> Recently, there was an incident on this list where someone asked people
> to take a survey. Alan threw her off the list, replying that the people
> on this list "are not here to be used." I did not know what he meant at
> first, until he stated later that this was one way people get e-mail
> addresses for spam. I'm not going to pass judgment as to whether the
> woman was trying to do that. However, I would like to know of other
> ways that someone might obtain your e-mail address for unsolicited
> commercial purposes.
Harvesting addresses from USENET is an old standby. Names are not
only harvested from the address fields, but also from the body of the
message itself.
Many list servers will (still) allow lists of members to be sent on
request. Smart list owners are now either preventing access to the
member list altogether or only allow access to members.
Unfortunately, some spammers will temporarily join a list just to get
the list subscriber names, then unsubscribe. A spammer could also
send a message to an e-mail list and either by setting a "confirm
delivery" flag or by using some esoteric e-mail tricks, can get
returns from list members. If your ISP or network admistrator allows
delivery confirmations, try to get this "feature" turned off.
Another source is retailers who sell or share info with others. And
note that even if a seller has a privacy statement that says that
they will not share their data, that statement has no meaning when a
seller goes out of business and ends up selling their customer lists
off as part of the assets.
But most spammers buy CDs full of e-mail addresses, usually for a few
dozens of bucks. Which means that once you get on the list, the only
sure way to get rid of all that e-mail is to "move."
> Some ways are obvious, but some are not. For instance, last semester,
> my physics professor had a website for the class where you could look up
> homework assignments, labs, answers to previous tests, etc. He also
> provided a list of e-mail addresses of the students in the class so that
> if you had a question about an assignment, you could e-mail another
> student. He was well aware in advance of some students concerns about
> this list. One of them was that someone could find the list using a
> program that searches the web for e-mail addresses, and then send spam
> to the addresses. However, the professor decided that good aspects of
> the list outweighed the bad, and as far as I know, there were no bad
> incidents involving the list. However, I did not realize that there
> were programs that search the web for lists of e-mail addresses.
That's about the second most popular way to harvest addresses.
Spiders crawl the web looking for e-mail addresses. Some web site
owners set up traps that feed the harvesters thousands of bogus e-
mail addresses. Unfortunately, since most spammers forge their reply
addresses, there's no flood of returned e-mail, thus not much cost in
sending out to a few hundred thousand bogus addresses.
The only way that the professor could have prevented a harvester from
getting the class members' e-mail addresses was to put them on a page
that was linked to no other pages (so a spider couldn't find them)
and then give the students in the class the URL of the page.
Hope that helps. There are a number of web sites out there dedicated
to the subject of SPAM. Yum!
