The general assumption seems to start with you, the generic, nonspecific you, signing up for a newsletter on a website somewhere, or joining an online forum or email group. After all, that’s where spammers get all their email addies. Isn’t it?
Forums and Websites
It’s true that spammers can harvest email addies from forums and websites, usually by using a spambot, an automated script that effortlessly grabs all available email addresses.
If you’re on a forum, one solution to this would be to not have your email addy visible, but rather have anyone who wants to contact you to do so through the PM, or private messaging, system for that forum. You then get their email addy and can email them directly from your email addy. This way, your email addy is not visible, and if it’s not visible, then spambots can’t find it.
Elsewhere in a domain, generally speaking, if an email addy shows up in its proper form, such as [email protected], then spambots will be able to harvest it. This is why, increasingly, more and more sites are using forms to contact them – it cuts down on their spam by protecting email addresses.
Some sites display modified email addresses, like joeblow (at) hiscompany (dot) com. Pretty much anyone can interpret that to figure out what the real email addy is, but the spambots can’t interpret it.
Email lists and groups
Another thing is that they will harvest email addies from popular email lists, ie Yahoo! groups. There’s one I’m on that has well over 8000 members, and I use one email addy only for that particular list. I have to recycle email addies for that list every month or two because of the spam that starts coming through. Someone on that list is a spammer, and when my addy changes, s/he grabs it and I get spammed again.
Then there’s the issue of such groups that don’t keep their membership lists private – that’s a spammer’s dream come true. Easy harvesting without joining.
Common word/name spam
But spammers aren’t willing to stop there. They also do common word/name spam to domains.
For example, they’ll send spam to [email protected], [email protected], [email protected], etc. They’ll also send spam to [email protected], [email protected], [email protected], [email protected], etc. They’re playing the odds that at least one of those email addies will work.
That, and many domain owners don’t :blackhole: email sent to invalid email addies, but rather forward it to another account. Spammers don’t care how you get the email, they only care that you do.
Email is free
Because email is free, they can afford to send email out to 5 million email addresses even though only maybe 1/10th or 1/100th of them have been confirmed as valid. It doesn’t even use their servers as usually, they hijack someone else’s email server – that of domain owners or domain hosting companies that don’t lock down the email servers to validate upon send. No cost for them, so why not?