How do you get spam on your Email?
From mailing lists. Spammers regularily attempt to get the lists
of subscribers to mailing lists [some mail servers will give those
upon request], knowing that the email addresses are unmunged and
that only a few of the addresses are invalid. When mail servers are
configured to refuse such requests, another trick might be used -
spammers might send an email to the mailing list with the headers
Return-Receipt-To: <email address> or X-Confirm-Reading-To:
<email address>. Those headers would cause some mail transfer
agents and reading programs to send email back to the <email
address> saying that the email was delivered to / read at a
given email address, divulging it to spammers. A different
technique used by spammers is to request a mailing lists server to
give him the list of all mailing lists it carries (an option
implemented by some mailing list servers for the convenience of
legitimate users), and then send the spam to the mailing list's
address, leaving the server to do the hard work of forwarding a
copy to each subscribed email address. [I know spammers use this
trick from bad experience - some spammer used this trick on the
list server of the company for which I work, easily covering most
of the employees, including employees working well under a month
and whose email addresses would be hard to find in other ways.]
From web pages. Spammers have programs which spider through web
pages, looking for email addresses, e.g. email addresses contained
in mailto: HTML tags [those you can click on and get a mail window
opened] Some spammers even target their mail based on web pages.
I've discovered a web page of mine appeared in Yahoo as some
spammer harvested email addresses from each new page appearing in
Yahoo and sent me a spam regarding that web page. A widely used
technique to fight this technique is the 'poison' CGI script. The
script creates a page with several bogus email addresses and a link
to itself. Spammers' software visiting the page would harvest the
bogus email addresses and follow up the link, entering an infinite
loop polluting their lists with bogus email addresses.
From various web and paper forms. Some sites request various
details via forms, e.g. guest books & registrations forms.
Spammers can get email addresses from those either because the form
becomes available on the world wide web, or because the site sells
/ gives the emails list to others. Some companies would sell / give
email lists filled in on paper forms, e.g. organizers of
conventions would make a list of participants' email addresses, and
sell it when it's no longer needed. Some spammers would actually
type E-mail addresses from printed material, e.g. professional
directories & conference proceedings. Domain name registration
forms are a favourite as well - addresses are most usually correct
and updated, and people read the emails sent to them expecting
important messages.