FAQ: How do spammers get people's email addresses?

There are many ways in which spammers can get your
email address. The
ones I know of are :

1. From posts to UseNet with your email address.

Spammers regularily scan UseNet for email
address, using ready made
programs designed to do so. Some programs just
look at articles
headers which contain email address (From:,
Reply-To:, etc), while
other programs check the articles' bodies,
starting with programs
that look at signatures, through programs that
take everything that
contain a '@' character and attempt to demunge
munged email addresses.

There have been reports of spammers demunging
email addresses on
occasions, ranging from demunging a single
address for purposes
of revenge spamming to automatic methods that try
to unmunge email
addresses that were munged in some common ways,
e.g. remove such
strings as 'nospam' from email addresses.

As people who where spammed frequently report
that spam frequency to
their mailbox dropped sharply after a period in
which they did not
post to UseNet, as well as evidence to spammers'
chase after 'fresh'
and 'live' addresses, this technique seems to be
the primary source
of email addresses for spammers.

2. From mailing lists.

Spammers regularily attempt to get the lists of
subscribers to
mailing lists [some mail servers will give those
upon request],
knowing that the email addresses are unmunged and
that only a few
of the addresses are invalid.

When mail servers are configured to refuse such
requests, another
trick might be used - spammers might send an
email to the mailing
list with the headers Return-Receipt-To: email
address or
X-Confirm-Reading-To: email address. Those
headers would cause some
mail transfer agents and reading programs to send
email back to
the email address saying that the email was
delivered to / read at
a given email address, divulging it to spammers.

A different technique used by spammers is to
request a mailing
lists server to give him the list of all mailing
lists it carries
(an option implemented by some mailing list
servers for the
convenience of legitimate users), and then send
the spam to the
mailing list's address, leaving the server to do
the hard work
of forwarding a copy to each subscribed email
address.

[I know spammers use this trick from bad
experience - some spammer
used this trick on the list server of the
company for which I work,
easily covering most of the employees, including
employees working
well under a month and whose email addresses
would be hard to find
in other ways.]

3. From web pages.

Spammers have programs which spider through web
pages, looking for
email addresses, e.g. email addresses contained
in mailto: HTML
tags [those you can click on and get a mail
window opened]

Some spammers even target their mail based on web
pages.
I've discovered a web page of mine appeared in
Yahoo as some spammer
harvested email addresses from each new page
appearing in Yahoo and
sent me a spam regarding that web page.

A widely used technique to fight this technique
is the 'poison' CGI
script. The script creates a page with several
bogus email addresses
and a link to itself. Spammers' software visiting
the page would
harvest the bogus email addresses and follow up
the link, entering
an infinite loop polluting their lists with bogus
email addresses.

For more information about the poision script,
see
http://www.monkeys.com/wpoison/

4. From various web and paper forms.

Some sites request various details via forms,
e.g. guest books &
registrations forms. Spammers can get email
addresses from those
either because the form becomes available on the
world wide web,
or because the site sells / gives the emails list
to others.

Some companies would sell / give email lists
filled in on paper
forms, e.g. organizers of conventions would make
a list of
participants' email addresses, and sell it when
it's no longer needed.

Some spammers would actually type E-mail
addresses from printed
material, e.g. professional directories &
conference proceedings.

Domain name registration forms are a favourite as
well - addresses are
most usually correct and updated, and people read
the emails sent to
them expecting important messages.

5. Via an Ident daemon.

Many unix computers run a daemon (a program which
runs in the
background, initiated by the system
administrator), intended to
allow other computers to identify people who
connect to them.

When a person surfs from such a computer connects
to a web site
or news server, the site or server can connect
the person's computer
back and ask that daemon's for the person's email
address.

Some chat clients on PCs behave similarily, so
using IRC can cause
an email address to be given out to spammers.

6. From a web browser.

Some sites use various tricks to extract a
surfer's email address
from the web browser, sometimes without the
surfer noticing it.
Those techniques include :

1. Making the browser fetch one of the page's
images through an
anonymous FTP connection to the site.

Some browsers would give the email address
the user has
configured into the browser as the password
for the anonymous
FTP account. A surfer not aware of this
technique will not
notice that the email address has leaked.

2. Using JavaScript to make the browser send an
email to a chosen
email address with the email address
configured into the browser.

Some browsers would allow email to be sent
when the mouse
passes over some part of a page. Unless the
browser is properly
configured, no warning will be issued.

3. Using the HTTP_FROM header that browsers send
to the server.

Some browsers pass a header with your email
address to every web
server you visit. To check if your browser
simply gives your
email address to everybody this way, visit
http://www.privacy.net/analyze/

It's worth noting here that when one reads E-mail
with a browser
(or any mail reader that understands HTML), the
reader should be
aware of active content (Java applets,
Javascript, VB, etc) as
well as web bugs.

