Spyware, Viruses, & Security forum

General discussion

How do spammers get another person's email address, and ...

by tacticaltal / April 26, 2006 6:54 PM PDT

... how do we avoid it?

I assume that posting one's email address in forums is one way. Are there others? For instance, when I signed up to CNET, I listed my email address in the Registration. Can spammers spoof this in other forums?

Would we more secure if we added our email addresses in an html mailto: link? I have several websites; some have my email written out xxxx@yahoo.com, for instance, and on others I have it in an EMAIL ME type link, and of course, on my websites, I need to list a way for people to contact me.

I've also seen emails spelled out as, for instance, user (AT) yahoo (DOT) (COM). Is this a possible solution?

One other area of my misunderstanding is my address book. Is it possible, and how does it happen, that spammers can hijack my address list, thereby spamming people with my address as the sender?

Sorry for the many questions, but I'm sort of a newbie at this type of thing.



Discussion is locked
You are posting a reply to: How do spammers get another person's email address, and ...
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How do spammers get another person's email address, and ...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Spammers get email addresses in many ways.
by PudgyOne / April 26, 2006 7:34 PM PDT

Spammers get email addresses in many ways.

One way is the robots crawl around the internet and look for email addresses, either on the webpage or in the coding. So it doesn't matter if you use the email me link or your email address, the robot will find you. This is one reason that you use a special email address for the website only. You have a different email address for your business.

Second, you send an email to your friend (maybe a joke). Your friend doesn't have time to make his own email up so he clicks on forward. He send it to all his friends. The next people in line click forward and they send it to their friends. One of these friends may be a spammer. Now they have all of these email address to work with. The list keeps getting bigger and bigger. This is a reason to have an email address for personal things. It keeps the business email down to business only as much as possible.

I'm sure that there are many more ways that spammers get your email address but these are the main ways this happens.

Hope this helps.


Collapse -
Spammers get email addresses in many ways.
by sentientred / May 4, 2006 11:25 PM PDT

Good answers Rick. Some additional information. Remember nothing is free. Free email addresses, coupons,greetings cards, etc. all collect data and build mailing lists which they sell. Instant messengers broadcast your email address to the whole Internet and even tell when you are online. The best way to help your ISP fight garbage email is to think. Watch where you go, what you click on and what information you give out no matter how legitimate the site may seem. The best way for you personally to fight what is coming in is to learn and use message rules and filters in your browser. You can build rules/filters that can automatically delete garbage when it comes in without you having to even look at it.

Collapse -
In addition to Rick's good advise
by tomron / April 26, 2006 10:52 PM PDT

Heres a LINK that might shed some light.


Collapse -
Good post. Im addin a ?
by brink51 / April 27, 2006 4:35 PM PDT

Can a spam site log and WHOIS your IP address to get Email addresses.

My IP address now is on a proxy, but my old service provider wasnt and it seems like I had a lot of spam then.

Collapse -
Finding email through IP and
by tacticaltal / April 27, 2006 6:17 PM PDT

vice versa. I think it's generally frowned on here to post a question to another person's thread, but I'd like to see a reply to this one also. Thanks, Tech


Collapse -
Horray for this link --- BCC method
by zeebell / May 6, 2006 2:16 AM PDT

Tom's link mentions using the BCC method.

IF the world would use BCC when sending emails rather than CC:, it would certainly help the spam situation.

If I'm sending an email to several, I send it to myself and put EVERYONE else in the BCC. So easy!


Collapse -
They can still
by PudgyOne / May 6, 2006 3:02 AM PDT

They can still get your email address at the top of the page.

If you really must send the email to yourself, put you name and email address in the BCC section also

Hope this helps.


Collapse -
Regarding your mention of websites...
by Edward ODaniel / April 27, 2006 10:00 AM PDT
I have several websites; some have my email written out xxxx@yahoo.com, for instance

bots crawl sites "looking" for email addresses (normally key of the @ within a text string). One effective way to get around that is to simply make use of "special characters" in your html coding.

Replace the @ symbol with @
Replace the dots with .

The address will still render correctly.

Alternatively and even better is to encode the whole email address.
you@yourdomain.org becomes:
<a href="mailto:79%6F%75%40%79%6F%75%72%64%6F%6D%61%69%6E%2E%6F%72%67">click to email</a>
(can substitute a graphic showing the actual email address in place of the click to email if desired)

I am sure you can see how a bot could be devised to thwart even those measures but most will not take the time as there are too many addresses available on sites in the html pages to bother decoding.

