Posts filed under ‘Email’

How Spammers Steal Your Email Address

Ever wonder who’s scraping your email from a website for spamming?

Project Honey Pot is a project that aims to analyze email harvesters by setting up honeypots on hundreds of thousands of websites. They have some interesting findings about the geographical source of harvesting and processing, sending patterns of different types of spammers, and email list management behaviors.

Email harvesters can be categorized into two types, termed “hucksters” and “fraudsters”.

Hucksters have a longer delay between the time they harvest the email address to the time a spam is sent there. They have more sophisticated harvesting algorithms, generally send a large volume of spam, and their emails typically sell a product.

Fraudsters almost immediately send a spam email once they harvest the email address. They send a small number of messages to each email address, and their emails typically involve some sort of fraud (phishing, “advanced fee” fraud, etc.).

My thoughts are that Hucksters are a more organized group of spammers that as a group create email lists, send bulk email, and sell products for profit. Meanwhlie, the fraudsters are simply individual spammers looking to make a quick buck.

The geographical origin of harvesters and spammers breaks down as follows,


United States 32.1%
Romania 17.1%
China 12.3%
United Kingdom 8.6%
Japan 7.2%
France 6.9%
Spain 4.3%
Egypt 4.0%
Nigeria 3.7%
Canada 3.7%

United States 38.4%
China 14.9%
Korea 13.4%
France 7.6%
Brazil 6.3%
Japan 5.3%
Taiwan 4.0%
Spain 3.6%
United Kingdom 3.6%
Canada 2.7%

Note that there seems to be some sort of apparent “outsourcing”, since Romania is the #2 country for harvesting but doesn’t appear in the top 10 for spamming.

So what are the most effective ways to munge (obscure your email address from harvesters) your email on a website?

  • Putting the email address in an image
  • Using Javascript to render the address (harvesters are unlikely to execute Javascript)

For the latest Project Honey Pot statistics, click here.

Prince, M. B., Holloway, L., Langheinrich, E., Dahl, B. M., & Keller, A. M. (2005). Understanding How Spammers Steal Your E-Mail Address: An Analysis of the First Six Months of Data from Project Honey Pot. Proceedings from CEAS ’05: Conference on Email and Anti-Spam. [PDF]

September 2, 2006 at 1:05 am 9 comments

When Can I Expect an Email Response?

No new messages. Why is it taking so long? Did they receive it? Did it get put in the junk mail folder?

How long should you wait before emailing again? You don’t want to seem desperate…

Waiting for an email reply seems to be a common occurance in this day and age of email reliance. We look for contextual clues to why a response may be taking longer than usual, and decide when we should follow up the email.

A paper by Tyler & Tang looks at the the email-replying habits of a group of corporate users in this 2003 paper.

Here’s what they found:

  • Most users check their email “constantly”
  • Users would try to project a responsiveness image. For example, sending a short reply if a complete reply might take longer than usual, intentionally delaying a reply to make themselves seem busy, or planing out timing strategies for email with read receipts.
  • Users would look at shared calendars or other means to estimate how long they should expect a reply
  • If an email was urgent, users often used voicemail as a way to bring attention to their email
  • Emails were written differently, depending on how long of a delay was expected before a reply (especially if their recipients were in a faraway time zone
  • Users would try to reciprocate email behaviors — responding quickly to people who responded quickly to them, and lowering their responsiveness to people who responded slowly to them in the past

Based on past response times, users had a response expection threshold for other users, which was the amount of time in which they expected a response (most said 24 hours). There was also a later breakdown perception threshold — a time when they would follow up on the email by phone or with another, more urgent looking email.

Tyler, J. R. & Tang, J. C. (2003). When Can I Expect an Email Response? A Study of Rhythms in Email Usage. Proceedings from ECSCW ’03: European Conference on Computer-Supported Cooperative Work, 239- 258. [PDF]

August 29, 2006 at 1:11 am 86 comments


Read any good papers lately?

If you're interested in academic research, I'd love to have additional contributors. Shoot me an email.