Email Address Harvesting: How do spammers gather private email addresses? blog image

Tired of sorting and deleting loads of Spam from your mail accounts. Do you wonder if you can put a stop to receiving Spam? Well yes, follow some simple rules and protect your email details from Email Address Harvesting.

Emails facilitate our life but the excess of it can also complicate it immensely. On a daily basis, the average worker has an excessive amount of e-mail to deal with.

Spam is an unsolicited email that floods our mailboxes. Other than being used for commercial advertising these may also contain viruses to steal confidential information. The unaware user fails to understand how his email details got public. Many times these emails seem to come from your own email address. He is in a dilemma and does not know how to opt out of Online Marketing emails. The email addresses are collected for spamming using a process called Email Address Harvesting.

 

What is Email Harvesting?

The process of collecting email address in bulk using different methods is called Email Harvesting. The purpose behind this is to use it for spamming or sending bulk emails.

Email harvesting continues to be in demand since businesses choose to market their products through an email list acquired through harvesting. Not only is their reputation at stake but there are also legal implications of sending unsolicited emails.

 

Harvesting Email Addresses

A spammer usually collects a large list of email and website addresses and uses it for posting bulk advertisements. With the large numbers involved, Email Addressing Harvesting programs are now available to make the process automatic. Usually, a spambot is used for searching email addresses in web pages. These are then added to a database and sold to spammers then send the spam ads on the purchased on harvested addresses. While some Email Address Harvesting methods may be legal most of them are not.

Spamming continues to grow even with spam filters and security policies in place. Spammers are resorting to measures such as modifying email content to avoid spam filters and using a proxy email address for sending emails.

 

How do spammers get my email address?

The Email Address Harvesting software is automated to collect email addresses from popular websites like social networking sites, forums, blogs and chat rooms. The process to add email addresses to spam lists is called website scraping. The Scrapers are tools that are very efficient in scraping sites for visible mail addresses.

screenshot

screenshot 4

E-commerce websites that you buy products from and who ask for email details are also an easy target for Email Address Harvesting. Some of the commonly used sources for generating Harvested Email lists are as below-

  • Forum posts
  • Web pages
  • Mailing Lists
  • Corporate Staff directories
  • Membership Lists
  • Paper and Web Forms
  • Domain contact points
  • White and Yellow Pages

 

Email Harvesting Techniques

Email Harvesting methods are numerous ranging from simple ones to highly complex methods. Spammers are developing faster and advanced approaches on how to harvest email addresses that are valid and responsive.

Some of the commonly used and popular Email Address Harvesting techniques are listed below:

  • Buying from other sources: Purchasing or trading lists of email addresses from other spammers.
  • Using software bots: The ‘harvesting bots’ or ‘harvesters’ spider the web for email addresses from forum posts, web pages and other sources listed above.
  • Using Directory Harvest Attack: A form of dictionary attack where email addresses in a domain are guessed and made up from common usernames.
  • Hacking into sites: Spammers hack into websites that supply free email addresses e.g. hacking e-commerce sites to generate a list of credit card numbers.
  • Social Engineering: This method means the spammer uses a hoax to convince people into giving him valid E-mail addresses.
  • The “e-pending” technique: Use of Direct-marketing databases for creating appended email address using the contact details of prospective customers.
  • Intercepted User requests to unsubscribe: At times, requests to unsubscribe from spam lists and intercepted and results in the user being listed for more.
  • Guessing & cleaning: Some spammers guess email addresses and then send a test messages to them. The validity of the email address is verified when an error or a confirmation is received.
  • Free offerings: Free products and services are offered for registering with a valid email address.

 

Prevent Email Harvesting

Email Address Harvesting is detrimental and you can be receiving large amounts of spam if you on the spammers’ lists. Though you should be able to unsubscribe from the list, but spammers generally work around this. The viable option then is to protect your email address from spammers and help in preventing Email Harvesting.

 

Protecting email addresses on web pages

There are several methods to protect email addresses on web pages from spammers. Some methods require manually taking precautions to hide the email address. There are also some WordPress Plugins that do this automatically. Let us understand both these methods and what goes behind using them.

 

Manual methods

  • Address Munging: Address Munging is one of the most commonly used techniques that modifies email addresses. Each character in the email address is mapped to an ASCII code. These are translated back by browsers but the spam bots fail to recognise the codes.
  • Using Images: Images are used to replace the email address partially. This is a very effective countermeasure against Email Harvesting as extracting text from images is not feasible.
  • JavaScript, PHP and HTML obfuscation: With the JavaScript email obfuscation a script is used to produce a normal, clickable email link for users. This is hidden from spiders and scrapers. Technical details for each of the methods can be found here:
  1. Stopping Spam: How to keep spam bots from stealing addresses from your web site
  2. How to protect web pages from email harvesting
  • Mail Server Monitoring: Email servers use methods like rejecting emails from remote senders with more than one invalid recipient address but there is the risk of valid email not being accepted.
  • Spider Traps: A spider trap is a part of a website designed to combat Email Address Harvesting by malicious spiders. Some traps block access from the client’s IP. Others try to waste the time and resources of malicious spiders by feeding them unusable information.

 

Plugins

These are some Anti-spam WordPress Plugins available that modify and protect the email addresses automatically.

  • The Email Address Encoder WordPress Plugin converts all plain email addresses and mailto links into decimal and hexadecimal entities.

screenshot3

 

screenshot 2

  • The Cryptx Plugin for WordPress allows you to encrypt your emails effectively in your email addresses, have your text scrambled by AntiSpamBot or convert your email to a PNG image.
  • The Slash Admin Plugin includes disguised email addresses in posts and pages via shortcodes that use the AntiSpamBot function from WordPress.
  • Pixeline’s Email Protector protects any mailto: link of plain email addresses inside posts and as a theme function.
  • Obfuscate Email plugin the email addresses get replaced with junk values on the back end. Meanwhile, they retain their original appearance and functionality on the front end.

 

Conclusion

Anti-spam methods are gradually progressing with the fight against spamming. As a victim of email spamming, you should be aware of Email Address Harvesting techniques. It is crucial to protect your identity and never confirm it by responding to spam. Most spam prevention techniques require you to be actively involved in the process. These might not protect your email address from spammers completely but will certainly reduce the extent.