Email Harvesting Explained and How to Protect Yourself from It

Ever since email accounts gained traction on the Internet, so too has sending spam emails to users. Given how email spam is so prevalent, it’s a good idea to keep your email from being picked up by spammers. Unfortunately, this is much easier said than done, as spammers can get info from sources you can’t control, such as database leaks and information purchases.

Still, there are some precautions you can take from stopping spammers from learning of your email. One such trick is to dodge their most prevalent method: email harvesting.

What Is Email Harvesting?


When spammers want to send out a designated message, they obviously need an audience to send to. Given how both users and email providers have gotten smarter about spam over the years, a successful spam campaign needs to get past the defenses set up against it. Making a spam email appear legitimate is definitely a key part of this campaign.

However, on top of this, spammers need to hit far and wide in hopes that a few of their emails will dodge a junk filter or two. Even if it doesn’t, there’s still hopes the user will look through their junk email folder, find the spam message, become intrigued, and open the email.

To build their audience, spammers need to gather as many emails as possible. As mentioned before, they can build an audience by buying data or gathering it from leaked databases. However, in this day and age of computer technology, emails can be found scattered all over the Internet. From user profiles to “Contact Me” pages to forum users putting their emails into a post, there’s a bounty of email addresses out there ripe for the picking. All the scammers need to do is gather them up, and they have their audience!

How They’re Harvested


Of course, it’s going to take a long time for someone to trawl through the Internet finding email addresses! Therefore, the spammers set up bots to do the email harvesting for them. The spammers tell the bots to comb the ‘Net and find any sentences that follow a pattern: for example, “[EMAIL]@[DOMAIN].com.” The bot goes out and finds phrases that fit this template (, for instance) and saves it to a list. The scammer can then go through this list for emails to use in their next spam campaign.

As such, if you have your email out there on the Internet, it might be subject to being picked up by an email harvester. You may find your junk folder (or even your inbox!) slowly begin to fill up with junk as your email gets passed around.

How to Stop It

Simple Obfuscation

It’s common knowledge that to prevent email harvesting, you write your email in a way that humans can easily understand but that is hard for bots to pick up on. The traditional advice is to write your email as “user at example dot com;” therefore, it wouldn’t fit the harvester bot’s template and will be skipped over. These days, however, scammers know of these tricks and instead send out bots looking for templates such as “[WORD] at [WORD] dot com”. As such, while typing out “at” and “dot” may help prevent some email harvesting, it probably won’t be foolproof.

Complex Obfuscation

If you want a smarter way to hide your email, there are some tricks you can use. If your email address is [your first name], and it’s very clear to the user what your name is (you may have it in the website header, for instance), you can prevent bot attacks by saying “my email is at [X], where [X] is my first name”. It’s complex enough that bots looking for templates won’t harvest the email but simple enough for humans to be able to still reach you.

Contact Form


If you want people to email you from a website, consider having a contact form instead of posting your address. Contact forms allow users to send you emails without actually giving out your email address. This makes it a safe way to receive correspondence without getting caught up in spam. For extra security, see if you can also add a captcha to keep bots from emailing you via the form.

Embed in an Image

But what if you want to post your email with obfuscation or using a form? If you want, you can embed your email address in an image like this:


Scanning and detecting emails in pictures is a lot harder than scanning text, so there’s a very low chance a harvester will notice your email address in an image. Meanwhile, humans can very easily read the email address in the image and get in contact with you.

“Temporary” Address

And if none of the above suits you, you can always create a separate account which you can publicly share with everyone. When someone sends an email to this temporary address and they’re clearly not a spam bot, you can always reply via your proper email and continue correspondence from there.

Poor Harvest

With spam emails being so prevalent on the internet, it makes sense to be careful with your email address. Using a few tricks, you can save your email address from being added to spammers’ lists and keep your account spam-free.

How bad are your junk folders? Are they clean as a whistle or clogged with spam? Let us know below in the comments!

Simon Batt
Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox