Log In

Reset Password
BERMUDA | RSS PODCAST

How spammers get your email address

It's not difficult to get on a spammer's mailing list. All a spammer needs is your email address. You did not subscribe to anything. The spam just starts coming, out of nowhere.

Spam is just as likely to invade email addresses that are never used, as it is to invade a busy mailbox. In an unprecedented and astonishing effort, spam reaches almost everybody online.

But how do spammers discover your email address, and even email addresses that you have forgotten about? How do they find your mailbox when your best friend does not? When you are looking for something (an email address, for example), where do you start? Chances are you begin your query with your favourite search engine or directory.

Spammers do the same thing when they look for email addresses.

They go to a starting point like the home page of Yahoo and search the page's HTML source code for email addresses. They look for text with somewhere in the middle and a top-level domain at the end.

There are not too many email addresses on a single page. The Yahoo home page does not have a single one. But it has something else to offer: links. Links take you to other pages, and with every page comes a new chance of discovering email addresses.

So the spammer follows every single link on the Yahoo home page.

On the pages that come up, they first look for email addresses and then for links. They follow these links, search for email addresses and so on. You get the idea.

Following links is exactly what the spiders of search engines do. Except they do not extract email addresses. Like those who run a search engine, spammers do not follow links and look for email addresses manually. They employ their own software "bots", or spiders. These tools for extracting email addresses from Web sites are called "address collectors" or "address extractors".

So, that is how a spammer gets your email address, and unfortunately there is not much you can do to prevent it. But there is something you can do to prevent spam: report it. When you report spam, spammers can lose their email accounts, and sometimes they have to pay for the damage they caused, and it will get increasingly difficult for them to find ISPs.

But reporting spam is a slow task. First, lots and lots of header lines need to be examined, not to mention wording the actual complaint and figuring out who to send it to. It is usually too difficult to figure out who was responsible for any one email, particularly with the advanced techniques that savvy spammers use.

You never should believe any of the information in the spam.

For instance, if you get a spam from michelleyahoo.com, you should not reply to michelleyahoo.com, nor should you report the spam to Yahoo's abuse administrator (abuseaol.com). Usually, most of the information in the header of the spam is forged.

Just as you can put any return address on a normal paper letter, spammers can put any return address they want on their email.

Usually, the return address belongs to someone the spammer wants to annoy with a bunch of erroneous complaints.

However, the key to this puzzle is the combination of the IP address of the sender and the time and date at which the mail was sent. These two pieces of information can show a network administrator who actually sent the spam email. Both pieces of information are in your email header.

Reporting Spam: SpamCop (http://spamcop.net) SpamCop is a Web site that makes the previously slow process of complaining about unsolicited emails into a fast and easy one. It makes reporting spam easy.

The first thing you must do to report spam using SpamCop is to register, which just means giving them your email address. SpamCop needs your email address because they send spam reports on your behalf to the right people, so you do not have to spend hours figuring out whom to complain to.

But, do not worry. Telling SpamCop what your email address is does not mean getting more spam. SpamCop protects your email address. Report recipients will never know your email address unless/until you reveal it. They will be able to reply to your reports, but they will do so through SpamCop. Replies from recipients of your reports will be delivered to the email address you provide SpamCop.

After you register, SpamCop emails you a URL to a personalised spam reporting form. This form will be a constant companion in your fight against spam.

Reporting spam with the personal form is simple. Whenever you get a spam email, just click on the URL that SpamCop sent you and then copy and paste the entire spam message into the SpamCop form, and press the Process Spam button. You must copy and paste all of the email headers into the form, add a blank line, and then paste the body of the spam message.

The most complicated part is getting your email client to display all the header information of the spam email. But SpamCop has instructions about how to get every imaginable email client to display those confusing header lines that SpamCop needs, including all the Microsoft Outlook versions, Netscape, Eudora, Lotus Notes, etc.

After you click "Process Spam", the SpamCop application analyses the header lines to find the source where the spam message originated.

Additionally, the body is scanned for "spamvertised" Web sites or email addresses.

SpamCop uses a combination of Unix utilities (dig, nslookup, finger) to check all the information in an email header and find the email address of the administrator on the network where the email originated. SpamCop then sends a polite request for discipline, including all the information the admin needs to track down the user responsible to the appropriate people at the spam's source.

Before you start sending SpamCop all your annoying email, remember not all email that you do not want is spam.

Hoaxes and form letters are not spam. Often, people receive email warning them of a dire threat or offering amazing rewards for continuing a chain letter. Even innocent seeming emails like petitions can circulate for years. Any email asking you to make and distribute copies of it should be viewed very skeptically.

However, this type of email is not considered spam. Usually the sender is an acquaintance - not someone you want to report as a spammer. It is much better to simply reply explaining that "this email is a hoax, please don't send me this type of thing".

Be sure to reply only to the sender of the email, not to the sender and all the other recipients as well.

Not all bulk/commercial email is spam either. In general, email from reputable companies, such as Microsoft and Amazon is not spam. If you receive email from a company you would normally consider to be legitimate, you should consider carefully the possibility that you agreed to receive email from them sometime in the past. This is how legitimate bulk emailers send you email: they get you to tacitly agree to receive their email messages about sales, etc.

A spam email is unsolicited and is sent to thousands of people at once.

If you have signed up for a newsletter or product updates, or otherwise agreed to receive email from a legitimate company, you owe it to the sender to at least try the removal process provided in the email before you cry "spam!" It is very difficult for a legitimate sender to remove you from their list if they learn about the problem from SpamCop. So it's generally much more effective to remove yourself using the sender's procedure.

If you have tried to unsubscribe without success, but you think the company normally makes an honest attempt to remove people, then you can file a spam report, but please include a note stating what you have done to try to be removed in the comments section of your spam report - there is an option to add comments to all your spam reports. This will lend credence to your claim of spamming.

However, if the email is not from a legitimate organisation that you have had prior communication with, then following the removal instructions in the spam message is a very bad idea and will result in more spam. Never reply to spam email, because when you use the removal instructions, you inadvertently verify that you received the spam and read it. That makes your email address even more valuable to a spammer.

Michelle Swartz writes every fortnight in the Personal Technology section. Enquiries should be sent to michellechristers.net