Everyone, at one time or another, has received the online version of unsolicited mail – spam. Whenever there was a quirk in your defense systems – firewalls, antivirus, incompetent ISPs etc. – you may have even have had to deal with an inbox that was inundated with messages for anything from cheap purses to subscription-free Viagra.
In short, they are annoying.
But, have you ever wondered how spammers get their hands on domain names? How they get a hold of your email address and sometimes are so persistent they can make it pass your utmost efforts at blocking them? You surely have wondered how you could just make it all stop, right?
Well, in this article we will look at all these questions and try to answer them.
The first question to be answered is if spammers pay for their domains: not if they can help it. If they have to pay for a domain name they usually go for bulletproof hosting providers (the type that have lenient rules about how their clients use the domain they buy from them – for a premium price) because no one will have them once they start with their “spammy” ways.
Another way they would do it would be by “hijacking” computers around the world (usually with the help of malware) and using them to send out their spam emails for them.
Moving on, the most common way spammers get hold of your email address is via compromised databases. Despite every measure to prevent them from happening, breaches are quiet common occurrences in the tech world. Even the biggest companies (think Microsoft, Google, Facebook and LinkedIn), have had to face a hack or two over the past few years. If you had signed up for any one of their services, which you most likely have, chances are you may have also had your email addresses stolen.
Similarly, if the spammers manage to get control of a series of individual computers, they may use the owners’ address books as sources of email addresses.
Once they get their hands on the addresses, it’s on to stuffing your email boxes.
Another way of getting email addresses is using “brute force”. This is how it works: spammers create a list of all possible combinations of words and numbers they can and combine them with the most popular email domain names. For example, they might start with “a”, “aa”, “ab”… and add those to email domains like “@google.com” or “@yahoo.com” to come up with a complete email address. They can even use “dictionaries” of the most common names and words. If you have ever received spam addressed to aaron@something.com and abraham@something.com – it usually means the spammers were simply shooting in the dark trying to hit something. Although these methods don’t guarantee much success, and look like much work, they are surprisingly effective.
And, how do they make sure they hit something? Well, there’s usually a link included in the body of the message asking you take action – even if it is to “unsubscribe” from receiving any more emails. Once you click on that link, instead of getting off their list, your account is marked as active and for them it’s a big success.
A fourth way of getting hold of your email address is by scraping the internet. Although it is less common now, there was a time (long ago) when it was quiet OK to have email addresses show in plain sight. It was then software that could harvest email addresses from websites and spammers took full advantage of them.
Next, there is the direct approach: they simply ask you for your email address or set up fake websites that promise to deliver a service while all they do is accept your email address and send you spam in return.
Finally, there is your “whois” information which provides anyone with the contact information of the people responsible for its administration, technical handling and billing. This information is generally made available by domain registrar sites, unfortunately for you, and spammers make sure they take full advantage of this free offering.
Now that we have seen some of the more common ways spammers get hold of your email addresses for free, let’s see what you can do to prevent becoming a spamming victim.
- Keep your antivirus and antimalware software updated.
- Do not leave your email where anyone can see it.
- Do not sign up for services you do not really need. If you do, and are not sure about the authenticity of the website offering the service, create a new email address just for that purpose.
- Do not click on links, at least not blindly. You can find out where the URL leads to by simply hovering your mouse pointer over the link. If you don’t recognize it, ignore it.
- When you identify spam mail in your inbox do two things: report it to your email provider and create a rule that will automatically move emails from the sender into your “spam” or “deleted” folder.
- When you buy a domain name opt for the domain privacy protection. Anyone looking at your whois information will only find details of your domain provider’s address.
- Do not buy domains from sub-standard vendors. Buying one from a two-man operation could be result in more headaches than you would care for.
If after all the precautions you still find spam in your inbox, don’t take it too personally, some things just refuse to die – even after nuclear winters.