friends don't.

Dictionary Attack

Big, free email providers such as Gmail and Yahoo Mail are a spammer's paradise, at least when it comes to finding spammable addresses.

Millions of users share common domain names, so the spammers already know what comes after the @ sign (for example, Guessing what comes before it isn't that difficult, which is something you'll soon discover when you try to sign up for a new email address as most of the good ones are already taken. Therefore, finding email accounts to spam is just a matter of combining random usernames with the domain name.

Taken email address in Gmail.

To beat this type of spammer attack, use long and difficult user names in new email accounts.

Brute Searching Force

Another tactic employed by spammers is to search common sources, such as web forums, chat rooms, and web-based interfaces for email addresses. They deploy robots to scan web pages and follow links. These address-harvesting bots work a lot like search engine bots, but they're not after the page content, just strings with the @ sign somewhere in the middle and a top-level domain at the end.

If you post your address on your website or blog, you can encode it so visitors who want to send you an email can see and use it, but spambots cannot.

Worms Turning Infested PCs Into Spam Zombies

To avoid being detected and filtered, spammers seek to send their emails from a distributed network of computers, ideally machines that don't even belong to them, such as those of unsuspecting users.

To build such a distributed network of spam zombies, spammers cooperate with virus authors who equip worms with small programs that can send bulk emails. These spam-sending engines even scan each user's address book, web cache, and files for email addresses, which offers yet another chance for spammers to catch your address.

Keep your email program updated and patched, be wary of any attachments you didn't request, and run regular antivirus scans with a free, up-to-date scanner.