How Spammers Steal Your Email Address

September 2, 2006 at 1:05 am 9 comments

Ever wonder who’s scraping your email from a website for spamming?

Project Honey Pot is a project that aims to analyze email harvesters by setting up honeypots on hundreds of thousands of websites. They have some interesting findings about the geographical source of harvesting and processing, sending patterns of different types of spammers, and email list management behaviors.

Email harvesters can be categorized into two types, termed “hucksters” and “fraudsters”.

Hucksters have a longer delay between the time they harvest the email address to the time a spam is sent there. They have more sophisticated harvesting algorithms, generally send a large volume of spam, and their emails typically sell a product.

Fraudsters almost immediately send a spam email once they harvest the email address. They send a small number of messages to each email address, and their emails typically involve some sort of fraud (phishing, “advanced fee” fraud, etc.).

My thoughts are that Hucksters are a more organized group of spammers that as a group create email lists, send bulk email, and sell products for profit. Meanwhlie, the fraudsters are simply individual spammers looking to make a quick buck.

The geographical origin of harvesters and spammers breaks down as follows,


United States 32.1%
Romania 17.1%
China 12.3%
United Kingdom 8.6%
Japan 7.2%
France 6.9%
Spain 4.3%
Egypt 4.0%
Nigeria 3.7%
Canada 3.7%

United States 38.4%
China 14.9%
Korea 13.4%
France 7.6%
Brazil 6.3%
Japan 5.3%
Taiwan 4.0%
Spain 3.6%
United Kingdom 3.6%
Canada 2.7%

Note that there seems to be some sort of apparent “outsourcing”, since Romania is the #2 country for harvesting but doesn’t appear in the top 10 for spamming.

So what are the most effective ways to munge (obscure your email address from harvesters) your email on a website?

  • Putting the email address in an image
  • Using Javascript to render the address (harvesters are unlikely to execute Javascript)

For the latest Project Honey Pot statistics, click here.

Prince, M. B., Holloway, L., Langheinrich, E., Dahl, B. M., & Keller, A. M. (2005). Understanding How Spammers Steal Your E-Mail Address: An Analysis of the First Six Months of Data from Project Honey Pot. Proceedings from CEAS ’05: Conference on Email and Anti-Spam. [PDF]

Entry filed under: Email, Internet, Spam.

What is the sound of thousands of people chatting on the Internet? Why beautiful people are more intelligent

9 Comments Add your own

  • 1. Mr Cuzac  |  September 21, 2006 at 9:23 am

    Good Info. Thanks for the post!!!
    – Mr Cuzac

  • 2. Sarven Capadisli  |  September 29, 2006 at 10:50 pm

    I haved compiled an article which demonstrates different methods to hide an email address on a website.

    There are different ways to hide your email from harvesters and spammers in your frontend code, and each of them have their pros and cons. The best method is basically dependent on the type of audience you have and/or the target audience you would like to make your email available to.

    Hope this helps. :)

  • 3. dcdevine  |  November 22, 2006 at 11:04 pm

    Look… I have filled in a comments form!

    If I can do this, then I can send an email using a form.

    If the form is third party, then I am in control of where it is forwarded to.

    I used a free service for this for years, then I used java script. I switched to an intermediate spam-catching address series before finally just giving up and putting the whole site on — the theme template I use (Blix) has a form.

    I am letting WordPress protect my real e-mail address

  • 4. Gordon  |  November 29, 2006 at 5:19 pm

    We need the death penalty for serious spamers. Probably wouldn’t have to kill more than one or two to dramatically reduce spam. But then it would just all com e from places like Romania. They say the young don’t use e-mail… They use instant messages. I think it is because spam has ruined e-mail.

  • 5. Fraudster  |  December 27, 2009 at 7:18 am

    Great article! I may link to this from my fraud info blog. Thanks again!

  • 6. Attitude Seeds  |  September 11, 2010 at 9:58 pm

    The only thing I dislike more than spammers is scammers. You can have my email but don’t take my money.

  • 7. imgur  |  October 5, 2014 at 11:33 am

    In addition Arizona Information Center views machine rack extras which will boost cooling
    down, including lovers, housing blowers, and also tray ac units.

    You will also need to delegate your domain name to the hosting
    space, details on this are provided by your hosting provider.

    You can be diligent about protecting your website but someone else on the same server might not be.

  • 8. hosting  |  May 11, 2015 at 9:32 am


    How Spammers Steal Your Email Address | Tasty Research

  • 9. social media  |  December 5, 2015 at 12:35 pm

    Enter the system BIOS and choose to boot from the optical disc drive.
    Many times users of Word – Press when experience any security issue or threat tend to blame Word – Press for
    security lags and often think that Word – Press core is not safe
    and secure. File sharing programs can sometimes download porn to your computer without your


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Read any good papers lately?

If you're interested in academic research, I'd love to have additional contributors. Shoot me an email.


%d bloggers like this: