How do spammers get your email address? 
A common question I hear is how did all these spammers get my email address? If you are an old timer on the internet you remember the days when email addresses were harvested from newsgroups and web pages and so you used some sort of bogus email address when posting such as or whatever but now you do that and you still get a ton of spam. So you figured that someone sold you out and your beloved email address was sold by some less then honorable web admin somewhere. These methods are possible causes of why you get spam, but more likely its something else and no matter how careful you are, or what you do to hide, spammers will likely find you and send you their endless flood of junk (well over half of all emails sent on the internet are spam).

I have a couple of domains which I registered on the internet, but setup the accounts such that I receive all emails, no matter to whom they are addressed to at that domain. Each of these domains has a couple of active and real user accounts, but yet I receive tons of spam for accounts which have never existed, how is that? Many years ago when I was much more involved in internet security I was invited to participate in the teaching of internet security and the running of security labs and 'contests' and two of the 'contests' where dumpster diving and shredded paper reassembly (yes there were a lot of feds involved). So one thing I had to prepare was a list of user ids which I then created and gave to the organizers who then had a small fit as they thought the list I had given them was a list of actual users names within their 'organization', which then brought about the usual game of 20 questions as to how I obtained such confidential information being an outsider and all. Having to create these user lists meant a lot of typing and thinking of a lot of names etc, and being a coder I thought I'd much rather write a program and let it do the work for me, but where to get the names? A lot of governments post census information on their websites and in some countries part of the census information is statistics as to how common first and last names are. So I downloaded that information and fed it to a program I wrote which then used common user id naming conventions (for example last name appended with the first letter of the first name like mcneillb), so take those user ids and appended them with common ISPs/domains/etc and you have a ton of email addresses (ie or etc). This is what we see in our test spam domains, tons and tons of made up email addresses that look credible. Spammers now create email addresses to spam and if there is no actual account with a generated name then no, big deal the compromised system or otherwise spoofed source they used to send the spam, gets a notification message, they don't care as it isn't their bandwidth that is being used or anything.

So want to reduce your inbound spam, get yourself a truly unique user id like and the amount of spam you receive will be greatly reduced, however your desired email volumes will also likely be diminished as no one is going to remember your email address.


[ view entry ] ( 1683 views )   |  permalink  |  $star_image$star_image$star_image$star_image$star_image ( 3 / 2185 )

<<First <Back | 1 | 2 | 3 | 4 | 5 | Next> Last>>