•Dictionary Harvest Attack: A dictionary harvest attack is when spammers attempt to find valid email addresses by randomly sending mail to common mailbox names for a domain, such as email@example.com or firstname.lastname@example.org. You can minimize spam that is generated this way by ensuring that your email account names are unique and specific. Examples: email@example.com, firstname.lastname@example.org
•Email Harvesting: Email harvesting is when spammers use a number of techniques for finding valid email addresses for purposes of sending spam to. Once an email has been harvested and identified as valid and responsive, the email address then goes on a spam list. Spam lists may then be traded or sold in bulk, making the email address available to more and more spammers as time goes on.
•You provided your email address to a website, such as when you signed up or commented on a post, and they gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through a security exploit.
•You signed up for a mailing list and forgot you signed up.
•You signed up for a mailing list, and they gave your email address (intentionally or unintentionally) to spammers.
•You sent an email to someone, and they forwarded it to someone else who harvested your email.
•Someone sent you an email also addressed to other recipients, and they used TO or CC instead of BCC, making your email address visible to anyone who received the email (or who was forwarded the email thereafter). Any of the recipients could have made your email available to spammers.
•You used your email on a discussion list that reveals your email address to other users. Any of the other users could have harvested your email address.
•Your email address is on your business card (or posted where people can find), and someone decided to add you to their mailing list without your permission.
•Your computer could have a virus or malware on it that records keystrokes (i.e. everything you type), sniffs packets (i.e. reads everything going over your internet connection), or directly reads active email accounts from popular email software.
•Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
•A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses.
•Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed.
•Your internet service provider (ISP) could be gathering emails and selling them.
•A hacker could have guessed or obtained hosting control panel login information and retrieved your email addresses that way.
•Spammers may use sophisticated techniques to identify when a spam message has been read, and so looking at a spam message after it has been received may confirm that your email address is active.
How to Prevent Spam
•Be careful who you give your email address to. This includes websites and anyone you might email.
•Create and use disposable email addresses to sign up for websites or services that you do not absolutely trust.
•Be sure not to open spam when you do receive it.
•Make sure your computer and computers on your network are virus and malware free.
•Make sure your website is free of malware and security vulnerabilities. If you are using a third party script or code on your site, this usually means running the latest secure version.
•Use secure passwords for your email and hosting account to prevent hackers from guessing and logging in.
•If your friends are sending you emails sent to a large recipient list, request that they use BCC instead of TO or CC, so that other recipients cannot see your email address; or request they stop including you if you do not want to receive the emails.
•Do not list your email address on your website or anywhere the public can access it.
Free Spam Filtering Options
Premium Spam Filtering and Prevention Options
•WHOIS Information & Domain Privacy - Spammers may use your WHOIS information for your domain to identify valid email addresses which they may send spam to. Purchasing WHOIS privacy protection can prevent spammers from gaining your email from publicly available information.
•Google Apps for Work - Google offers tools that allow you to use your personal domain with a Gmail inbox, allowing you to take full advantage of their advanced pre-configured spam filtering tools.
The Nuclear Option
Cyberbay's Stance on Spam