You can either encode manually (the above email simply substitutes the hex numeric for the ascii code for the symbol) or even easier just go to this link and download the free automated encoder. It is designed to encode URLs but works for emails by replacing the http:// with mailto:
Collapse -
by tacticaltal / April 27, 2006 3:12 PM PDT

for the replies guys. I suspected posting my email into forumes was a bad thing. And thanks for the encoder link, Edward

Collapse -
I have several websites; some have my email written out xxxx
by sentientred / May 4, 2006 10:55 PM PDT

Many spamers try the same trick to attempt to hide their true email addresses. Replacing the @ symbol can cause even more trouble for your email. Most ISPs now days use some form of spam blocking. Replacing the @ symbol can create a situation where your email gets blocked. Spam blocking software can be set to check for a valid address. If that address does not match the address from the sending server a block can be put on it without you knowing it. You'll be sending emails that will never get to the desired location.

Collapse -
What a difference!
by mustangcp2 / May 5, 2006 12:26 AM PDT

I don't know the why's or wherefore's But upon getting sick of spam loading my spam inbox (AOL) I unsubscribed to all newsletters, except C-NET, all "send me info" from retailers, all "news" from hardware manufacturers etc. I now get only 1 or 2 spams daily often none. I don't know the connection but I am very happy with the results.

Collapse -
Fighting spam etc.
by SNS55 / May 5, 2006 2:11 AM PDT

I have a couple email accounts for business. For spam though I use two accounts. As described in another posting, I use one of the accounts for online signups. Also, if they ask for a phone number and I know its not really needed they will usually get the 123-456-7890 because I don't want to be bothered at night either. Why should I submit myself to unsoliciated phone calls too? Isn't spam enough? Mainly because you will get an error saying you didnt fill out all the spaces on the form.

I started using Spamcop a few months ago along with MailWasher Pro. This way the spam doesn't get into my inbox and spamcop takes care of it. A few extra steps for me, but peace of mind that someone is fighting against "spam" is a good feeling. Also if I don't get to the spamcop in alloted time,at least the email won't get to my inbox.

I do have Norton Spam Protection in my Outlook as well, for back up purposes.
Do I sound like I'm being over protective of my laptop? You bet. I don't enjoy recovering after a virus-worm invades my space.

Good luck in your protecting of your computer.

Collapse -
avoiding spam

A lot of spam is the result of registering for stuff. You have to enter a real email address for a reply. So, sign up for a free email account to use for your spam account on yahoo or msn or whoever. (Like I did for cnet) also, Also, sign up with a member name that reflects the source, like cnetspam, to track who's selling your email address to what site. Only give your real email address to a friends and business associates.

Collapse -
Easy work-around

Spam blockers, etc. are great and I use them, too. However, before I connect my mail software (Outlook), I first go to mail2web.com and delete anything that looks questionable. I can see the text version before any HTML is displayed, so there's no danger of active links. I can also see the mail as HTML or as the original source. Once I've 'cleaned' my accounts, I can open Outlook without fear. You can access mail2web.com free from any browser, anywhere, and there's no spyware, ads, or other problems.

Collapse -
another e-mail address encoder
by saltyjeff / May 5, 2006 11:53 AM PDT
In reply to: Easy work-around

I use the following free e-mail address encoder for every e-mail address I put on every site I design. It generates a big block of encrypted javascript that you paste into your HTML. It seems to work well; I don't get much spam anymore, though at times I've received some spam at e-mail addresses I'd forgotten to encode. Here's the link:

Collapse -
Nice javascript to prvent SPAM for web sites
by TigranJ / May 5, 2006 12:19 PM PDT
Collapse -
Blue Security will help you fight spam!
by mkdey / May 5, 2006 10:14 PM PDT
Collapse -
Blue Security
by SDphoto / May 6, 2006 12:42 AM PDT

Yep, I use Blue Security along with MailWasher pro and haven't been able to bounce spam to BlueFrog for a couple days now. They must have been doing their job for a spammer to attack THEM. I hope they come back soon.

Collapse -
There is a Blue Security FORUM .......
by Marianna Schmudlach / May 6, 2006 2:45 AM PDT
Collapse -
Blue Security problems
by SDphoto / May 6, 2006 4:05 AM PDT

Yes, they're back on line but asking no reports be entered yet since they're still having problems.

Collapse -
And another
by armedwithjello / May 6, 2006 12:01 PM PDT
Collapse -
delete your address book and print out your email address.

see titile! delete every thing sensative

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?