Almost everyone who has an e-mail account receives some undesired mail, be it 1 or 2 a week or hundreds every day, so one has to ask how our e-mail address is collected and how to avoid it. Although we can’t know for sure all the methods used by spammers, there are some common techniques which really work.

One of the most common ones is by browsing the web. Spammers send their computers to spider the web, that is navigate and follow links, retrieving the text in the pages and analyzing it looking for e-mail addresses. They usually only look for addresses which match the pattern user@server.tld, so if we write our address in some webpage, be it our personal website, in the comments section of another site or anywhere else, it’s easy some of this robots find it and we begin receiving undesired mail.

Another method is analyzing chain letters. These are usually full of working e-mail addresses, as they are send to all the addressbook and when forwarded these list is not deleted, filling it with more and more addresses as it is being forwarded.

Some time ago, Usenet News were a really popular service where people could read and send messages. These messages contain a header with the e-mail address of the sender, so spammers collected messages and analyzed them to get addresses. Nowadays, Usenet is not so used as before and the ones who use it are more knowledgeable, so I suspect these method is falling into oblivion, although it might be used by some spammers.

There have always been dishonest companies and some of them sell their databases to spammers, so depending on where we get registered we might be giving away our e-mail address to someone unknown. Depending on the country, there might be severe laws to prevent this, but it’s not always the case.

Another method is getting the address used when registering a domain. When you register a domain (like www.example.com) you have to provide three addresses (might be the same) which are lately made public so people can contact you about the domain. As it’s really easy to get them, spammers only have to get a list of domains and scan them for addresses.

Finally, one of the most used ones is just guessing or, we might say, bruteforcing. That is, try different addresses hoping they work. As it’s really cheap to send and e-mail they don’t lose almost anything for trying a really big number of addresses, even if most of them don’t work. You can find some examples of this in some of the spam received, when looking at the destination you find a lot of e-mail addresses very similar to yours.

There are other techniques not so widely in use, so these are the most important ones. From some of them we can protect ourselves, but there’s nothing we can do to protect from the other, so we have to simply trust other people to do it for us.