How do spammers send spam emails?

How do spammers send spam emails?
Email Spammer

Spam emails are unsolicited messages that are sent in bulk by spammers. While some spammers may seem like they are shooting in the dark, the truth is they know exactly what they are doing and are willing to go to great lengths to circumvent spam filters. Spammers use a variety of techniques to obtain email addresses and send spam emails.

In this article, we will explore the different methods used by spammers to send spam emails.

Disclosure: Some of the links on this website are affiliate links, which means that I may earn a commission if you click on the link or make a purchase using the link. When you make a purchase, the price you pay will be the same whether you use the affiliate link or go directly to the vendor's website using a non-affiliate link.
By using the affiliate links, you are helping support this website.
I genuinely appreciate your support!

Different methods used by spammers to send spam emails

Scraping Email Addresses from the Web

  • One way that spammers obtain email addresses is by scraping them from the web.
  • They use automated tools to scan websites for email addresses, which are then added to their database.
  • Spammers are known to target popular websites and forums to collect email addresses of their users. Once they have a large enough database of email addresses, they use it to send spam emails.

Obtaining Email Addresses from Leaked Databases

  • Another way spammers obtain email addresses is by using leaked account databases.
  • According to [2], password leaks happen with frightening regularity.
  • Large organizations such as Adobe, LinkedIn, eHarmony, Gawker,, Yahoo!, Snapchat, and Sony have all been compromised in recent years, resulting in millions of email addresses being leaked online. Spammers can easily obtain these email addresses and use them to send spam emails.

Spoofing Email Addresses

  • Spammers also use a technique called email address spoofing.
  • As explained by [3], email address spoofing is the practice of faking the "From" address on an email to make it appear as though it came from a different email address.
  • The goal is to make the email appear more legitimate and increase the chances of the recipient opening it.
  • To do this, spammers do not need access to the account associated with the email address they are spoofing. They only need the email address itself.

Using botnets

  • A botnet is a network of compromised computers that are controlled by a third party without the owners' knowledge.
  • Spammers can use botnets to send large quantities of spam emails simultaneously, making it difficult to trace the source of the spam.

Purchasing email lists

  • Spammers may purchase lists of email addresses from companies or individuals who have compiled them through various means, such as website sign-ups or contests.
  • These lists may contain both valid and invalid email addresses, and they are often used to send out spam emails en masse.

Hijacking legitimate email accounts

  • Spammers may also use malware or phishing attacks to compromise legitimate email accounts and use them to send spam emails.

Using "open relays"

  • An open relay is a mail server that is configured to allow anyone to send email through it, regardless of whether they are an authorized user.
  • Spammers can use open relays to send spam emails without having to reveal their own identity or IP address.

Creating fake email addresses

  • Spammers may create fake email addresses using a variety of methods, such as using random letters and numbers or misusing legitimate domain names.
  • These fake email addresses are often used to send spam emails and to make it difficult for recipients to trace the source of the spam.


How do spammers get my email address in the first place?

  • Spammers use a variety of tactics to harvest email addresses, including web scraping, buying email lists, and using malware to steal addresses from infected computers.
  • They may also use social engineering techniques to trick users into giving up their email addresses, such as through phishing scams.

How do spammers send so many emails at once?

  • Spammers typically use botnets, which are networks of compromised computers that can be controlled remotely to send out large volumes of spam.
  • They may also use dedicated email servers or email service providers that specialize in sending bulk email.

How do spammers avoid getting caught or blocked by spam filters?

  • Spammers use a variety of techniques to evade spam filters, such as using random or obfuscated text to bypass keyword filters, using image-based spam that can't be easily analyzed by filters, and using techniques to mimic legitimate email senders.
  • Some spammers also use "snowshoe spamming," which involves spreading out spam over a large number of IP addresses to avoid detection.

What can I do to protect my email address from spammers?

  • To protect your email address from spammers, you should avoid posting it publicly online, use a strong and unique password, and be cautious about giving out your email address to third parties.
  • You can also use spam filters or email service providers that offer robust spam protection.

How can I report spam emails that I receive?

  • Most email providers have a mechanism for reporting spam emails, which can help to train their spam filters and prevent future spam from reaching your inbox.
  • You can also report spam to organizations such as the Federal Trade Commission or the Anti-Phishing Working Group.

Expert tips and product recommendations

  • Use a reputable email service provider that offers strong spam protection, such as Gmail or ProtonMail.
  • Be wary of emails from unknown senders or with suspicious subject lines, and don't click on links or download attachments unless you are sure they are safe.
  • Consider using anti-malware software that can help protect your computer from malware that might be used to harvest your email address or send spam.
  • If you run a business, consider implementing email authentication standards such as SPF, DKIM, and DMARC, which can help prevent spoofing and protect your domain reputation.
  • Use a double opt-in process when collecting email addresses from users, which can help ensure that the addresses you collect are legitimate and that users have given explicit consent to receive emails from you.

Typical challenges in a business environment

In a business environment, some of the typical challenges related to spam emails might include:

  • Dealing with the productivity loss and potential security risks caused by spam emails, such as phishing attacks or malware.
  • Managing the reputational damage caused by spam emails that are sent from your domain, which can harm your brand and customer trust.
  • Ensuring compliance with laws and regulations related to email marketing, such as the CAN-SPAM Act in the United States.
  • Balancing the need to communicate with customers and prospects via email with the need to avoid sending unwanted or irrelevant messages.


Spammers use these and other techniques to send spam emails in an attempt to promote their products, services, or ideas. However, spamming is generally illegal in many countries, and it can result in fines and other penalties for those who engage in it.

To protect yourself from spam emails, it's important to be cautious when opening emails from unfamiliar senders and to use a reputable spam filter to help identify and block spam emails from reaching your inbox.

Prevent Phishing with Sophos Email Security
Get Shared Threat Intelligence, End-to-End Visibility and M365 API Integration with Sophos Email Security.