Close this search box.

Top 5 Ways Spammers Get Your Email Address and What to Do About It

Contributed by Joel Slatis, president of

Regardless of whether you ever showed an interest in the topic and regardless of whether you even use your email address, spam will almost certainly find its way in. Most of the spam you get is irrelevant to you but so is most of the advertising you see each day. And that’s just what it is – advertising.

With traditional advertising methods, companies buy space from somewhere to promote their goods and services – when “advertising” via email, spammers get email addresses in all sorts of slimy ways.

Methods of Obtaining Email Addresses

Taken from your web site

Spammers have the ability to write software that simply reads websites, looking for email addresses. When it finds one, it just adds it to its list and moves on to the next web site. These robotic scanners, called ‘bots’, can read thousands of web sites a day and compile a huge list of email addresses. Don’t list your email address on your web site if you don’t need to. If you must, use a generic address you can filter or change from time to time or list it in such a way that makes it harder for the spammer. Type it out in a way the computer won’t recognize like this:  Joel at Joelsdomain dot com.

Accidental use of CC instead of BCC

There’s not much you can do about this one and it only happens rarely, but sometimes email senders forget to send out emails BCC. This means that anyone can see all the addresses that the email was sent to. It’s possible that someone might pull that list and use it.

Companies sell or leak your data

Here’s another situation that’s difficult to avoid. In this case, you give your email address to a trusted company and it gets stolen or sold from there. Rest assured this will never happen on our website! We don’t sell addresses. It’s illegal and immoral.

Spammers make them up

Since sending emails is basically free if you have access to the right tools and software, spammers will compile a list of domain names and then send spam to common names at that domain name. For instance, they might send email to [email protected], [email protected] and tens of thousands of other common names and combinations of names and numbers. Since emailing is free, it doesn’t cost anything to carpet-bomb domain names with spam, hoping to hit a few actual addresses.

Phishing (pronounced ‘fishing’)

Spammers might create a fake service or fake newsletter just to trick you into willingly entering your information. Some phishing techniques can be very sophisticated with spammers impersonating banks, government agencies, friends from Facebook, or other supposedly trusted sources.

Outsmart the Spammers

As a domain name owner, I’m able to create a unique email address for myself whenever I want. So when I sign up for a service, often times I’ll use a unique email address for that service so I’ll know if its ever compromised. For example, suppose I own the domain name Then I register for an account with twitter. I might use the email address [email protected]. Now, if I ever get spammed by someone sending email to [email protected], I’ll know that somehow my email address was leaked by someone with access to twitter’s database. Using this method I’ve personally seen leaks by companies like Microsoft, RingCentral, PayPal and others. Spammers can get your email address from even the largest, and supposedly most secure of vendors!

  • Use difficult to guess email addresses. [email protected] is a lot easier to figure out than [email protected].
  • Be careful where you enter your email address online. Be sure it is a reputable company and not just a page that sits and waits for unsuspecting victims.

20 Responses

  1. well i blocked them and i sweep them but it continuously get them so if blocked and sweep from getting them it should not come back because to me its major harassment
    But thank you but it really dont help

  2. I recently started tracking using different names for every single company. For instance, for paypal I would use an example like joepaypal@hotmail, etc. it wasn’t long before I realized the worst offenders were my insurance company and a jobs website. When I catch them now, I ditch my business relationship with that company and delete the email. Great article.

  3. And OMG what’s with all the spam porn? I get hundreds of them daily. What could spammers possibly get from that nonsense?! It was a Dollar General that sold (?) my address and many others. I’ve figured out how to make phone scammers block ME, but puzzled as to how to stop the email a$$#0l€$. You have given me some great info tho!!!

  4. But u gotta admit….some spam emails are downright hilarious! I cna’t believe some people fall for them, they’re so outrageous…, if your father REALLY was king of zimbabwe and he REALLY was dying and leaving you a 15 billion quid inheritance and you REALLY couldn’t trust anyone in the palace… do you find it advisable to go tell a complete stranger?!

  5. For some people, using several or even dozens of personal emails is a matter of importance and real need. For example, Internet marketers or SEO promoters need to register their client websites or companies in various services, platforms, social networks etc. Giving out your only personal email in this situation is crazy – you will have NOTHING BUT SPAM coming to your box. With hundreds of places, websites and services where you leave your email address, it is impossible to know which of them is selling emails away.

  6. I use the outsmart the spammers technique mentioned in the article and recently started receiving spam for the following addresses: CRN, Digitalevents, Cioinsight, Fotonauts, Baseline and Prnews.

    i started receiving them all at the same time and the spam comes in waves with identical messages sent to all of them. I now get 5-10 waves a day to the same group of addresses.

    Looks like the spammer got access to all of these at the same time.?! Are all these sites owned by the same company and there was a breach or were they all sold?

  7. It does look like one of the companies that does managed email (like MailChimp, but I do not think it is them, in fact I am fairly certain it is not) is selling addresses to spammers. In my case, I am seeing spam directed at addresses created for Microsoft, Nintendo, a bank, a stored-value transportation card company, an airline, a State Government agency, and a variety of smaller vendors. At first I thought I must have had my system compromised but it is the same set of 35 addresses (out of a total of 246) being used over and over again. My primary email address, which has never been supplied to a vendor, is never hit.

    This is one more reason businesses should not outsource their email transmission – they are compromising their customers’ privacy by doing so.

  8. Absolutely agreed, but just wonder: I have an e-Mail address I have never used in communication and my PC seems Virus free. I am at a loss how the spammer got hold of that address (it is for my 5 ear old daughter). The only place I put it, is with Microsoft family service…
    I am also using a similar technique like you describe to sign up to every website with a unique address.
    I have received spam mail via the unique addresses I used for the following companies, some of which you would think are secure:
    Securvita (My Germany Health Service provider)
    Interactive brokers (Share trading!)
    Bauma (Munic trade fair)
    Libre Office forums
    and more which I just can’t remember right now…

  9. The best way is to not use your personal email on the same PC where you use for browsing or registering for sites. Use some junk email address that where all your garbage goes to.

  10. My Hotmail account is constantly flooded with spam and disgusting offers like you won? Or my dearest I have decided to make you the beneficiary? Why? when I don’t even know you? Or offers from US when I don’t even live in US? But most outrageous thing is how do they even got my that email? Because I never use that email to browse anything on the net. And as tempted I might be but I never reply to such scammer email .We come so far in technology so why can’t we have something to stop such low life that suck your blood? .

  11. I like you have my own domain and give nearly every vendor a different email address. I have had a barrage of identical Threatening emails but they has been sent to multiple of my email addresses, some I have not used in years. I don’t know if they collect email addresses going back years and then barrage a particular domain, but it is a little unnerving when they send six or eight emails at one time all to different of my email addresses again some very old. Their threats are empty but it is crazy that they have so many of my email addresses, some not used in over five years

    Has anybody seen this pattern? Where are they getting these old emails?

Leave a Reply

Your email address will not be published. Required fields are marked *

News & Tips for Small Business Owners, Employees, and Accounting Professionals


We Help Thousands of Employers Manage Time, Time Off, and Expenses is trusted by small businesses everywhere as a recognized industry leader