Where did they get my e-mail address?
RIVER BENDER -
February, 2003Where on earth did spammers get my e-mail address? I just switched to a different Internet Service Provider and have a brand new address. For about three weeks I was spam-free after getting 20-30 ads each day to my old CoastalNet address then suddenly three ads appeared in the mail. I tried to find out where they got my new address but their reply address was invalid as usual. I didn't click "opt-out" at the bottom of the ads because I learned from past experience that in most cases it only confirms that your address is valid and ready to receive more spam.
I know now why I received so much spam at my old CoastalNet address and I took every precaution not to make the same mistakes again with my new address. Here are a few of the reasons that caused me to get lots of spam earlier:
Address Exposure: My old CoastalNet address dated back to 1995 so the longer you keep the same address the longer you are exposed to many ways that spammers harvest addresses. I'm convinced now that the only way you can get rid of old spammers is to change your address. Opting out doesn't work except perhaps with well known companies. I've received spam from places as far away as China and Russia.
USENET Newsgroups: A few years ago the number one source for harvesting e-mail addresses was Newsgroups where people posted messages and left their return address. I posted messages in the genealogy discussion groups so this is where my address probably was first picked up by spammers.
Downloading free stuff: There's a lot of free stuff on the net. I once asked for free coupons to be sent to my e-mail address. Web sites offering free stuff are sometimes fronts for companies harvesting e-mail addresses for spammers.
Harvesting addresses from Web Page: Today the primary source for harvesting e-mail addresses is web pages. Special software called spiders scan thousands of pages and search for the "@" character in e-mail addresses. Over the years I created numerous web pages and all of them had my e-mail address in the clear for someone to contact me. This is where hundreds of spammers got my address and spam got out of control. I no longer post my address on web pages unless it is "munged" with extra characters hopefully to make it invalid to a spider but not to a human.
So how did spammers get my new e-mail address so quickly? This is still a puzzle. If anybody knows the answer I hope they'll tell me. I can only guess what may have happened. A couple of things come to mind:
One thing I probably did wrong was picking a simple new address like "daveXXX" @always-online.com. Lists can be easily created by going through a list of all ISP domain names and adding first or last names from a U.S.Census web page to the domain names. I could even do this and then I'd send a test message to the list and prune out all the addresses that bounced as invalid. Perhaps I should have choosen tzxyu%&?@always-online.com instead of dave.
I'm hearing now that software has been developed to unmunge e-mail addresses. It shouldn't be too hard when harvesting addresses from web pages to delete "(nospam)" in addresses such as dave(nospam)@always-online.com because it's so common. That's why I used daveXXX@always-online.com to munge my address but I'm not so sure it's safe either.
It's hard to imagine why a company would go to so much trouble to find valid addresses when there's millions of e-mail addresses in the clear on web pages for commercial businesses, lawyers, doctors, etc. They don't munge their addresses because they probably want the public to contact them without complications. Spammers probably don't want them anyway and are looking for addresses of ordinary guys like me that will fall for their sales pitch.
Will Spam ever end? Some people are saying that antispam laws are the answer. I doubt it. There are no federal laws presently but a number of states have anti-spam laws, including NC (Senate bill 288). In a search for cases that have been won against spammers you'll find very few. Judges often throw them out as not being in their jurisdiction. In NC you can be awarded $10 per spam message. If spam I received came from the same address it might be worth pursuing but spammers keep changing their return address or faking it. I suppose the only solution to reduce spam is to change your e-mail address periodically or use http://www.mailwasher.net to delete it before downloading it to your PC.
See past articles at http://always-online.com/nbcug/dwindex.htm