This is why you get spam emails

Have you ever wondered how spammers manage to find your email address and start sending you junk and scam emails?  In this post I’ll describe three ways in which spammers are able to get their hands on lists of valid email addresses to target with their spam.

Directory Harvesting

Directory harvesting is a technique spammers use to trick an email server into telling them which email addresses exist in an organisation and which do not.  The spammer bombards the email server with thousands of combinations of common names.  Any test emails that are accepted mean the spammer can be confident that particular email address exists at that domain and can be a target for future spam.  Sometimes the directory harvesting is performed by other parties who then sell the lists of valid email address to spammers.Although email server products such as Microsoft Exchange Server 2007 include some inbuilt directory harvesting protection measures, these usually rely on slowing the attack down (known as tar-pitting).  The best way for an organisation to protect itself from this attack is to implement a quality anti-spam system that includes directory harvesting detection and prevents the attack by cutting off further connections from the attacker.

Address Recycling

Some people find that they begin receiving spam as soon as they are given a new email address.  Although the person did not take any action that would attract spam they nonetheless begin receiving junk emails addressed directly to them.

Often this will occur in organisations, or any email provider for that matter, that recycles email addresses.  Not only does this practice expose the new user to whatever spam the previous person managed to attract, but it also carries other security risks as recently discovered by Livejournal users.

Once an email address is in the hands of spammers there is no way to get it back from them.  The only way to prevent spam from being received once an email address has been exposed is with an anti-spam solution that applies a range of preventative measures such as connection filtering, content filtering, Bayesian detection, and black listing.

Free Online Giveaways

Sometimes regardless of the amount of caution a person normally applies when surfing the web, the lure of a freebie causes them to drop all defences and give away their email address to a website online.  After all, who wouldn’t want a free 15 day supply of the latest miracle weight loss pill?

Sadly these websites are often run by shady affiliate marketers who immediately begin spamming the newly acquired email address with dozens of offers for other scams.  Often times they will sell the email address onto other spammers who will do the same.  Giving away your email address can result in a torrent of spam email thanks to these dodgy operators.

In these cases prevention is the best cure for an organisation trying to reduce their spam volumes.  Educating end users on the risks of giving out your email address to unknown parties can help reduce the number of addresses exposed to spammers in this fashion.