Keeping Your Address Off Spammers' Lists

Spammers usually get addresses by "harvesting" them: they simply go to web sites and "scan" for e-mail addresses anywhere on the site. I've seen the scanners in operation, and it's amazing how quickly they work. The software can, for instance, ask a search engine for any page that has the word "cat" in it and grab the addresses off those pages for a "targeted" list of people with a presumed interest in cats. It takes only minutes to gather thousands of addresses.

Of course, how "targeted" that list might be is a matter of opinion. A "cat" might refer to a feline animal, a tractor, an abbreviation for "category", etc. But spammers don't really care if you're interested in their message or not. The key, for them, is to blast out their nonsense to as many people as possible because a very tiny percentage of them will be stupid enough to fall for their ad and send them money. That is their only goal -- they don't care how many people they offend in the meantime.

So obviously, the first tip is to keep your address off the web. If it's on your site -- or any other site -- it will be found.

But even if you've been careful never to use your address on any public site, even a web page, you will likely still get spam! There are two main ways this happens:

  • Your address used to belong to someone else. For instance, a webmail account on a popular service such as Hotmail or Yahoo mail. You may have felt lucky to get a great username there -- how could no one have already taken such a great name?! They did, long ago. Then they abandoned it because of all the spam they were getting. Guess what? The spam never stopped! Now you are getting it.

  • A "dictionary" attack. Spammers will connect to a server and ask to deliver mail to mailbox "A". If the server says OK, that address goes on their list. They then proceed to "AA", or "B", or any word or combination of letters that's in their "dictionary" -- and it's all automated. Even though the address has never been listed anywhere and isn't on any web sites, suddenly that address is getting spam. And it doesn't just happen at big, well-known sites, like Hotmail. Even tiny personal sites have been subjected to such attacks.

So the next tip is to keep your address "non-obvious" -- simple dictionary words or names (like Bob@) will almost certainly get spammed, even if you never give the address out to anyone.

Other sources for addresses actually includes messages you sent privately to friends -- if they forward your note to a large group (which happens all the time, especially if you're telling a funny story), and a spammer happens to be a friend of a friend of a friend, your address can easily be culled from the headers. Other places include open e-mail discussion lists and, ironically, web pages that say "put your address here if you want to be on a 'do not mail' list"; often, these lists are sold to the very advertisers you want to avoid!

Next Topic: Why Spammers Don't Honor "Unsubscribe" Requests

Copyright © 1996-2010 by Randy Cassingham, All Rights Reserved. All broadcast, publication, retransmission, copying or storage is strictly prohibited without prior written permission (contact the author). This is True® is a registered trademark of ThisIsTrue.inc and is used with permission. (Privacy Statement)