Advertisement

How Do Spammers Get Email Addresses?

To get legitimate send-to addresses, spammers and sometimes legitimate email marketers rely on some or all of these techniques:

Dictionary attacks – spambots send email to all the most popular or all the known firstname (at) company.com where company is a legitimate domain in a DNS lookup. Of course, many of these messages end up as undeliverable bounces, which may result in messages sent to a legitimate, but forged send-from address.

Automated address harvesting techniques such as trawlers that scour the newslists, blogs and websites for any character string containing the @ symbol. This is why info (at) company.com or sales (at) company.com are big targets.

Database attacks – for the longest time, simply being in the WhoIs database (the database containing the administrative and technical contacts for every domain in the world) made your address a prime spam target. It took a while, but thanks to Carnegie-Mellon University and their CAPTCHA technology, only humans can access that database, one record at a time.

Poor email privacy hygiene at legitimate companies – in the normal course of doing business, people sign up to participate in an event, download some software or a document, and their email address is embedded in some XL file that over time falls into the hands of an employee who, as a pack rat keeps everything and when they leave the company, so does the email file.

Websites that sell their contact lists – sometimes people sell their lists, or lists within their control to sites and services that use the list in marketing programs. In this way an email address can be sold, and resold and resold without their knowledge. Unfortunately, in this circumstance, unsubscribing from one is not the same as unsubscribing from another marketer.

Did we miss any? Let us know.

In upcoming posts, we'll provide some best practices to avoid being impacted as an email marketer and as a email address owner.