Spam is an ongoing issue that costs businesses and individuals billions of dollars worth of lost time and resources. Spam includes unsolicited commercial email (UCE) and other unwanted bulk emails.
In this article, we cover:
- How do I prevent spam?
- How do I stop the spam?
- How did they get my email address?
- But I only gave my email address to Bluehost
There is no way to prevent spam, but here are some things you can do to reduce the likelihood of spammers getting your email address:
- Be careful to whom you give your email address. This includes websites and anyone you might email.
- Make sure your computer and computers on your network are viruses and malware-free.
- Make sure your website is free of malware and security vulnerabilities. If you are using a third-party script or code on your site, this usually means running the latest secure version.
- Use secure passwords for your email and hosting account to prevent hackers from guessing and logging in.
- If your friends send you emails to an extensive recipient list, request that they use BCC instead of TO or CC so that other recipients cannot see your email address. Or request they stop including you if you do not want to receive it.
- Don't list your email address on your website or anywhere the public can access it.
- If you are using a contact form on your site, you should use Captcha to help you and your visitors from spam and other types of automated abuse.
Unfortunately, once spammers figure out your email address, it is hard to prevent them from sending you spam. However, there are many options for filtering your email to reduce the spam that reaches your inbox.
Bluehost has tools like Spam Assassin to help assist you in filtering our spam. Many email clients, such as Outlook, have additional spam filtering built-in.
Unfortunately, there are many ways spammers can harvest (or find out about) your email address(es) and then send spam to you.
Here are some of the ways they can get your email address without you giving it to them directly:
- If you are not utilizing WHOIS Privacy Protection, then spammers can harvest your WHOIS contact information.
- Your computer could have a virus or malware on it that records keystrokes (i.e., everything you type) or sniffs packets (i.e., reads everything going over your internet connection). They would be able to obtain your email addresses, passwords, and other confidential information this way.
- Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
- A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses.
- Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed, which would allow someone to collect email addresses and any information passing through the server. Emails are typically relayed through several companies' servers before arriving at their destination. This is similar to how physical postal mail would be relayed between more than one mail carrier until it reached you.
- Your Internet Server Provider (ISP) could be gathering emails and selling them. Unlikely at reputable ISPs, but it has been known to occur.
- You have an easy-to-guess email address. Some spammers simply try to guess valid email addresses (by prefixing common names and common addresses to your domain name). Some spammers have a huge database of prefixes and domain names they will try, including not-so-common names.
- A hacker could have guessed or obtained hosting control panel login information and retrieved your email addresses that way.
Additionally, spammers can find out your email address in other ways:
- You provided your email address to a website (such as when you signed up or commented on a post), and they gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through security exploitation.
- You signed up for a mailing list and forgot you signed up.
- You signed up for a mailing list, and they gave your email address (intentionally or unintentionally) to spammers.
- You sent an email to someone, and they forwarded it to someone else who harvested your email.
- Someone sent you an email also addressed to other recipients. They used TO or CC instead of BCC, making your email address visible to anyone who received the email (or who has forwarded the email after that). Any of the recipients could have made your email available to spammers.
- You used your email on a discussion list that reveals your email address to other users. Any of the other users could have harvested your email address.
- Your email address is on your business card (or posted elsewhere people can find), and someone decided to add you to their mailing list without your permission.
And these are just some of the ways a spammer could get your email address.
We, at Bluehost, can assure you that we aren't giving away email addresses, selling them, or disclosing them in any shape or form. It would make absolutely no sense from a financial standpoint to do this, nor would we ever allow this morally.
We value our customer's security and privacy, and we hate spam as much as you do.
Beyond the moral stand we have against spam, we also have a financial incentive to reduce spam on our network since spam takes up resources that cost money, such as bandwidth, disk space, and security administrators' time. The more spam is passing through our system, the higher our costs. From a business standpoint, doing anything that increases spam makes no sense.
Even though you only gave your email address to Bluehost and we do not disclose email addresses, spammers could still use methods 1-t above to get your email address, all of which are out of our control.