This week has been a bit of a beating, peppered with fraud alerts and security patches that must be applied NOW—or else. From that perspective, spam email is just a a minor inconvenience that barely registers. But we do understand that spam is a major annoyance for many of our clients. If you’ve ever wondered how spammers found your email address, and what you can do about it, this blog post is for you. Below we’ll discuss the top ways spammers find you:
Dictionary Harvest Attacks
A dictionary harvest attack occurs when spammers attempt to find valid email addresses by randomly sending mail to common mailbox names for a domain. Some examples of these email addresses are [email protected] or [email protected]. We recommend changing these up to something a little more interesting and unusual, like [email protected].
Additionally, spammers will often try guessing email combinations with popular names and services, just to see if they work. For example, a spammer might send an email out to [email protected]. If you have a a popular name or an email address that combines your first and last name at a well-known email service such as Gmail, Yahoo, or Outlook, you may be more susceptible to spam.
Email Harvesting
There are a number of different methods spammers use to nefariously harvest emails. Once spammers identify your email address as valid and responsive, it goes on a spam list, which may then be traded or sold in bulk. As you can imagine, the spam problem is then magnified as your email address gets passed around.
Scraping from the Web
If your email address is listed on the web anywhere, it can be picked up by a spammer. Spam bots scan the text of thousands of websites a day and add any email addresses they find to their spam lists.
Signup Forms
Perhaps you provided your email address to a website when you signed up for a newsletter or commented on a post, and they gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through a security exploit.
Leaked Account Databases
You’ve probably heard on the news that large organizations like Adobe, LinkedIn, eHarmony, Gawker, Last.fm, Yahoo!, Snapchat, and Sony have been compromised in the past few years. The top worry at the time was the leaking of passwords and credit card information. But they also leaked lots of email addresses too, which allowed spammers to download them and them to their email lists.
You can use a service like Have I been pwned? to tell you if your account information might have been leaked. It doesn’t cover every leak, but it is nice to know.
Clicking a Link in a Spam Email
If you do get a spam email, don’t click the links in it. If you see an “unsubscribe” link in an email that looks unprofessional and scammy, the spammer might just be using it to note if you click it and identify your email address as active. (Legitimate companies sending email through Constant Contact, Mailchimp, etc., are not trying to spam you, so it’s safe to click “unsubscribe” in those types of emails.)
Also, don’t click the option to “load images” in spam emails. If you do, the spammer will know you opened the email and can flag your email address as active, thereby generating more spam.
Bad Forwarders
Sometimes a spammer acquires an email address when you send an email to someone, and they forward it to someone else. Or perhaps someone sent you an email also addressed to other recipients. Think about those emails full of heartwarming photos that your aunt forwards to you and 100 other people every day, with all of their email addresses clearly visible in the To or CC field. That’s perfect fodder for a spammer.
Old School Business Cards
If your email address is on your business card and it falls into the hands of spammers, they might choose to add you to their mailing list without your permission.
More Serious Concerns
- If your computer or a workstation on your network has a virus or other malware that records your keystrokes, sniffs packets (i.e., reads everything transmitted over your Internet connection), or directly reads active email accounts from popular email software, you may see an increase in spam. Obviously, this is a symptom of a much larger problem, and the malware needs to be dealt with immediately.
- A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses. Or a hacker may have guessed or otherwise obtained the control panel login information for your website. Again, spam is likely the least of the concerns, as a hacked website is debilitating to your business.
- Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed that allows spammers to collect your email address.
Our Advice to Minimize Spam
Note that we didn’t say “prevent spam.” There’s no way, unfortunately, to completely prevent it, but here are a few ways you can stem the tide:
- Be careful about giving your email address to websites.
- Use a disposable email address to sign up for a newsletter, website, or service that you don’t trust absolutely.
- Don’t open spam when you receive it.
- Keep your computers free of viruses and malware.
- Ensure your website is free of malware and security vulnerabilities.
- Use secure passwords.
- If a friend (or aunt!) is sending to a large recipient list, request that she use BCC instead of To or CC, so that other recipients cannot see your email address, or request they stop including you if you do not want to receive the emails. (Easier said than done!)
- Do not list your email address on the web.
Inundated with spam and can’t take it anymore. We can help! Contact us for a consultation any time.