How Do Spammers Find Your Email Address?

Ads by Google

how spammers find email addressesSpam is the closest thing we’ll ever find to an Internet plague. No matter who you are, spam will one day find you and you’ll have no choice but to put up with its pestilence. It’s a pandemic that people have been trying to fight for decades, yet it’s still as strong as ever. But how do spammers find you in the first place?

The primary method of spamming is through email. So, logically, you might think that as long as spammers don’t grab a hold of your email address, you should be clear from its reach, right? But it’s not that simple. Spammers have had many years to innovate and perfect their techniques, and as it turns out, they have a whole bunch of ways in which they could lay hands on your email address.

As always, knowledge is power. If you know the techniques that spammers use, then you’ll be better equipped to at least hinder them. Instead of 500 spammers knowing your email address, maybe only 5 will know it. To me, that’s better than nothing.

Method #1: Mailing Lists

how spammers find email addresses

One of the oldest methods that spammers have used to harvest email addresses has been through mailing lists. It makes sense; mailing lists are basically compilations of valid email addresses already. But the specifics of it may be a surprise.

Mailing list services observe certain protocols to help prevent the leakage of their email addresses to outside sources. If a mailing list service was known for a lack of email address protection, their customer base would dwindle. Even still, spammers often make requests from mailing lists to obtain a list of all the people subscribed to that list. The services will frequently deny these requests–but sometimes it works.

Ads by Google

Furthermore, spammers can actually request a list of all mailing lists rather than a list of all the individual email addresses. They then send spam email to the mailing lists themselves, which is then sent out to all the hidden addresses on those lists.

Method #2: Unsubscribe Links

how spammers find my email

On the topic of mailing lists, here’s another method that spammers sometimes use–and it’s a tricky one. If you’ve ever been subscribed to a newsletter or mailing list, you should know that at the bottom of every email they usually have an unsubscribe link.

Now, for most legitimate businesses, this unsubscribe link will do exactly what it’s supposed to do. If you’re receiving a newsletter from somewhere and it’s a newsletter that you purposely signed up for, then there shouldn’t be any problem with unsubscribing later.

But sometimes you’ll get spam email that poses as a newsletter and presents you with an unsubscribe option. In this case, that link could very well be deceptive.

Spammers send out these kind of emails en masse to randomly generated email addresses. By clicking on the unsubscribe link, you could actually be confirming the validity of your email addresses. This tells the spammer that your email address should be targeted with spam later.

Method #3: Brute Force

And that brings me to the next method: brute force generation. In other words, the shotgun approach to finding email addresses.

Every email address is designed with a specific structure: [name]@[domain].[com/net/org/etc]. The domain part is easy to figure out since all you have to do is look for the most popular email services and use that as a basis.

So the only important part, really, is the [name] section. At this point, the spammer can just generate a bunch of random letter-and-number combinations and send out emails to [randomly-generated-name]@[popular-domain].com. For example:


Suppose your email address was Eventually, the randomly generated email will hit your real email address and send out spam to you.

Over the course of one spam campaign, a spammer could generate millions and millions of random email addresses. If even 1% of those email addresses are legitimate, that’s still a ton of people who have to deal with spam.

Method #4: Web Crawler Bots

Another common tactic is to use bots (called crawlers) that crawl through webpages, searching for email addresses that are laid out in the open. This might sound scarier than it actually is, so let me explain.

Every time you access a certain web page, the contents of that web page are sent to you through the Internet and then your browser is responsible for displaying that data to your screen. However, spammers have coded programs that request web page data from web servers without having to use a browser.

Once the data comes in, the program can quickly read through all of its contents and determine if there are any email addresses on that web page. If there are, they’re stored away into a database. And because these programs are only requesting data (not displaying it), they can go through a ton of web pages quickly.

So what kind of web pages do they crawl? Forums are a popular target. User profiles on forums often have user email addresses out on plain display. These web bots can crawl through the entire members list of a forum and pull out tons of email addresses there.

