Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why shouldn't I include my email address in a Twitter post or 'tweet'?

Question:

I included my email address in a 'tweet' on Twitter, and someone
told me I shouldn't. Why?

I made that question up, because I noticed today that masses of
people are doing exactly that: including their email addresses within
posts they make on Twitter.

You really, really, really don't want to do that.

The reason is an old answer: spam.

]]>

Twitter in many ways defies description. It's been called a "micro blogging" site, a "community IM" tool, and a bunch of other things. The bottom line is that you post messages of up to 140 characters, and anyone following you can read them.

You'll note I'm on Twitter, and currently include my three most recent posts, colloquially called "tweets", on the right side of my pages. (Feel free to follow my tweets, just visit http://LeoOnTwitter.com.)

So, why is tweeting your email address such a bad, bad idea?

Because anyone can see it. Your tweets, including what are called "@"-replies, are visible to everyone. That's actually kind of the point of Twitter, when you think about it.

"Your tweets ... are visible to everyone."

Unfortunately, that includes ... you guessed it ... spammers.

Here's a fun exercise to try: go to http://search.twitter.com and search for "hotmail". What you'll get is a list of recently posted tweets that include the word hotmail. And most all of them will be as part of an email address.

Now, imagine you're a spammer looking for valid, known-good, legitimate email addresses to either spam, or spoof. What an incredible resource! A small piece of software to automatically scan and collect all the email addresses that appear on twitter, and the spammer's collecting gold.

So don't let your email address be one of them. At least obfuscate it. Your tweets are likely intended to be read by real people, right? So if your email address is me@example.com make it something like:

me at example.com

or

me(at)example.com

or something along those lines.

But don't tweet your bare-naked email address.

Unless you want more spam, that is.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Why shouldn't I include my email address in a Twitter post or 'tweet'?”

  1. IMHO… obfuscating is not the answer… When a spammer’s tool can look for “@”, it also can look for “at” and its variants. They even scan image files.

    The answer to the question is king of a cold war, a constant struggle to outwit the humint at the other end.

    You’re correct, however the operational theory is that because there are so many non-obfuscated email addresses available for spammers to harvest, most will not take the time to try to decode the techniques we might dream up. But yes, it’s not an absolute solution.

    – Leo
    05-Jan-2009
    Reply
  2. I don’t tweet as it happens. However, if I did and I wanted to include my email address, then I’d make a disposable one up specially for the purpose using Yahoo’s Addressguard system or something like it such as a GMX one. That way, if I started getting spam I could immediately destroy the address, or maybe I’d destroy it anyway after a couple of weeks, depending upon how current it needed to be for whatever my purpose was in publishing it.

    Reply
  3. …I use a downloaded software called MailWasher. It intercepts all my mail before it is downloaded, and scans it. I can even read it before I download it. Any email I don’t want to download I can blacklist, “bounce” and /or delete. MailWasher can be found at http://www.mailwasher.net.

    Reply
  4. Anything that you see on your computer screen
    is in a file on your computer. It may not be
    in your mailbox, but it’s somewhere! It may be
    in a temp file that eventually gets erased but
    it is still in your computer memory and/or on
    a computer drive.

    Reply
  5. Modern address harvesters can read at instead of @ and even read jpg images containing an email address. This article understates the problem.

    Reply
  6. Which also makes it a great way to place honeypots like this one: [email removed]

    Many legitimate spam fighters use such places with great success.

    Go ahead spammers… Get ahold of this address… Please!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.