What is Spamming?
Spam is electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.
How Do Spammers Get Your Email Address?
1. Data Breaches
A data breach is an incident where users databases are unintentionally exposed to the public. Data that’s being leaked can include usernames, passwords, and emails. This makes data breaches one of the main ways in which spammers get your email address.
Even big organizations such as LinkedIn, Adobe, or Yahoo! have been compromised in the past, so this poses a real threat to online security. For example, in 2008, MySpace suffered a data breach that exposed almost 360 million accounts, being one of the largest breaches ever. More recently, LinkedIn had 164 million email addresses and passwords exposed by a data breach.
2. Interacting with spam emails
Let’s say a cyber-criminal managed to get your email address and sent you a spam email. He doesn’t know yet if your email address is active or not, but he can find out if you interact with the email.
For example, you probably know that in the emails you receive from companies there’s an Unsubscribe link at the end of the email so you can opt out of the mailing list and stop receiving emails from that specific sender. Legitimate companies will stop emailing you if you click on the Unsubscribe link.
3. Scraping email addresses online
Scraping the web is a traditional way for hackers to collect information. They use programs to scan the web for email addresses. They usually look for the @ symbol since all email addresses have the firstname.lastname@example.org format.
Through this technique, spammers are able to find your email address if you made it public anywhere on the web. This includes places such as social media, comments, forums. If the place where your email is public is accessible through an internet search, scammers can find it and add you to their spam list.
Craigslist, for example, provides you with a disposable email address where buyers or sellers can reach out to you instead of asking you to use your real email address so they protect their users’ addresses.
4. Buying email lists
A common way in which spammers get your email address is by directly buying email lists. Because of the convenience of data breaches, this technique decreased in popularity, but it is still a thing.
5. Setting up fake websites
An easy way for spammers to get your email address is by tricking you to hand it over.
Spammers set up spam sites where they ask users to provide their email addresses in return for something else. Usually, it involves winning a small prize. They might even actually hand over that prize to the winner so they can further maintain their act of being legitimate. The prize is a small price for spammers to pay in return for the huge email list database they are able to collect through this scheme.
6. Hard guessing
Another reason spam emails might end up in your inbox is if you have a pretty simple username.
Spammers use dedicated programs, also known as brute force programs, that generate alphabetic and numeric combinations of addresses. Most of these email addresses will be incorrect, but given that these programs can generate hundreds of thousands of combinations per hour, there’re still be a notable amount of active email addresses to be used for spam.
How to protect your email address from spammers?
To avoid spammers getting their hand on your email address, these are the best practices:
- Don’t make your email address public across the internet, including on social media platforms, in comments, forums.
- If you should share your email address online, use “at” instead of the @ symbol (emailaddress at emailclient.com).
- Don’t click on “Unsubscribe” links in emails that seem sketchy.
- Don’t automatically load images in emails and avoid clicking on “Load Image” if the email seems suspicious.
- Use a different email when you enter contests online as they might be collecting email addresses to further sell to spammers.
- Use different passwords for all your accounts so you protect the other accounts if one gets compromised.
Lastly, keep an eye out for spam emails and don’t interact with them. They are not only annoying, but they can also be dangerous to your online security as lots of phishing attacks are conducted through emails.