If you’ve ever wondered how spammers get your email address, you’re not alone.
There are five ways that spammers harvest people’s email addresses.
- Spammers will illegally buy lists of real people’s email addresses.
- Spammers will use “harvesting” programs that scour the Internet like Google and copy any text that contains the “@” character.
- Spammers will use “dictionary” (brute force) hacking programs to try to guess the email addresses.
- You will unwittingly volunteer your email address to dishonest subscribe/unsubscribe online services.
- Hackers attempt to hack into less-secure websites and steal all their members’ information.
Buying Illegal Lists of Real Email Addresses
Dishonest employees of ISPs will sometimes sell information that they take from their servers. Often you can buy the email addresses on the black market or eBay. From outside the ISP, hackers can also break in and steal ISP customer lists and then sell those addresses to spammers.
Harvesting Programs or “Crawl and Scrape” Programs
Any text on a web page that contains “@” character is fair game for these programs, and lists of thousands of addresses can be harvested within an hour via these robotic harvesting tools or scripts.
Dictionary Programs
Also commonly known as “brute force programs,” are the third means to get spam target addresses. Just like hacker programs, these products will generate alphabetic/numeric combinations of addresses in sequence. For example, [email protected] While many of the results are incorrect, these dictionary programs can create hundreds of thousands of addresses per hour, guaranteeing that at least some will work as targets for spam.
Dishonest Subscribe/Unsubscribe Newsletter Services
Dishonest newsletter services also sell your email address for a commission. A very common unsubscribe tactic is to blast millions of people with a false “you have joined a newsletter” email. When users click on the “unsubscribe” link, they are actually confirming that a real person exists at their email address.
Steal user accounts from compromised websites
Some websites are lack of security with username says administrator with an easy password. Some websites even let hackers into their database using SQL-injection. Once they have access to the database, the hacker can gain access to all the registered members’ account information.