An E-mail containing HTML may contain a script
that upon being
read (or even the subject being highlighted)
automatically sends
E-mail to any E-mail addresses. A good example of
this case is the
Melissa virus. Such a script could send the
spammer not only the
reader's E-mail address but all the addresses on
the reader's
address book.
http://www.cert.org/advisories/CA-99...cro-Virus.html

A web bugs FAQ by Richard M. Smith can be read at
http://www.tiac.net/users/smiths/privacy/wbfaq.htm

7. From IRC and chat rooms.

Some IRC clients will give a user's email address
to anyone who cares
to ask it. Many spammers harvest email addresses
from IRC, knowing that
those are 'live' addresses and send spam to those
email addresses.

This method is used beside the annoying IRCbots
that send messages
interactively to IRC and chat rooms without
attempting to recognize
who is participating in the first place.

This is another major source of email addresses
for spammers, especially
as this is one of the first public activities
newbies join, making it
easy for spammers to harvest 'fresh' addresses of
people who might have
very little experience dealing with spam.

AOL chat rooms are the most popular of those -
according to reports
there's a utility that can get the screen names
of participants in
AOL chat rooms. The utility is reported to be
specialized for AOL due
to two main reasons - AOL makes the list of the
actively participating
users' screen names available and AOL users are
considered prime
targets by spammers due to the reputation of AOL
as being the ISP of
choice by newbies.

8. From finger daemons.

Some finger daemons are set to be very friendly -
a finger query
asking for john@host will produce list info
including login names
for all people named John on that host. A query
for @host will
produce a list of all currently logged-on users.

Spammers use this information to get extensive
users list from hosts,
and of active accounts - ones which are 'live'
and will read their
mail soon enough to be really attractive spam
targets.

9. AOL profiles.

Spammers harvest AOL names from user profiles
lists, as it allows them
to 'target' their mailing lists. Also, AOL has a
name being the choice
ISP of newbies, who might not know how to
recognize scams or know how
to handle spam.

10. From domain contact points.

Every domain has one to three contact points -
administration,
technical, and billing. The contact point
includes the email
address of the contact person.

As the contact points are freely available, e.g.
using the 'whois'
command, spammers harvest the email addresses
from the contact points
for lists of domains (the list of domain is
usually made available to
the public by the domain registries). This is a
tempting methods for
spammers, as those email addresses are most
usually valid and mail
sent to it is being read regularily.

11. By guessing & cleaning.

Some spammers guess email addresses, send a test
message (or a real
spam) to a list which includes the guessed
addresses. Then they
wait for either an error message to return by
email, indicating that
the email address is correct, or for a
confirmation. A confirmation
could be solicited by inserting non-standard but
commonly used
mail headers requesting that the delivery system
and/or mail client
send a confirmation of delivery or reading. No
news are, of coures,
good news for the spammer.

Specifically, the headers are -
Return-Receipt-To: email-address Send a
delivery confirmation
X-Confirm-Reading-To: email-address Send a
reading confirmation

Another method of confirming valid email
addresses is sending HTML
in the email's body (that is sending a web page
as the email's content),
and embedding in the HTML an image. Mail clients
that decode HTML,
e.g. as Outlook and Eudora do in the preview
pane, will attempt fetching
the image - and some spammers put the recipient's
email address in the
image's URL, and check the web server's log for
the email addresses of
recipients who viewed the spam.

So it's good advice to set the mail client to
*not* preview rich media
emails, which would protect the recipient from
both accidently confirming
their email addresses to spammers and viruses.

Guessing could be done based on the fact that
email addresses are
based on people's names, usually in commonly used
ways
(first.last@domain or an initial of one name
followed / preceded by
the other @domain)

Also, some email addresses are standard -
postmaster is mandated by
the RFCs for internet mail. Other common email
addresses are
postmaster, hostmaster, root [for unix hosts],
etc.

12. From white & yellow pages.

There are various sites that serve as white
pages, sometimes named
people finders web sites. Yellow pages now have
an email directory
on the web.

Those white/yellow pages contain addresses from
various sources,
e.g. from UseNet, but sometimes your E-mail
address will be
registered for you. Example - HotMail will add
E-mail addresses to
BigFoot by default, making new addresses
available to the public.

Spammers go through those directories in order to
get email addresses.
Most directories prohibit email address
harvesting by spammers, but as
those databases have a large databases of email
addresses + names,
it's a tempting target for spammers.

