How do spammers get my email address?

There are several common ways that spammers can get your email address:

  • Crawling the web for the @ sign. Spammers and cybercriminals use sophisticated tools to scan the web and harvest email addresses. If you publicly post your email address online, a spammer will find it.
  • Making good guesses… and lots of them. Cybercriminals use tools to generate common user names and pair them with common domains. These tools are similar to the ones that are used to crack passwords. And they work.
  • Tricking your friends. Even if you know better than to publicly post your email address on the web, it could still be stored in the email inbox of anyone who’s ever emailed you or whom you’ve ever emailed. Cybercriminals can steal contact lists or use social engineering to trick people into giving them access.
  • Buying lists. Spammers can purchase lists legally and illegally. When you sign up for a website or a service, make sure you read the privacy policy carefully to find out what the site plans to do with your email address.

It pays to keep your email address as private as possible, but sometimes it seems like there’s nothing you can do to keep it out of the hands of spammers. For this reason you have to combine smart privacy practices with strong email filters.

All of the most recent versions of Microsoft’s email services (including Hotmail) use a strong filter called SmartScreen. For more information, see Help keep spam out of your inbox

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    Helped. I've definitely broadened my horizon on this matter.

  2. Paulie-D

    Another way is harvesting. We've all received a forwarded email joke or similar message where the first hundred lines are a historical list of everyone that clicked FWD. That very email *will* end up in the hands of a spammer, eventually, who will "harvest" all of the visible addresses out of the email .. likely using an automated tool. All the addresses harvested and then permanently added to their spammer database .. courtesy of your friend who didn't have the courtesy to BCC (blind copy) you.  

    On a related note, the proper way to BCC is to send the email TO yourself and then BCC everyone else.

    ~ Paulie D

  3. Anonymous

    Someone has stolen my daughters email address and is now sending out crap email. How can I disable her old email name or account?

  4. Anonymous

    I got e-mail ad from hotmail company if it is fake ad. Someone used my e-mail and changed my password. No fair! Scammer did it.

  5. Anonymous

    By far the greatest problem for business users is that of careless webdesigners who fail to implement harvesting protection.

    Anyone having a website built needs to be very careful over this.

Comments are closed.