They guessed it!
So, you did everything to keep your email address private, yet there it is: junk laughing right in your face from your inbox. Yes, possibly that was just a shot in the dark. Remember spammers don’t send out emails one by one like you and I do. They use software to automatize everything, from creating and organizing their mailing list, actually sending their spam, to even tracking who opens and responds to their garbage. The following is a piece of cake for any spammer:
Guessing Private Email Addresses
If your name is John Doe, your email address may be something like:
As you can see, it’s extremely easy to guess addresses like this. Spammers often simply use a list with popular first and last names and automatically add all possible combinations to their mailing list. And no, adding your birth year (firstname.lastname@example.org) won’t help much either. That “trick” is so common, many spammers just add numbers to their guesses as well.
So, especially if you have a common name, do yourself a favor and choose something a little more unique when you open your next account on Yahoo, Gmail or Hotmail. Use a middle initial, creative abbreviations (e.g. email@example.com) or something completely unrelated to your name. Unfortunately, if you belong to an organization that has an established pattern for assigning email addresses, there may be little you can do except ask your IT staff to change that policy. Which you should.
Remember though, just because some junk mailer had a lucky shot guessing your address, doesn’t mean he knows that. Keep it that way. If they never hear back, the spam may just stop. Until someone else guesses right again. Make sure remote images are turned off. Do not click any links to see what it’s all about. Do not click any Unsubscribe link. If you do, you’ll simply confirm that someone is receiving and opening messages at your address and the next piece of spam won’t be a guess anymore.
Guessing Corporate Email Addresses
This is especially interesting for webmasters – anyone who maintains their own domain. If you have a catch-all email address set up, you will soon see junk arriving at common business addresses that were guessed similar to the private addresses above. Here at bustspammers.com, I had to set up a filter for all these:
All of them, followed by @bustspammers.com, received a deluge of spam despite never being used for anything. So if you run your own business and you have these departments, then deal with customer inquiries over web forms, follow up with emails from employee accounts and reject all mail to those generic accounts (or send it to /dev/null if that means anything to you).
What About Wrong Guesses?
What about them? Nothing! It’s not like it costs anything to send another email. Or another 10,000 emails. So what, if most of them go to non-existing addresses? And since the From address is always faked, the bounces will not flood the spammers own computer, but some innocent victim whose email address had been used in the From field.