Home Page | Papers
How do Spammers Get Your Email Address ?
1) Checkboxes :-
Look for Checkboxes when you register on websites, they are the ultimate source of spam. They are usually partner websites but still they are the only root cause for spam.
2) Contests :-
Lots and lots of contests are there running on net, which offer ipods, cash and lots more cool stuff but these are the sources from where your information is leaked and at the end you get SPAM.
3) Chain Letters :-
Ever looked at the Chain Letters a bit more closely? They reveal lots and lots of email addresses of people, it can be you, your family members, your friends and other people, so just make sure you donít forward chain letters.
4) Groups :-
Most of the people on internet use groups, it maybe Usenet, yahoo groups, google groups, hi5, and lots more. And yes spammers can easily harvest your emails from there and this is really nasty, as it leaks emails of companies and businesses also.
5) Subscriptions :-
Never subscribe to free news letters, and if you really do, donít give them your primary email address. As they in turn pass out your email address to partner companies who are mostly spammers.
6) Mailing lists :-
Mostly spammers also become members of mailing lists and scan messages for email addresses, but a very useful technique for spammers is to throw a genuine message to a mailing list and put the headers as request read receipt which means, that most of the email clients will send a reply back to the sender of the email that his email was read or was not read, and this inturn emails the spammer of the email address, so it becomes extremely easy for spammers to get your email address. And I just checked this trick at a very high profile mailing list and its more than 2 days I am still getting read receipts. So itís quite effective, so just disable the send ack receipt to the sender from your email clients.
7) Websites :-
It is possible you might have posted to some website and now your email is visible over there and this just makes the work of a spammer much easier, they just copy your mail address and you are bombarded with SPAM.
8) Ident Daemon :-
Many Unix OSís run this daemon, and this helps other computers to know who is connecting to them, this is mostly in the case of IRCís.
9) Web Browsers :-
Quite a few web browsers also pass your email address in the header, along with the HTTP header, this is mostly when you have filled up the optional components of your web browser which doesnít bother you to type your email address again and again, but still it is a serious draw back, as your email address can be tracked by the websites you visit.
10) IRC :-
IRC daemons also reveal a lot of information about you, it is when you start your IRC client and type your nick, name and email address, and this is where spammers can get your email addresses, but mostly newbieís fall to this tricks
11) Chat Rooms :-
Chatrooms are also a primary source for email add. Harvesting, for aol chat rooms there are specialized tools which do the work for you, and for yahoo chat rooms, you have the primary detail which is your id and the only thing to guess is, the last part after @ which is easy, as Americans have a @yahoo.com Indians have @yahoo.co.in and so on and for uk, its @yahoo.co.uk so its just a matter of guess work but still this requires a bit of work for them but still its imp. Source for email addresses.
12) Profiles :-
All your profiles, doesnít matter which it can be on yahoo, aol, msn, for personal websites, linux groups or anyother website, what is imp, is if you have provided your email address there there are chances of you getting included in the Spam list.
13) Whois :-
Registered a website ? and provided with all your real information, wow that was great, so they have your phone num, address and EMAIL ADDRESS, this is one of the method for harvesting emails.
14) Yellow pages :-
They have all you need, information about vendors, businesses, companies and individuals, they have contact information as well as EMAIL ADDRESS.
15) Shell Accounts :-
Well mostly with shell providers who provide shells also provide email addresses to their users, this is mostly their firstname.lastname@example.org so just having a look at /etc/passwd file the spammers get lots of email addresses at once.
16) Buying Databases of Emails :-
This is also a prime source for new spammers, and there are lots of people out there who want to sell millions of email addresses to newbie spammers with mass mailing software, and mostly it costs less than 10$.
17) Social Engineering :-
This is also very much possible as newbies are usually a target for getting free stuff provided they give their email address, where they will receive an activation link to place where they will get their free stuff. But it is usually a Scam.
One of the most genuine looking Social Engg. Trick to get Email address and Personal Information is a con-artist sends a email to a Mailing List, Newsgroup or Usenet, which says urgently required software programmers and hardware engineers, and a low profile experience, like 1-2 years of experience and stuff, now there are lots of guys over there who want that job. And they usually bind their bio-data and boom. The spammer gets their Email Add, Personal Details and lots more, in sense he gets everything you know and he can also tailor much more sophisticated attacks against you when he wants, but that happens rarely, but still this is quite a possibility as in the Info. Security field, Sky is the Limit.
18) Hacking to Servers :-
Usually when you shop online, you provide credit card information and also your email address, and if a hacker hacks into that server he will have all information about you, like email address, credit card info. And he can inturn sell the email addresses to the spammers to get some quick bucks.
19) Guessing :-
Oh, yes Spammers also do guesswork they mostly email everyone at a @domain.com address and if the message bounces it means that there is no such email address, and if it goes through it means that here is a jackpot and just an email away. Usually this is done with softwareís.
- Anish Shaikh