Regardless of whether you ever showed an interest in the topic and regardless of whether you even use your email address, spam will almost certainly find its way in. Most of the spam you get is irrelevant to you but so is most of the advertising you see each day. And that’s just what it is – advertising.
With traditional advertising methods, companies buy space from somewhere to promote their goods and services – when “advertising” via email, spammers get email addresses in all sorts of slimy ways. Here are some of them:
Taken from your web site
Spammers have the ability to write software that simply reads websites, looking for email addresses. When it finds one, it just adds it to its list and moves on to the next web site. These robotic scanners, called ‘bots’, can read thousands of web sites a day and compile a huge list of email addresses. Don’t list your email address on your web site if you don’t need to. If you must, use a generic address you can filter or change from time to time or list it in such a way that makes it harder for the spammer. Type it out in a way the computer won’t recognize like this: Joel at Joelsdomain dot com.
Accidental use of CC instead of BCC
There’s not much you can do about this one and it only happens rarely, but sometimes email senders forget to send out emails BCC. This means that anyone can see all the addresses that the email was sent to. It’s possible that someone might pull that list and use it.
Companies sell or leak your data
Here’s another situation that’s difficult to avoid. In this case, you give your email address to a trusted company and it gets stolen or sold from there. Rest assured this will never happen on our website! We don’t sell addresses. It’s illegal and immoral.
Spammers make them up
Since sending emails is basically free if you have access to the right tools and software, spammers will compile a list of domain names and then send spam to common names at that domain name. For instance, they might send email to firstname.lastname@example.org, email@example.com and tens of thousands of other common names and combinations of names and numbers. Since emailing is free, it doesn’t cost anything to carpet-bomb domain names with spam, hoping to hit a few actual addresses.
Phishing (pronounced ‘fishing’)
Spammers might create a fake service or fake newsletter just to trick you into willingly entering your information. Some phishing techniques can be very sophisticated with spammers impersonating banks, government agencies, friends from Facebook, or other supposedly trusted sources.
Outsmart the Spammers
- As a domain name owner, I’m able to create a unique email address for myself whenever I want. So when I sign up for a service, often times I’ll use a unique email address for that service so I’ll know if its ever compromised. For example, suppose I own the domain name joelsdomain.com. Then I register for an account with twitter. I might use the email address firstname.lastname@example.org. Now, if I ever get spammed by someone sending email to email@example.com, I’ll know that somehow my email address was leaked by someone with access to twitter’s database. Using this method I’ve personally seen leaks by companies like Microsoft, RingCentral, PayPal and others. Spammers can get your email address from even the largest, and supposedly most secure of vendors!
- Use difficult to guess email addresses. firstname.lastname@example.org is a lot easier to figure out than email@example.com.
- Be careful where you enter your email address online. Be sure it is a reputable company and not just a page that sits and waits for unsuspecting victims.