“It winds up in the databases eventually,” Dave Marcus, director of security research at McAfee Labs told Security Management by email.
Other email addresses are pulled right from Web sites by computer programs or hacked mailing lists.
“They can be harvested with web crawlers which scour the Internet looking for email addresses. Such crawlers will come across any publicly posted email lists, like from a security breach, and absorb them. In other cases, address books can be harvested from infected machines. Raw data logs from botnets can be purchased and mined for data such as email addresses as well,” Wosotowsky said.
The exact price of an email list will depend on the quality of the list. That quality is based on how many email addresses are still active and what type of addresses they are--from government, corporations, or individual, for example. Wosotowsky said the numbers in the study are the average prices for an average quality list.
“Most of the time when you use your email address to sign up for things online it’s not going to get you into trouble…. Obviously the more address books your email address is in the higher chance that it will eventually slip out,” he said.
“Email addresses also get out there when companies go out of business and someone comes along and buys ‘rights’ to their old customer email list. Those are some of the more infuriating ones, because the law can be a bit obtuse on issues of online privacy in terms of what qualifies as a tangible and sellable email list,” he added.
Wosotowsky is a little more optimistic about spam protection than his counterpart. He says the best safeguards are to have anti-virus protection, some sort of spam filtration, be aware of domain reputation, and keep track of legit subscriptions.
“Unsubscribe from legitimate mailing lists when you get bored of them. If you sign up for too much then it’s hard to know how much of that ‘spam’ you should be angry at,” he said.
photo by comedy_nose from flickr