How spammer gets your mail id?

Every day we get spam mails from unknown persons. Sometimes we delete them without reading, and at best we report these messages as spam to the respective email providers. Have you ever wondered from where these people get your mail ids? How do they manage to harvest our email ids?

Well, there are innumerable ways to get the addresses. I will try to outline a few of them below.

1. Mailing Lists

There are a lot of websites that sell email ids that are harvested using many of the methods detailed below. There are companies who get the email addresses legitimately and sells the list for some extra income. An example would be a magazine that asks subscribers for their email in order to keep in touch and send updates. These email addresses may include the ones that a company receives through other means as well. For example, people who just emailed the company with any inquiries or complaints.

Spammers regularly try to get the lists of subscribers to mailing lists, knowing that the email addresses will be live and that only a few of the addresses are likely to be invalid. Some mail servers will even provide these ids upon request. When mail servers refuse such requests, spammers use another trick to get the lists. They will send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: Those headers would cause some mail transfer agents and programs to send back emails saying that it was delivered or read at a given email address, disclosing it to spammers. Another technique used by spammers is to request mailing list servers to send back a list of all mailing lists they carry. This is an option implemented by some mailing list servers for the convenience of legitimate users. They then send the spam to the mailing list’s address, leaving the server to do the hard work of forwarding a copy to each subscribed email address.

Some sites request various details for their guest books and registration forms. Spammers can get email addresses from those either because the forms are available on the net, or because the site sells or gives the email list to others. Some companies would sell or give email lists on paper forms. For instance, event organizers make lists of participants’ email addresses then sell the lists once the event is over. Some spammers actually type email addresses from professional directories and other printed materials available. Domain name registration forms are another favorite source of the spamers. Addresses are most usually correct and updated, and people actually open the emails sent to them expecting important messages.

2. Web Pages

Spammers use software programs that spider through web pages, looking for email addresses, for example, email addresses contained in mailto: HTML tags that you can click on and get a mail window opened.

3. Previous Owner Of The Email Address

People sometimes dispose their email address after using it for some time for a variety of reasons. This might happen with dialup usernames at an Internet Service Provider. Someone signs up for an ISP, has his or her email address harvested by spammers, then cancels their account. When someone else signs up with the same ISP with the same username, spammers already know of it. Similar things can happen with AOL screen names – somebody uses a screen name, gets tired of it and cancels it. Later on someone else might take the same screen name. Sometimes email accounts are created for some specific purpose and later discarded.

4. Yahoo People Search

Yahoo people search will show results with email addresses which can later be extracted using email extractor softwares easily.

5. Hacking

Sites that supply free email addresses are sometimes hacked in order to get the list of email addresses, similar to e-commerce sites being hacked to get a list of credit cards.

6. Accessing Same Computer

If a spammer access a computer, they can get a list of valid usernames and email addresses from that computer.

7. Address Book And Emails On Computers

Some viruses and worms spread by emailing themselves to all the email addresses they can find in the address book present in the computer they infect. Some people forward jokes or anything that they find interesting by email to their friends, putting their friends’ email addresses on either the To: or CC: fields, rather than the BCC: field. These worms and viruses scan the mail folders too for email addresses that are not in the address book. Such viruses, malwares and spywares will not only spam copies of itself, but also send the extracted list of email addresses to it’s creator.

8. Guessing

Spammers sometimes guess email addresses and send a test message to those ids. Then they wait for either a confirmation or an error message to return by email, indicating the status of the ids. A confirmation could be obtained by inserting mail headers requesting the delivery system or mail client to send a confirmation of delivery or reading. Another method of confirming valid email addresses is sending HTML in the email’s body, and embedding an image. Mail clients like Outlook and Eudora decode the HTML by trying to fetch the image. Some spammers put the recipient’s email address in the image’s URL, and check the web server’s log for the email addresses of recipients who viewed the spam. So it’s good advice to set the mail client to *not* preview rich media emails, which would protect the recipient from both accidentally confirming their email addresses to spammers and viruses. Guessing could be done based on the fact that email addresses are based on people’s names.

