Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

8 Ways Spammers Get Your Email Address

They have so many.

Spam is annoying. What's more annoying are all the ways spammers have to get our email addresses in the first place.
An image showing the annoyance of spam emails. Depict an overflowing email inbox with spam messages, a frustrated person looking at their computer, and various sources of spam like social media, phishing attempts, and data breaches illustrated around the scene.
(Image: DALL-E 3)
Question: How do so many individuals on the internet get my email address and consistently send me junk email?

To be clear, it's rarely individuals. These days, spam is more likely to be sent by organizations that specialize in it.

Spam is big business, and we all get spam sooner or later.

Usually sooner.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

How spammers get you

Spammers get email addresses through data breaches, purchased lists, website and social media harvesting, guessing common formats, phishing attempts, public records, and malware. With so many sources available, spam is inevitable. There's no perfect solution. Just mark it as spam and move on.

There are many ways spammers harvest email addresses. These are perhaps the most common.

1. Data breaches

This might be the most common way your email address gets into spammers' databases. A company or service you use that has your email address as a legitimate part of their records suffers an intrusion and data breach. Hackers collect the information and either turn it over or sell it to spammers.

Given all the worry about the various kinds of information exposed in data breaches, email addresses are probably the most common. And the most common result?

You get more spam -- sometimes crafted to look like it came from the breached organization.

2. Buying or renting lists

Although frowned upon, lists of email addresses can be purchased.  A company with a collection of email addresses for whatever reason can sell that list and make a few bucks.

Marketers generally know better, but some do not. Especially when they're starting with nothing, purchasing a list is often a place spammers start.

3. Website harvesting

I've talked about this in the past: posting your email address anywhere public means it's available for spammers to copy. Automated tools scan websites, automatically detect email addresses, and add them to the spammer's list.

4. Social media harvesting

This is like website harvesting because social media platforms are essentially just websites, but it deserves special notice. We often think our information on social media is private, but all too often we discover it's not. Occasionally, email addresses leak, and spammers harvest them.

5. Guessing

Seriously. Guessing. If you have a sometimes-coveted first-name@ email address (like leo@), you're going to get more spam. Spammers just grab a list of common names and start sending spam to them whether or not they actually exist.

Similarly, first-initial-last-name is also a common email address construction (like msmith@), so even if only your name is visible somewhere, spammers may try that construct to send you spam.

And of course, much like passwords, if they've seen an email address in the form "somethingodd@somerandomservice.com", they'll try "somethingodd@" all the popular email services as well.

6. Phishing

If you fall for a phishing attempt by clicking on a link in a fraudulent email that takes you to a fake sign-in screen, you might hand over not only your password but your email address as well. Regardless of what you do about the potential password compromise, your email address is now on their lists.

7. Public records

I think this surprises many people, but many public records these days are online and often contain the email addresses of the individuals involved. This is much like website harvesting above, but it's tailored to extracting information from the interface of public records portals and databases.

8. Malware

It's not as common as it once was, but it's still a threat. Malware can, of course, do anything.

  • It could examine your email account configuration, log your keystrokes, or many other things to capture the email addresses you use.
  • Someone else could have malware that examines their address book and finds your email address.

Do this

Spammers have so many sources of email addresses at their disposal that it's no wonder there's so much spam.

Unfortunately, there's no magic bullet. My advice remains the same as it's always been.

  • If spam lands in your spam folder, that's the system working as it should.
  • If spam lands in your inbox, mark it as spam and move on.

No spam here! How about subscribing to Confident Computing? Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

7 comments on “8 Ways Spammers Get Your Email Address”

  1. i get phone calls from places i`ve never heard of, when i ask them how they got my number, they tell me they have a random dialer, even though my number is unlisted it still gets dialed. i`ve read there is an equivalent of an email phone book, they can just try every email in the book.

    Reply
  2. 30 years ago, when email was becoming popular someone I knew had an emai address which was her lastname plus 4 digits @aol.com. She said it was to avoid junk email by making it harder to guess an address. That was before spam was called spam. I thought she was crazy, but she was right.

    Reply
  3. I taught at a university that posted our email addresses on their website. We got lots of spam from book companies who thought it was their right to send us spam. I marked those emails as spam to hopefully penalize them for sending unwanted, unsolicited email whih is the definition of spam. Posting our addresses opened us up to more spam from professional spammers. They used the format name [at] university’s domain .de. Duh! spammers’ bots are sophisticated enough and can easily reconstruct the email address.

    Reply
  4. #9. Email addresses (and mailing addresses, phone numbers, etc.) harvested by apps that ask you to share your contacts. Don’t do it!

    Reply
    • If you need to supply an email address to sign up for a website or download an app, etc., get a throwaway email address. I use Yahoo for that and their spam filter is so good, I almost never see spam in my inbox. Yahoo almost negates the need for a throwaway email address. Gmail’s spam filter is even better.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.