Are you trying to figure out how spammers find your email address to send you their pesky emails? If so, look no further. Here are six common ways spammers get your email address.
1- Crawling the web
Spammers use "crawl and scrape" or "harvesting" programs to scour web pages for the "@" sign. Since every email address contains the "@" sign, it is easy for harvesting programs to identify and collect publicly posted email addresses. Email addresses visible on social media profiles, "contact" sections of websites, and forums, are all vulnerable to harvesting programs. Harvesting programs can crawl and scrape thousands of addresses per hour to rack up massive lists of email addresses.
2- Buying Lists
Similar to password cracking tools, spammers use "dictionary" or "brute force" programs that essentially make a plethora of good guesses of potential email addresses. The dictionary programs spit out sequential numeric and alphabetic combinations of email addresses. For example, guesses may include common user names paired with common domains such as "email@example.com", "firstname.lastname@example.org", "email@example.com", etc. The extremely fast rate that dictionary tools can generate these guesses and the essentially free cost of sending emails make this method appealing to spammers. Even though many of the guesses may not actually be real email addresses, the sheer quantity of guesses will yield some valid ones.
Email addresses can be leaked from companies with large account databases. Typically the leaking is done by employees of the company or hackers. Leaking is not uncommon. Macy's, Sears, Adidas, Delta, and Panera Bread are just some of the many major companies that have experienced leaks in 2018 alone. Email addresses leaked from these companies are particularly valuable to spammers because most of them should be active. Spammers can buy these leaked email addresses on the dark web or eBay.
One sneaky tactic spammers can implement is sending you a fake "welcome to the newsletter" or "thank you for subscribing" email. At the bottom of every newsletter is a link you can click on to unsubscribe. However, in these fake newsletter emails, the "unsubscribe" link is rigged in such a way that clicking on it confirms to the spammers that there is a real person using the email address. Upon confirming the validity of an email address, spammers will target it with spam mail because they know they have a shot at reaching a real person.
Phishing is when spammers disguise themselves as a false service or identity to "bait" you into giving out your personal information. Phishing can be executed in many forms, such as calling you and pretending to be a bank, sending you a message on Facebook from an account that copied the photos from one of your friends, or sending you an alarming email while pretending to be part of the government. Usually the disguise used in phishing is a trustworthy or reputable source, that way spammers can lure you into a false sense of security.
Spammers have many ways of obtaining your email address. The ever-evolving nature of the internet will inevitably create more opportunities for spammers to blast you with junk mail. Be careful where you post your email address and who you share it with.