From Where Spammers Get You E-mail Ids

I know many of you always receive a special kinda e-mail with advertisements known as spam and you might be asking yourself from where a spammer might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.



Social Networking Sites:

If you are a social network animal then you might be knowing that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just wanna show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.



Online Applications:

If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.



Online Games And Contests:

Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot fundas of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.



Job/Technology/Career/Game Fairs:

You might have seen many people standing with some kinda forms in these kinda fairs to lure people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.



Online Forums:

Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.



Web Mail Extractors:

Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net,/@domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.



Improperly Configured or Unprotected Servers:

Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.



Knowingly or unknowingly we might have made many of above mistakes which has lead our e-mail ids open to spammers. To next section to this we'll learn how we can keep ourselves safe from getting spammed. Feel free to comment about what you think about above information. Thanks for visiting, have a nice time and keep visiting.
Getting Whois/Domain Information
As mentioned earlier reconnaissance/foot-printing is very first step in hacking. In involves gathering all potential information about target system that may help attacker plan and execute attack. It is not bluff that attacker spends 90% of his/her time for this phase only then uses his/her technical skills to find and exploit weakness in system according to his/her conclusion.
Even foot-printing/reconnaissance involves various things depending on type of victim you are planning to attack. In this post we'll discuss how you can extract information like domain name, domain name provider, owner of domain, his/her name, address telephone number etc..

Whenever we purchase a domain it must be registered, this registry of domain names and their owner is known as domain information database and it is shared over internet for other users to get information about whether a domain is available for them or not. This information is also known as whois information of a domain. Here you will learn how to extract this information from database stored over network. Following is list of websites and tools that can help you extract this information.

Sam Spade (tool)

Smart Whois (tool)

http://samspade.org

http://whois.domaintools.com/

http://robtex.com

You'll not require any skills to use these tools. They are very easy to operate as taking a lolly pop from a kid, what really difficult is to analyze the information you will be getting after using them. In Sam Spade type name of domain you want to get information for example www.google.com and press enter.

My next choice is Smart Whois which also works like Sam Spade but the fact is that usually all prefer Sam Spade, even I am not exception. When Sam Spade will fetch you results look on left side, there you'll find several options try them one by one and analyze the result it had fetched for you.

Next is using websites that can fetch you that result. As you can see I mentioned three online tools but before you read further I must tell you there are thousands of websites and tools that can fetch you whois information, the one that are mentioned here are my personal preferences. Type domain name in search box of http://robtex.com and press “Lucky” and in http://whois.domaintools.com type domain name in search box and press lookup.