9. Web Browsers

Some sites use various tricks to extract a surfer’s email address from the web browser, sometimes without the surfer noticing it. Those techniques include :

(a) Making the browser fetch one of the page’s images through an anonymous FTP connection to the site. Some browsers would give the email address the user has configured into the browser as the password for the anonymous FTP account. A surfer not aware of this technique will not notice that the email address has leaked.

(b) Using JavaScript to make the browser send an email to a chosen email address with the email address configured into the browser. Some browsers would allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning will be issued.

(c) Using the HTTP_FROM header that browsers send to the server. Some browsers pass a header with your email address to every web server you visit. When somebody reads email in a browser they should be aware of active contents like Java applets, Javascript, VB, etc and web bugs. An email containing HTML may include a script that when opened automatically sends email to any email address. Melissa virus is a good example of this. Scripts like this could send the spammer all the addresses on the reader’s address book.

10. AOL Profiles

AOL being the choice service provider of new users, who might not know how to recognize scams or know how to handle spam. Spammers use these profiles to harvest email addresses.

11. Internet Relay Chat and Other Chat Rooms

Some IRC clients will give a user’s email address to anyone who requests it. Many spammers harvest these live email addresses from IRC, and send spam to those ids.

12. Social Engineering

Spammers sometimes use a hoax to lure people into giving them valid email addresses.

Richard’s “Free CD’s” chain letter will be a good example of this method. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is sent to Richard too.

[Hi. My name is Richard. I am the president of the Cyber Promotions for Columbia House. We are in a fierce competition with companies such as and Music Blvd, among many others. Because of this, I have been authorized to offer 10+ free CD’s of your choice to any person who participates in our promotion. All you have to do is send this message on to your friends! Yes, it is that simple. Now you are wondering how many CDs you get, and how to get them. It all depends on how many people you send this message to. You are required to send this email to the following address to receive your first 10 CDs : In addition, you get another CD for every person you forward this to. For example, if you send this to Cyber Promotions, along with 10 of your friends, you would receive a total of 20 CDs.]

All the author of the hoax wanted was to get people to mail valid email addresses to him so that he can build a list of addresses to spam or sell later.

13. UseNet

Spammers scan UseNet for email addresses using ready made software programs designed to do just that. Some programs designed to look at article headers which contain email addresses, while other programs check the articles’ bodies. They take everything that contain the ‘@’ character and attempt to decipher email addresses. People who gets spammed say that spam frequency to their mailbox dropped sharply when they do not post to UseNet.

14. Domain Contact Points

All domains have one to three contact points: administration, technical, and billing. The contact point includes the email address of the contact person. Since the contact points are freely available spammers harvest the email addresses from the contact points for lists of domains. This is a tempting method for spammers, as those email addresses are most usually valid and mail sent to it is read regularly.

15. White Pages And Yellow Pages

There are various sites that function as white pages, sometimes called people search sites. Yellow pages have an email directory on the web.Those white and yellow pages contain addresses from various sources. For example, HotMail will add email addresses to BigFoot by default, making new addresses available to the public.

16. Finger Daemons

Finger Deamon is a service that normally runs on port 79 and was originally intended as a digital businesscard for people.Some finger daemons are set to be very friendly. A finger query asking for joe@host will bring out a list info including login names for all people named Joe on that host. A query for @host will produce a list of all currently logged-on users. Spammers use this information to get extensive users list from hosts.

I am sure there will be many more ways by which spammers try to harvest your email addresses. If the readers could contribute to this list it will be very useful for all.

Now lets have a look at what we can possibly do prevent it or things we can do if spammed.

As invisible email addresses can’t be harvested, it will be a good idea to have the email addresesses of recipients of forwarded emails on BCC:. If forwarded from somebody else, remove all the email addresses inserted by the previous sender from the email’s body.

If your email is harvested by somebody and you get spammed, the following links will help you to track the spammer down.

Originally posted by: SunSeven here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s