Frequently Asked Question
Where is all this SPAM coming from and how do they get my email address?
Last Updated 8 years ago
I don't think anyone is a stranger to spam and yet some people get substantially more than others and here's why. There are 5 main sources Spammers will use to collect your email address:
Virus Infection: There are a good number of virii that once infected collect both the address book and the whitelist (all the email addresses received and sent) usually from outlook because outlook doesn't protect any of this information. Once harvested the list is sent back to a server somewhere that will process it and add to spammers lists. The more advanced virii will leverage outlook to send email's to all the contacts with a copy of itself in order to harvest more emails. A good business grade antivirus will protect from this, and if *everyone* had this then we could close off this route but it only takes one compromise to havest addresses for everyone that computer has ever sent to or received from.
Web Scraping: I know it sounds unbelieveable, but some people still put their email address on their website, either directly in the page content, or 'hidden' in a contact form. Spiders can scrape this information and collect these addresses.
Server Hacking: Its not unusual for servers to be hacked, and there have been some notable ones recently such as TalkTalk, Yahoo, etc, but any website or business that you've ever disclosed your email address to is a risk and many of them don't even know they've been hacked, exposing all their customers details. We protect our customers through extensive distributed databases and encryption but failing that we further use 'seeding' of our customer, registrant and vendor data so that in the event of any data breach we'll be able to tell which system was affected.
Trial and Error: It may seem obvious but some smaller companies still use just their first name as their email addres, e.g. fred@bloggs.com or joe@soap.com. Whilst this might seem easier, it makes it very easy for spammers to figure out which addresses are valid by sending email's to amelia@ alfie@ ava@ archie@ alexander@ right the way down to zubair@ and zuzanna@ and the mail server will respond with an error for those addresses that don't exist, and begin to accept a message for those that do. GEN couteract this by (a) rate limiting and recognising such fishing attacks, and (b) accepting all messages regardless of validity.
Domain Names: It might seem rediculous to you and I but the domain name registrars require you to give a valid email address and phone numbers, and then go on to offer to 'hide' it for an extra charge. GEN protect its customers by using a premium rate number and the special hostmaster address for our customers domains, and the hostmaster address has some special filtering on it that allows *only* expected automation messages and deletes everthing else. As we use this special email address only for domains, we can see that the 12k email it receives daily (at least check) are solely from domain info harvesting.
There are other more obscure methods including phishing (setting up a website to look like a bank or institution you would use and then directing you there from an email) but these account for a very small percentage of email address harvesting.
Once your email address has been harvested from somewhere its then bought and sold over and over to spammers worldwide and its almost never removed. We have seed accounts going back to 2008 that are still getting hits from spammers.
Virus Infection: There are a good number of virii that once infected collect both the address book and the whitelist (all the email addresses received and sent) usually from outlook because outlook doesn't protect any of this information. Once harvested the list is sent back to a server somewhere that will process it and add to spammers lists. The more advanced virii will leverage outlook to send email's to all the contacts with a copy of itself in order to harvest more emails. A good business grade antivirus will protect from this, and if *everyone* had this then we could close off this route but it only takes one compromise to havest addresses for everyone that computer has ever sent to or received from.
Web Scraping: I know it sounds unbelieveable, but some people still put their email address on their website, either directly in the page content, or 'hidden' in a contact form. Spiders can scrape this information and collect these addresses.
Server Hacking: Its not unusual for servers to be hacked, and there have been some notable ones recently such as TalkTalk, Yahoo, etc, but any website or business that you've ever disclosed your email address to is a risk and many of them don't even know they've been hacked, exposing all their customers details. We protect our customers through extensive distributed databases and encryption but failing that we further use 'seeding' of our customer, registrant and vendor data so that in the event of any data breach we'll be able to tell which system was affected.
Trial and Error: It may seem obvious but some smaller companies still use just their first name as their email addres, e.g. fred@bloggs.com or joe@soap.com. Whilst this might seem easier, it makes it very easy for spammers to figure out which addresses are valid by sending email's to amelia@ alfie@ ava@ archie@ alexander@ right the way down to zubair@ and zuzanna@ and the mail server will respond with an error for those addresses that don't exist, and begin to accept a message for those that do. GEN couteract this by (a) rate limiting and recognising such fishing attacks, and (b) accepting all messages regardless of validity.
Domain Names: It might seem rediculous to you and I but the domain name registrars require you to give a valid email address and phone numbers, and then go on to offer to 'hide' it for an extra charge. GEN protect its customers by using a premium rate number and the special hostmaster address for our customers domains, and the hostmaster address has some special filtering on it that allows *only* expected automation messages and deletes everthing else. As we use this special email address only for domains, we can see that the 12k email it receives daily (at least check) are solely from domain info harvesting.
There are other more obscure methods including phishing (setting up a website to look like a bank or institution you would use and then directing you there from an email) but these account for a very small percentage of email address harvesting.
Once your email address has been harvested from somewhere its then bought and sold over and over to spammers worldwide and its almost never removed. We have seed accounts going back to 2008 that are still getting hits from spammers.