Another popular target is social networking websites. Visit the profile of one of your friends on Facebook and chances are you’ll see their email address. If you can see it, it’s likely that a bot can see it, and if a bot can see it, that email address will be stored away for spam.

Method #5: Obtaining Email Databases

how spammers find email addresses

Lastly, sometimes all a spammer has to do is offer up some cash and they’ll land themselves a hefty list of valid email addresses. That’s right: some companies will sell their database of email addresses in exchange for a lot of money.

Any time you register on a website or sign up for a newsletter, your email address gets inputted into a server-side database. This could be for anything–online games, forum accounts, social networking services, news outlets, blogs, what have you. Whenever you enter your email address into an online form, the risk is there.

“But what about privacy policies?” you might ask. Well, not every company practices honesty and integrity. Sometimes a company will build up a large pile of email addresses then give their own privacy policy the middle finger. Most of the time, however, email address leaks are usually performed by a single rogue employee who has high-level access.

More rarely, spammers will hack into company databases and steal their email addresses without their knowledge.

Now that you know about the various ways in which spammers can obtain your email address, it’s your responsibility to be more protective over your information. Like with any piece of personal data–credit card numbers, social security numbers, home addresses and phone numbers–be diligent in keeping it off the Internet.

Image Credits: No Spam Via Shutterstock, Newsletter Via Shutterstock, Handshake Via Shutterstock

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
415 Members
Best Anonymity Tools
Best Anonymity Tools
289 Members
Deep Web Communities
Deep Web Communities
253 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
151 Members
Online Security Tips
Online Security Tips
145 Members
Best Music Services
Best Music Services
111 Members
Parental Control Tools
Parental Control Tools
49 Members
Ads by Google
Comments (30)
  • Anonymous

    Webscraping, collecting, data mining, tracking, monitoring vistors data for selling became more profitable than advertising and spamming.
    So spammers switched to providing free antispam plugins to their spying servers
    “New Trends in Spamming: Spam Fused into Antispam Protection with Spamming Visitors Instead of Web Sites”

  • Christopher Webb

    It’s better to get a good spam filter than to worry about all the ways they get your email. Also if you get an email from Prince in Nigeria, you probably aren’t going to get 100 million dollars.

  • Catalin

    Here are some other creative ways:

    1 (not used anymore but worth mentioning it) – Create a Facebook app/game where you ask users to give you the email address for some reason (you are taking care of a virtual pet and we need to notify you when he’s hungry etc.)

    2 Create a Facebook event where you say you want to give 1000 free iPhones and 1000 iPads because “insert whatever reason gets people to believe this”. Apart from joining the event you obviously have to send an e-mail in order to participate. I’ve seen 1,5 million people joining this type of scam.

    3 Create a series of ebooks/pdf (copy the content from different sources and then just put it together and wrap it up as a pdf) on various topics. Create a one-page website for each pdf. Offer free downloads – by just completing a form with your e-mail address. Now you have targeted e-mailing lists. Less e-mail addresses but higher list value.

    4 Based on the method above. Create an advertising services website. You already have targeted mailing lists (and create some now ones). Now all you have to do is find and charge companies some nice prices for “advertising to the right people”.
    But make sure there is no connection between this website and the one-page ones. Bad for business. :)

    5 Make a website with all sorts of personality tests. Ask for an email address at the end of test so that people can receive their results. Put some non obtrusive advertising just to spice things up – an extra buck doesn’t kill you.

    6 Maybe you have friends working with a CRM (client resource manager) at a company or they are in charge of the newsletter campaigns. Tell them to collect email addresses and give them to you.

    These are some creative ways I’ve seen over the last few years. And i present them here only as information. While information can be used for both good and bad, i hope you use it only for your knowledge.

  • Movva Deepak

    learned a lot…

  • Yiz Borol

    Very informative article

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
New comment

Please login to avoid entering captcha

Log In