There are many ways that spammers can get valid e-mail addresses. This list shows only a few of the most common ways a spammer may get your address:
- They buy your name from a list: Junk mail and targeted e-mail lists have been around almost as long as the Internet itself. For as cheap as $100, anyone can buy a list of over 11 million addresses. These lists are created by unscrupulous website owners and online stores that \"share\" their customer information for some money. As you can imagine, it is impossible for spammers to identify your personal taste or interests when sending messages to such a large group, so a \"shotgun\" mailing is sent out with product offers, get rich quick schemes, and adult porn sites mailings. The worst part about this? They are sent out to all 11 million names, including you!
- Opt-in Lists: These lists are developed by partnering with legitimate websites which make you check \"Don\'t send me offers\" as part of registration for their services. Sooner or later one of the boxes will escape your attention, and then you\'re added to an opt-in list. Many opt-in lists are legitimate and will honor your removal requests, but for every one legitimate list, there are three that are not, and it only takes being on one or two opt-in lists to eventually generate a mountain of spam in your inbox.
- E-mail Extractors: Spammers use these programs to scour the web including forums, alumni sites, and news posts, for e-mail addresses. These software bots can locate thousands of e-mail addresses an hour, and spammers run them day and night. To avoid having your address harvested in this way, don\'t put your main e-mail address on any website, forum, or newsgroup. Use a separate address that you don\'t mind getting spam to.
- MX Server Extractors: These programs exploit Internet mail server protocols. When an e-mail is sent to you it is handed over to your Mail Provider\'s server, which starts \"communication\" with the sender. The sender\'s server asks to deliver a message to a user on your server, but before the message is actually accepted by your server it wants to know who it the mail is addressed to. So your address is sent over, and your server replies whether the name is OK, or the address does not exist on the server (what happens when a message is \"bounced\" back to you). Basically the MX server extractors mimic the communication without actually trying to send the message. Think of it as someone ringing your doorbell and asking if \"Joe\" is home, no one named Joe may live at your house, however if the person at your door tries enough names sooner or later the may stumble upon yours, and you will say \"Yes\". Programs exist that can mine over 5000 e-mail addresses per minute, and believe it or not those programs can be purchased by unscrupulous spammers for less than $100.
- Viruses, Spyware, and Mailicous Code: Not to long ago viruses and spyware started to appear that transparently load themselves on your computer or are sent via e-mail to your mail client. As soon as you open books, contact lists, and distribution lists, they are scanned and then reported back to home base. KU has a guide to spyware that you can view if you are interested.
Because of the way Internet mail works, it\'s not necessary for someone to be listed on the To or Cc lines of an e-mail in order for the e-mail to be sent to them. With few exceptions, the headers of an e-mail (the From, To, Subject, Date, etc lines at the top of the message) can be made to look however the program creating the message wishes them to. You can also be added to the recieving list as a Bcc, or Blind Carbon Copy, which does not show your address in the To or Cc header. Additionally, some viruses choose a random e-mail address out of an infected person\'s address book and put that in the From header. This means that anyone who has your name in their address book could potentially be sending out mail that looks like it comes from you.