How Do Spammers and Online Stalkers Find Me?

Spammers, those who send unsolicited "junk" electronic mail (E-mail) to promote products or services, are not looking for you-they are looking for a million of you. Their goal is to contact as many people online as possible so that they can generate as many responses as possible.

Children are especially at risk because they are less likely to watch their "CyberSteps" and more likely to communicate in chatrooms and with unknown individuals.

Spammers can find you in many ways including

  • Member profiles and online white and yellow pages. There are various web sites that allow users to create profiles and search for members with similar profiles. Spammers use these sites to collect E-mails according to interests. Other sites serve as people or business-finder web sites. Those white and yellow pages contain addresses from various sources that often share contacts. For example one service provider will add E-mail addresses to a major E-mail address search engine by default, making new addresses available to the public.

  • Chatrooms: Spammers harvest names from chatrooms, as it allows them to "target" their mailing lists.

  • Web pages: Spammers have programs that "spider" through web pages looking for E-mail addresses.

  • Web, E-mail, and paper forms: Some sites request various details via forms (e.g., guest books and registration forms). Spammers can get E-mail addresses from those either because the form becomes available on the world wide web or the site sells/gives the E-mail lists to others.

  • Surfer's web browser: Some sites use various tricks to extract a surfer's E-mail address from the web browser, sometimes without the surfer noticing it. One example of this is making the browser fetch one of the page's images through an anonymous connection to the site. In order to access the page, some browsers give the E-mail address the user has configured into the browser as the password for that account.

  • Chain letters and hoaxes: This method means the spammer uses a hoax to convince people to give him valid E-mail addresses. For example some spammers use chain letters with promises of free gifts to you and anyone the letter is forwarded to as long as it is copied to the spammer. They often claim to be associated with large reputable businesses.

  • Newsgroup or USENET postings: Spammers regularly scan newsgroups for E-mail addresses using ready-made programs designed to extract the addresses of anyone who is a member of that newsgroup.

  • Mailing lists: pammers regularly attempt to get the lists of subscribers to mailing lists because some mail servers will give those upon request.

  • "finger daemons": If one were to "finger query" asking for john@host, a list of information would be provided including login names for all people named John on that host. A query for @host will produce a list of all currently logged-on users if the server allows.

  • "Ident daemon": Some unix computers run a daemon, a program which runs in the background, initiated by the system administrator, intended to allow other computers to identify people who connect to them. When a person "surfing" from such a computer connects to a web site or news server, the site or server can connect back to the person's computer and ask that daemon for the person's E-mail address.

  • Domain contact points: Every domain has one to three contact points- administration, technical, and billing. The contact point includes the E-mail address of the contact person.


In addition to extracting E-mail addresses from web sites by the methods described above, many web sites and E-newsletters use "cookies" to track your every move on their site.

  • A cookie is a unique identifier that a web server places on your computer. It is a serial number for you personally that can be used to retrieve your records from their databases.

  • It's usually a string of random-looking letters long enough to be unique. They are kept in a file called cookies or cookies.txt or MagicCookie in your browser directory/folder.

  • Cookies can learn your preferences by asking questions at their site, and that information can be placed in cookies and used as a basis for offering you, or not offering you, future information.

  • Cookies can be used to track where you travel on a site or what choices you make in response to options as you travel through a site.

  • Any web site that knows your identity and has a cookie for you could set up procedures to exchange their data on you with other companies that buy advertising space from them, thus synchronizing the cookies they both have on your computer.

  • This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites.

  • The result is that if a child goes to a soft-porn web site and signs up to win a trip, that child's name could be sold to other soft- and hard-core porn sites as well as to travel agencies.

There are many convenient and legitimate uses for cookies.

  • For instance they allow "mass customization" of the content on web sites and cannot pass viruses from the server to your hard drive. The information in the cookie is not a program and is never executed as code.

  • Cookies cannot be used to get information from your hard drive that the server did not place there.

  • They cannot capture an E-mail address from your browser, and they cannot steal credit-card numbers.

  • They cannot capture personal information about you, unless you volunteer such information at a site, for example, in response to an offer of some kind.

  • If you do volunteer personal information, that information could show up in a cookie and can be used with the information about you that is collected using cookies.

There are legitimate Internet resources that can be misused.

Once someone has your E-mail address there are legitimate Internet resources that can be misused to find additional information about you.

  • For instance by inputting an E-mail address and conducting a "reverse lookup" on a people-finder, a stalker can find your full name, home address, and telephone number. With that information, people can use a mapping tool on the Internet to determine where you live and exactly how to get to your house.

  • In addition they can conduct web and newsgroup searches to see if you have a web site, are on a web site, or have posted any messages to newsgroups. In essence, within one hour, a stalker may be able to find such information as your name, home and business addresses, home and business telephone numbers, preferences and hobbies, and even information about your family and neighbors.

Adapted from "How Do Spammers aond Online Stalkers Find You?" in The Front Line, August 2001, Volume XXXXIV, page 8-9. Copyright 2001 National Center for Missing & Exploited Children. All rights reserved.