Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Email Harvesting
Last Updated: May 31, 2017
Definition - What does Email Harvesting mean?
Email harvesting is the process of obtaining a large number of email addresses through various methods. The purpose of harvesting email addresses is for use in bulk emailing or for spamming.
The most common method of email harvesting is by using specialized harvesting software known as harvesting bots, or harvesters.
Techopedia explains Email Harvesting
Spammers harvests email addresses through various techniques, including:
- Posts into UseNet with email addresses
- From mailing lists
- From Web pages
- From various paper and Web forms
- Through the Ident daemon
- From a Web browser
- From Internet relay chat and chat rooms
- From finger daemons
- From domain contact points
- Using the method of guessing and cleaning
- From white and yellow pages
- By accessing the same computer used by valid users
- From the previous owner of an email address
- Through social engineering
- By buying lists from other spammers
- By accessing the emails and address books in another user's computer
- By hacking websites
The above techniques enable spammers to harvest email addresses and use them with electronic messaging systems to send unsolicited bulk messages. The following techniques can be used to prevent email harvesting:
- Email address munging by changing the "@" sign into "at" and the "." into "dot"
- Turning an email address into an image
- Using an email contact form
- Using JavaScript email obfuscation. In the source code seen by the harvesters, the email address appears to be scrambled, encoded or obfuscated.
- Using email address obfuscation through HTML. For example, one can insert hidden elements within the address to make them appear out of order and use cascading style sheets to restore the correct order.
- Prompting users to enter a correct CAPTCHA before divulging the email address
- Using a CAN-SPAM notice enabling prosecution of spammers under the CAN-SPAM Act of 2003. The website administrator must post a notice that "the site or service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages."
- Monitoring the mail server. This method can be implemented at the recipient email server. It rejects all email addresses as invalid from any sender specifying more than one invalid recipient address.
- Using a spider trap. This is a part of a website built to combat email harvesting spiders.
