Why we get Junk Mail (SPAM)

How Spammers Get Your Email Address

Spammers seem to have supernatural powers that enable them to guess email addresses accurately and quickly. But in reality, spammers harvest email addresses by pretty mundane means. You may even be contributing to the problem without realizing it. Here's the scoop on how spammers get email addresses, and steps you can take to protect your inbox.

Is Your Email Address Vulnerable to Spammers?

It can be maddening when your email inbox gets a fresh load of spam dumped into it. Equally frustrating is when spammers spoof your address as the sender, and your friends all start asking why YOU are sending them unwanted sales pitches for dubious products. Understanding how spammers get ahold of your email address can help to prevent both of these problems. Using web-crawling "spider" programs (not unlike the ones Google uses to index Webpages) spammers hunt down email addresses by looking for the telltale "@" symbol. Working swiftly and ceaselessly, spiders can harvest millions of email addresses automatically. To avoid being bitten by a spider, don't put your email address on the Web. That means not posting it to online forums or personal web pages. Scan the web with a Google search to see where your email address is available, and work towards becoming invisible. If you must make your email address visible in public, you can obscure your address by avoiding the "@" symbol, i.e., use "joe at byui dot edu" instead, or create an image with the address instead.

"Dictionary attacks" are another standard way to collect email addresses. Spammers generate emails to made-up addresses, accepting millions of bounce-backs in exchange for a handful of replies from valid addresses. That's why the first rule of dealing with spam is "don't reply to it." Doing so just tells the spammer that you are a "live one" and worth hitting with more spam. 

Margaritaville? Huh?

With apologies to Jimmy Buffett, some people claim that there's a hacker to blame, but you know, it's your own &*%$ fault sometimes. Many people simply hand over their email addresses, no questions asked, just to get access to a contest, some free program, a ringtone, or other supposed "valuable prize." It's a good idea to have a "throwaway" email address that you can enter into Web forms, rather than using your everyday address. And if you have an email password that's easily guessable, spammers may hack into the email account and steal all of the contacts stored there. If your computer is not adequately protected from viruses, spyware and phishing attacks, all of the people in your email address bookare vulnerable to spam attacks as well. Some people believe that email forwards play into the hands of spammers, because they accumulate a large number of addresses as the message spreads from one person to another. I'm not so sure this actually works, because there's no easy mechanism for the bloated messages to return to the spammer. But I will certainly agree that blindly forwarding every silly story doesn't contribute anything positive to the Internet. Cambodian midgets fighting lions? Nigerian prince wants your help transferring money? Really?? If you're tempted to forward something that seems dubious, check it out on Snopes.com before hitting the Send button. Hacking into a major company's databases can yield millions of high-quality email addresses at once, not to mention even more valuable data such as credit card numbers, Social Security Numbers, etc. Not long ago, Chase Bank was hacked, and 76 million customer email addresses were exposed. It seems every month another massive data breach makes news, affecting millions of consumers. There's not much you can do to prevent this, except hope that the companies you do business with have good security protocols in place. Spammers also trade in lists of email addresses. A list of a million addresses goes for as little as $100. Some online crooks don't even mail spam, but make their living harvesting and trading email addresses. Your supposedly legitimate business associates (or any website where you hand out your email address) may be selling you out to spammers, though they may think of the spammers as "trusted partners." Before signing up to any mailing list, make sure you know what the email privacy policy is. Opt out of allowing your email address to be shared with third parties for any reason, if possible. It's almost impossible to hide your email address from spammers completely. At the least, you'll probably get a blind dictionary attack spam, eventually. But think before you give your email address to any website. The fewer entities that have your email address, the less spam you will receive. Keeping your own computer secured, and encouraging your friends and family to do likewise will also help.