What is Email Harvesting and Safety Tips

Dec 07, 2016 | 5:48 pm

Published by | Chandan Singh

what-is-email-harvesting-cyberops-infosec

Email harvesting is the process of obtaining a huge quantity of email addresses through various methods. The goal of harvesting email details is for use in bulk emailing or for spamming. The most common method of email collection is by using specialized harvesting software known as harvesting bots, or farmers.

Spammers harvests email addresses through various techniques, including:

  • From mailing lists
  • Posts into UseNet with email addresses
  • From various paper and Web forms
  • From Web pages
  • By hacking websites
  • Through the Ident daemon
  • By accessing the emails and address books in another user’s computer
  • From a Web browser
  • By buying lists from other spammers
  • From the Internet, relay chat and chat rooms
  • Through social engineering
  • From finger daemons
  • From domain contact points
  • From the previous owner of an email address
  • Using the method of guessing and cleaning
  • By accessing the same computer used by valid users
  • From white and yellow pages

The following techniques can be used to prevent email harvesting:

  • Website developers can use an email contact form on their website.
  • In the email address, changing the “@” sign into “at” and the “.” into “dot”
  • Users should enter a correct CAPTCHA before disclosing the email address.
  • Turning an email address into an image.
  • Spider trap is a part of a website built to combat email harvesting spiders. So you can use Spider Trap.
  • Using JavaScript email obfuscation. In the source code seen by the harvesters, the email address appears to be scrambled, encoded.
  • Using a CAN-SPAM notice enabling prosecution of spammers under the CAN-SPAM Act of 2003.
  • Monitoring the mail server time to time. This method implemented at the recipient email server. If someone wants to access then its rejects all email addresses as invalid from any sender specifying more than one invalid recipient address.