How DO Spammers Get Your Email Address?

How DO Spammers Get Your Email Address? As much as I try to stem the seemingly endless flow of spam, the crap just keeps arriving my Inbox. For example, this week I received "New affiliate programs from 2004-02-10 to 2004-02-14 :: Subscription from http://WeAreBlahBlahBlah.net". I'd never heard of WeAreBlahBlahBlah.net, let alone subscribed to the newsletter. But the address used explained exactly how the spammer reached me. I've set up numerous 'special' addresses for customers, affiliates, subscribers, merchant partners and others. For example, if I join XYZ's affiliate program, I might set up XYZ@nptinfo.com and give that address to them to contact me. If I suddenly start to receive spam at that address, then I know EXACTLY who the 'leaky' culprit is. Here are other ways spammers get your address. Web Pages Spammers use scavenger bots, programs that 'harvest' email addresses contained in "mailto:" HTML tags. Those are clickable email links that open your email program with the address already placed in the "To" field. Web Forms Some sites request various details via forms, e.g. guest books & registration forms. Spammers get email addresses from these because the form is publicly available on the web, or because the webmaster sells the list. Paper (Offline) Forms Some companies sell lists of addresses obtained from convention participants or contest entrants. Whois Searches Unless the domain registrant has paid an additional fee to make their registration private, a simple Whois lookup reveals the registrant's address. Although most registrars have enhanced the security of their WHOIS databases, by requiring a special code be entered before information is displayed, many spammers take the time and trouble to grab addresses this way. >From Web Browsers Some sites use various tricks to extract a surfer's email address from the web browser, sometimes without the surfer noticing it. Chat Rooms This is another major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses. Sending Test Messages Have you ever sent a message to an invalid address? You get an 'undeliverable' or 'failure' notice back. Some spammers use this to guess email addresses by sending test messages to a list of made-up or guessed addresses. They know they've got good addresses for those that did not result in failure messages. Online Yellow Pages What could be more alluring to a spammer than a directory of names and email addresses filed by category? Chain Letters These are ingenious. I tell five friends, and my friends each tell five of their friends, and so on and so forth. The email addresses all build up in the cc field and are a spammers delight. Buying Lists Spammers buy lists of email addresses usually passed off as those belonging to people who opted-in to to obtain information in a specific category. Let's put spammers out of business. An ounce of prevention is worth a pound of cure. Use 'throw-away' addresses whenever you're not sure of the source, and don't sign up unless there are clear 'Privacy' statements on the site. If worse comes to worse, and you're fighting your way through a mountain of spam, install anti-spam software on your computer.