13. By having access to the same computer.

If a spammer has an access to a computer, he can
usually get a list
of valid usernames (and therefore email
addresses) on that computer.

On unix computers the users file (/etc/passwd) is
commonly world
readable, and the list of currently logged-in
users is listed via
the 'who' command.

14. From a previous owner of the email address.

An email address might have been owned by someone
else, who disposed
of it. This might happen with dialup usernames at
ISPs - somebody
signs up for an ISP, has his/her email address
harvested by spammers,
and cancel the account. When somebody else signs
up with the same ISP
with the same username, spammers already know of
it.

Similar things can happen with AOL screen names -
somebody uses a
screen name, gets tired of it, releases it. Later
on somebody else
might take the same screen name.

15. Using social engineering.

This method means the spammer uses a hoax to
convince people
into giving him valid E-mail addresses.

A good example is Richard Douche's "Free CD's"
chain letter.
The letter promises a free CD for every person to
whom the letter is
forwarded to as long as it is CC'ed to Richard.

Richard claimed to be associated with Amazon and
Music blvd, among
other companies, who authorized him to make this
offer. Yet he
supplied no references to web pages and used a
free E-mail address.

All Richard wanted was to get people to send him
valid E-mail addresses
in order to build a list of addresses to spam
and/or sell.

16. Buying lists from others.

This one covers two types of trades. The first
type consists of buying
a list of email addresses (often on CD) that were
harvested via other
methods, e.g. someone harvesting email addresses
from UseNet and sells
the list either to a company that wishes to
advertise via email
(sometimes passing off the list as that of people
who opted-in for
emailed advertisements) or to others who resell
the list.

The second type consists of a company who got the
email addresses
legitimately (e.g. a magazine that asks
subscribers for their email
in order to keep in touch over the Internet) and
sells the list for
the extra income. This extends to selling of
email addresses a
company got via other means, e.g. people who just
emailed the company
with inquiries in any context.

17. By hacking into sites.

I've heard rumours that sites that supply free
email addresses
were hacked in order to get the list of email
addresses, somewhat
like e-commerce sites being hacked to get a list
of credit cards.

--
---
If I said it, I meant it.
If you said it, I heard it.
If I meant it, I said it.
If you meant it, how am I
supposed to know?

How was that on topic for alt.support.foster-parents?

Or have you decided you have ownership now and can demonstrate to
foster parents who come here that you were, of course, lying when you
said you were going to reclaim it for On Topic subjects to your special
little definition of "support?"

Pop wrote:
There are many ways in which spammers can get your
email address. The
ones I know of are :

......snip......Sorry, foster parents. I know you couldn't get this
information anywhere else and lurk here for advice and knowledge on
email address harvesting.

0:-

Jeez, a readable post! Wht's a matta kaney kid, got a
date to keep with a ...?

wrote in message
ups.com...
How was that on topic for alt.support.foster-parents?

Or have you decided you have ownership now and can
demonstrate to
foster parents who come here that you were, of
course, lying when you
said you were going to reclaim it for On Topic
subjects to your special
little definition of "support?"
=== Nope, I do not operate as you do. Projecting your
attitudes and opinions onto others will not bring them
to your point of view, ever. When you begin to support
foster parents 100% of the time without deviation then
you'll be welcome here. Until then, hmmmm, "without
deviation"? Using those words to you is sort of like
an oxymoron, isn't it? Sorry, I forgot how deviant you
are.

Pop wrote:
There are many ways in which spammers can get your
email address. The
ones I know of are :

.....snip......Sorry, foster parents. I know you
couldn't get this
information anywhere else and lurk here for advice
and knowledge on
email address harvesting.

0:-

=== Like there are any foster parents here to lurk.
You've tried to make sure of that and there is an
excellent public record to back that up.

Don't go away mad, man, just go away. Or, if you want
to go away mad, then I guess that's OK too; I'll allow
it.

Pop wrote:
Jeez, a readable post! Wht's a matta kaney kid, got a
date to keep with a ...?

Yer obviously a late stage alcoholic, with delirium tremens. Yer all
over the map, pops.

wrote in message
ups.com...
How was that on topic for alt.support.foster-parents?

Or have you decided you have ownership now and can
demonstrate to
foster parents who come here that you were, of
course, lying when you
said you were going to reclaim it for On Topic
subjects to your special
little definition of "support?"
=== Nope, I do not operate as you do.

I'll say. But the correct answer is yes.

Translation: "I'm a nutcase that has found a medium with no restraints
for my explosive dementia, and I'll yammer as long as I want or until
the ward clerk comes looking for me."

Projecting your
attitudes and opinions onto others will not bring them
to your point of view, ever.

