I got Spam from a site I visited. How does a web site get my e-mail address?

Maybe from your web browser (I’ve condensed the answers after scouring the web; includes excerpt from article by Uri Raz.)

Some sites use methods to extract a surfer’s email address from their browser, sometimes without the surfer noticing it. Using the HTTP_FROM header that browsers send to the server, some browsers pass a header with your email address to every web server you visit. To check if your browser shares your email address to everyone this way, visit http://privacy.net/analyze/.

They can use JavaScript to prompt the browser to send an email to a chosen address with the email address configured into the browser.  Some browsers allow email to be sent when the mouse passes over some part of a page. Unless the browser is properly configured, no warning is issued. Also, if you read email through a browser, it may be subject to active content (Active X, applets, Javascript, etc.) or web bugs.
 

A cookie was set when you visited some site. Sites can share the same advertising partner, which then shares your info.

For example, you buy from site 1. Their ad partner also works with site 2. The ad partner may have access to your email address from site 1 and then passes it to sites 3 and 4. Whether an advertiser does this or not depends on the privacy policies of the website. Usually, you have to approve cookies to use a website. Once you do, they count that as the go-ahead to share your data.

So a company unrelated to the site that you actually did business with could use the advertising network to get access to your email address.

 
Besides the browser, another way is using finger daemons.  A finger query asking for john@host may produce list info including the login names for all people named John on that host.  A query for @host can produce a list of all currently logged-on users.

Comments

4 thoughts on “I got Spam from a site I visited. How does a web site get my e-mail address?

Comments are closed.