Why Am I Getting Spammed and How to Prevent It?
Spam is an ongoing issue that costs businesses and individuals billions of dollars in lost time and resources. Spam includes unsolicited commercial email (UCE) and other unwanted bulk emails.
This article covers the following:
- Why am I getting so much spam? ⤵
- How spammers get email addresses ⤵
- How to prevent spam ⤵
- Free spam filtering options ⤵
- Premium spam filtering and prevention options ⤵
- The nuclear option ⤵
- HostGator's stance on spam ⤵
Why am I getting so much spam?
The best way to stop spam is to prevent it from ever happening in the first place. To better understand what can be done about receiving spam, it is important to understand how spammers send mail and why they may target one specific address over another address. There are two primary ways that spammers choose which emails to send to:
- Dictionary Harvest Attack: A dictionary harvest attack is when spammers attempt to find valid email addresses by randomly sending mail to common mailbox names for a domain, such as email@example.com or firstname.lastname@example.org. You can minimize spam generated by ensuring that your email account names are unique and specific. Examples: email@example.com, firstname.lastname@example.org
- Email Harvesting: Email harvesting is when spammers use several techniques to find valid email addresses to send spam. Once an email has been harvested and identified as valid and responsive, the email address goes on a spam list. Spam lists may then be traded or sold in bulk, making the email address available to more and more spammers as time goes on.
Of these two methods, email harvesting is by far the more devastating. An email known to be active and vulnerable to attack may be traded and added to more lists, resulting in the delivery of thousands of spam messages. The best way to avoid receiving large quantities of spam is never to be placed on these lists in the first place. To do that, it is helpful to know what ways a spammer can harvest your email address.
How spammers get email addresses
Unfortunately, there are many ways spammers can harvest or find out about your email address(es). Once an email address is harvested, it will be added to common spam lists and traded or sold.
The following is a list of some of the ways spammers can get email addresses without you giving them to them directly:
- You provided your email address to a website, such as when you signed up or commented on a post. They gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through a security exploit.
- You signed up for a mailing list and forgot you signed up.
- You signed up for a mailing list, and they gave your email address (intentionally or unintentionally) to spammers.
- You sent an email to someone, and they forwarded it to someone else who harvested your email.
- Someone sent you an email also addressed to other recipients. They used TO or CC instead of BCC, making your email address visible to anyone who received the email (or whoever forwarded the email after that). Any of the recipients could have made your email available to spammers.
- You used your email on a discussion list, revealing your email address to other users. Any of the other users could have harvested your email address.
- Your email address is on your business card (or posted where people can find it), and someone decided to add you to their mailing list without your permission.
While you may not have given your address directly to spammers, making it available and public makes it vulnerable to them.
Other methods of harvesting email addresses
People often volunteer their email address unknowingly or leave it absentmindedly, available for a spammer to pick up. Spammers also have more aggressive and invasive techniques for gathering email addresses without you ever having posted them online:
- Your computer could have a virus or malware that records keystrokes (i.e., everything you type), sniffs packets (i.e., reads everything going over your internet connection), or directly reads active email accounts from popular email software.
- Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
- A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses.
- Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed.
- Your internet service provider (ISP) could gather emails and sell them.
- A hacker could have guessed or obtained hosting control panel login information and retrieved your email addresses.
- Spammers may use sophisticated techniques to identify when a spam message has been read. Looking at a spam message after it has been received may confirm that your email address is active.
And these are just some of the ways a spammer could get your email address.
There is no way to totally prevent spam, but here are some precautions that can be taken to reduce the likelihood of spammers getting your email address:
- Be careful with whom you give your email address. This includes websites and anyone you might email.
- Create and use disposable email addresses to sign up for websites or services you do not trust.
- Be sure not to open spam when you do receive it.
- Make sure your computer and computers on your network are virus and malware-free.
- Make sure your website is free of malware and security vulnerabilities. If you are using a third-party script or code on your site, this usually means running the latest secure version.
- Use secure passwords for your email and hosting account to prevent hackers from guessing and logging in.
- If your friends send you emails sent to an extensive recipient list, request that they use BCC instead of TO or CC so that other recipients cannot see your email address; or request they stop including you if you do not want to receive the emails.
- Do not list your email address on your website or anywhere the public can access it.
Using these precautions, you can significantly mitigate what spam you receive and prevent most spam from ever happening.
Unfortunately, once spammers figure out your email address, your options for preventing spam are limited. The first and most highly recommended option is to set up user-level filters to automatically route emails that are likely to be spam to the trash or to a folder where you can quickly check for legitimate mail routed there by mistake before bulk deleting the mail.
HostGator offers both user-level filtering and multiple automated tools that can assist in removing spam from your web hosting inbox. These options are included with every cPanel hosting package and are free to use. For information on how to configure and use these tools, please check the following articles:
In addition to server-side filtering, many third-party email clients, such as Outlook, have additional spam filtering built into their programs. Using one or a combination of these options can assist with cleaning out the spam that you receive.
Most email accounts that suffer from large quantities of spam do not have these tools configured and can significantly benefit from using these steps first.
Premium spam filtering and prevention options
A few premium options will help prevent and filter spam more efficiently and with less configuration and setup. The following premium services are recommended by HostGator:
- WHOIS Information & Domain Privacy - Spammers may use your WHOIS information for your domain to identify valid email addresses to which they may send spam. Purchasing WHOIS privacy protection can prevent spammers from gaining your email from publicly available information.
- What is Google Workspace (Formerly G Suite)? - Google offers tools to use your domain with a Gmail inbox, allowing you to take full advantage of their advanced pre-configured spam filtering tools.
The nuclear option
Suppose you have tried all other options and have reached the point where you are extremely dissatisfied with the experience of checking your mail every day. In that case, you may wish to consider deleting the email account and creating an email account with a different name. This option is extreme and not recommended due to the importance of having access to email addresses you have used to sign up for important services or contact information.
If, after attempting all of the previous options, you are still receiving unmanageable quantities of spam, you may reference the following article for how to remove an email account and create a new account using a different name:
Beyond the moral stand against spam, we also have a financial incentive to reduce spam on our network since spam takes up resources that cost money, such as bandwidth, disk space, and security administrators' time. The more spam passes through our system, the higher our costs. From a business standpoint, doing anything that increases spam makes no sense.
Even though you only gave your email address to HostGator and we do not disclose email addresses, spammers could still use the methods listed above to get your email address, all of which are out of our control.