Old child, POPinjay, you project...just as you did then.

When you begin to support
foster parents 100% of the time without deviation then
you'll be welcome here.

Oh, then posting here a diatribe on how spammers harvest email addies
is 100% foster parent support? R R R R ..you old feeble fool.

Until then, hmmmm, "without
deviation"? Using those words to you is sort of like
an oxymoron, isn't it? Sorry, I forgot how deviant you
are.

Well, I cannot resist, knowing that you'd peter out before you can get
your thoughts together to take advantage of a really hot chance to
flame, so here goes:

How deviant am I? (rimshot, thanks Johnny, we miss yah.)

Pop wrote:
There are many ways in which spammers can get your
email address. The
ones I know of are :

.....snip......Sorry, foster parents. I know you
couldn't get this
information anywhere else and lurk here for advice
and knowledge on
email address harvesting.

0:-

=== Like there are any foster parents here to lurk.
You've tried to make sure of that and there is an
excellent public record to back that up.

Post it. All of it, you doddering old mental wreck. RR R R R R R ..

It's only when blubbering stumblebum mindless meanderers such as you
come here that foster parents clear out....except of course for Ron. He
likes a laugh now and then, seeing as he has to observe parental
viciousness and carelessness with their young close up. Give him some
more laughs with your "support foster parents" examples, will yah.

Don't go away mad, man, just go away.

Gee, would you be surprized if I said "no?"

Plan on a big one.

Or, if you want
to go away mad, then I guess that's OK too; I'll allow
it.

Don't you wish. It's you that will leave when your next set of synaptic
connections randomly cease firing and you forget once again why you are
here.

Give us some more of your threats. We love it.

And horay for the first amendment and the World Wide Web that affords
you a place to expell your mental illness upon the world rather than
keep it bottled up and climbing clock towers with a rifle.

R R R R R R R R RR R R ....

More, stupid, give us MORE..

0:-

wrote in message
ups.com...


Pop wrote:
Jeez, a readable post! Wht's a matta kaney kid, got
a
date to keep with a ...?

Yer obviously a late stage alcoholic, with delirium
tremens. Yer all
over the map, pops.

wrote in message
ups.com...
How was that on topic for
alt.support.foster-parents?

Or have you decided you have ownership now and can
demonstrate to
foster parents who come here that you were, of
course, lying when you
said you were going to reclaim it for On Topic
subjects to your special
little definition of "support?"
=== Nope, I do not operate as you do.

I'll say. But the correct answer is yes.

Translation: "I'm a nutcase that has found a medium
with no restraints
for my explosive dementia, and I'll yammer as long
as I want or until
the ward clerk comes looking for me."

Projecting your
attitudes and opinions onto others will not bring
them
to your point of view, ever.

Old child, POPinjay, you project...just as you did
then.

When you begin to support
foster parents 100% of the time without deviation
then
you'll be welcome here.

Oh, then posting here a diatribe on how spammers
harvest email addies
is 100% foster parent support? R R R R ..you old
feeble fool.

Until then, hmmmm, "without
deviation"? Using those words to you is sort of
like
an oxymoron, isn't it? Sorry, I forgot how deviant
you
are.

Well, I cannot resist, knowing that you'd peter out
before you can get
your thoughts together to take advantage of a really
hot chance to
flame, so here goes:

How deviant am I? (rimshot, thanks Johnny, we miss
yah.)

Pop wrote:
There are many ways in which spammers can get
your
email address. The
ones I know of are :

.....snip......Sorry, foster parents. I know you
couldn't get this
information anywhere else and lurk here for advice
and knowledge on
email address harvesting.

0:-

=== Like there are any foster parents here to lurk.
You've tried to make sure of that and there is an
excellent public record to back that up.

Post it. All of it, you doddering old mental wreck.
RR R R R R R ..

It's only when blubbering stumblebum mindless
meanderers such as you
come here that foster parents clear out....except of
course for Ron. He
likes a laugh now and then, seeing as he has to
observe parental
viciousness and carelessness with their young close
up. Give him some
more laughs with your "support foster parents"
examples, will yah.

Don't go away mad, man, just go away.

Gee, would you be surprized if I said "no?"

Plan on a big one.

Or, if you want
to go away mad, then I guess that's OK too; I'll
allow
it.

Don't you wish. It's you that will leave when your
next set of synaptic
connections randomly cease firing and you forget once
again why you are
here.

Give us some more of your threats. We love it.

And horay for the first amendment and the World Wide
Web that affords
you a place to expell your mental illness upon the
world rather than
keep it bottled up and climbing clock towers with a
rifle.

R R R R R R R R RR R R ....

More, stupid, give us MORE..

0:-