How do spammers get people's email addresses ?

(Extracted from Newsgroups: alt.stop.spamming,alt.privacy,news.admin.net-abuse.email,alt.answers,news.answers URL: http://www.private.org.il/harvest.html )

Summary: This is a long list of the many ways spammers collect E-mail addresses. The main purpose of this list is to make people aware of spammers' harvesting techniques as a first step toward protecting themselves.

There are many ways in which spammers can get your email address.

1. From posts to UseNet with your email address. Spammers regularily scan UseNet for email address, using ready made programs designed to do so.

2. From mailing lists.

Spammers regularily attempt to get the lists of subscribers to mailing lists. However, mail servers can be configured to refuse such requests.

3. From web pages.

Spammers have programs which spider through web pages, looking for email addresses, e.g. those you can click on and get a mail window opened.

4. From various web and paper forms.

Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others.

5. From Chat rooms.

Some Chat clients will give a user's email address to anyone who cares to ask it. This is a major source of email addresses for spammers, especially as this is one of the first public activities newbies join, making it easy for spammers to harvest 'fresh' addresses of people who might have very little experience dealing with spam. AOL chat rooms are the most popular of those - according to reports there's a utility that can get the screen names of participants in AOL chat rooms. The utility is reported to be specialized for AOL due to two main reasons - AOL makes the list of the actively participating users' screen names available and AOL users are considered prime targets by spammers due to the reputation of AOL as being the ISP of choice by newbies.

6. AOL profiles.

Spammers harvest AOL names from user profiles lists, as it allows them to 'target' their mailing lists. Also, AOL has a name being the choice ISP of newbies, who might not know how to recognize scams or know how to handle spam.

7. From white & yellow pages.

There are various sites that serve as white pages, sometimes named people finders web sites. Yellow pages now have an email directory on the web. Those white/yellow pages contain addresses from various sources, e.g. from UseNet, but sometimes your E-mail address will be registered for you. Example - HotMail will add E-mail addresses to BigFoot by default, making new addresses available to the public. Spammers go through those directories in order to get email addresses. Most directories prohibit email address harvesting by spammers, but as those databases have a large databases of email addresses + names, it's a tempting target for spammers.

8. Using social engineering.

This method means the spammer uses a hoax to convince people into giving him valid E-mail addresses. A good example is Richard Douche's "Free CD's" chain letter. The letter promises a free CD for every person to whom the letter is forwarded to as long as it is CC'ed to Richard. Richard claimed to be associated with Amazon and Music blvd, among other companies, who authorized him to make this offer. Yet he supplied no references to web pages and used a free E-mail address. All Richard wanted was to get people to send him valid E-mail addresses in order to build a list of addresses to spam and/or sell.

9. There is a trade in lists of email addresses - people harvest email addresses and then buy, sell, and trade those lists. Some even sell those lists on CD-ROMs. Such lists are many times long lasting, leading to multiple spams from various sources to be sent to the email address. --------------------------------------------------------------------
Resources:

1. Julian Haight's Spam Cop page. http://spamcop.net/fom-serve/cache/125.html

2. Penn's Page of Spam. http://home.att.net/~penn/spam.htm

3. FTC Consumer Alert - FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm --