How spammers really get your email address

People wonder how spammers get their email address. A common myth is that when you receive pornographic spam, it is the result of your visiting a pornographic website. This is not true.

Here are the actual methods that spammers use to get your email address:

1. Robot spiders are programs which crawl the web, visiting known web pages and then following all links to other web pages, collecting any email addresses which are listed on any web page. For example, if your company lists your email address on its web page, or you post something to usenet or a bulletin board, or you post to a blog or guestbook, your email address will be found by the robot spiders. Here are some counter techniques:
   • If you don't want one of your web pages containing email addresses to be scraped by robots, you could try to use the "robot exclusion standard" to mark your page as not wanting to be scraped. However, this is ineffective with spam robots, since they usually ignore this standard.
   • A clever trick is to include an image of your email address, instead of an actual mailto link or text version of your email. Human visitors will be able to read your email address in the image (although they won't be able to click on it to send email, or copy/paste it) but robots will be foiled. See safemailto for more info.
   • You can also create a CGI form on your website to let someone use to send you email, instead of publishing your email address. This is however a bit "formal" and will discourage casual users from sending you email.

2. Address book viruses will expose all of the email addresses on your computer. So all you need is one person with your address to catch such a virus, and you are toast.
3. Domain name registration records have been spidered, so if you have ever purchased your own domain name (in general, this is a good thing to do), the spammers will find you.
4. Random addresses are tried by many spam sending programs for popular domain names such as aol and yahoo and hotmail. Given the tens of millions of addresses in each such domain, the spam programs realize that they can make up almost any name to the left of the @ and more often than not, it will hit a real address.
5. Unsubscribing from a spam in fact usually verifies to the spam program that you are a sentient being, and results in you then getting a lot more spam.

Back to Paul's spam page.