Email harvesting is the process of obtaining email addresses from different sources to send unauthorised or illegal bulk emails.
Techniques for Email Harvesting
The most commonly used method for email harvesting includes:
Mailing List Purchase
When a spammer buys an extensive list of email addresses from another, he can use it for his fraudulent activities and continue to resell it to other spammers. Once your email address falls into the hands of spammers, it will continue to travel from one spammer to another.
Usage of Software or Bots
There are bots called harvesters that can scrape a website code to find hidden email addresses.
Website Hacking
This is also a very common method for harvesting emails; it involves finding a website most likely to have many email addresses and hacking its database to harvest them. An example of such a website is an e-commerce website; scammers can also access credit card details when they hack such sites.
Tempting With Freebie
Spammers sometimes offer free things online, such as e-books, cash prizes, and so on. To get these freebies, you must enter your email address, and 99% of the time, you will get nothing. They may also ask you to share it so others can register before you get the free offer. Spammers use these email addresses for email harvesting.
Dictionary Attack
This is also another effective method of harvesting emails. It involves trying different email addresses randomly until they find one that matches a valid email address.
Other methods of email harvesting include getting emails from:
- Web pages.
- Domain contact points.
- Posts into UseNet with email addresses.
- Web browsers.
- Mailing lists.
- Finger daemons.
- Various paper and Web forms.
- Ident daemon.
- Forums.
- White and Yellow Pages.
- Internet relay chat and chat rooms.
- The previous owner of an email address.
- Social Engineering.
- Accessing the same computer used by valid users.
- Accessing the emails and address books in another user’s computer.
How to Prevent Email Harvesting
- Using an email contact form.
- Email address munging by changing the the “.” into “dot” and the ”@” sign into “at.”
- Using a CAPTCHA to verify users before divulging the email address.
- Turning an email address into an image.
- Monitoring the mail server – The recipient server can do this by rejecting email addresses from senders specifying more than one invalid recipient address.
- Using JavaScript email obfuscation – This will make the harvesters see the source code of the email address as a scrambled or encoded text.