I’ve been using Gmail as my e-mail service provider for a few years now, and due to their excellent spam filters, I’ve been able to ignore the continuous stream of junk mail hitting my mailbox every day. Despite their efficiency at identifying and hiding spam e-mails, I remain genuinely concerned about keeping my e-mail address hidden from the public view. E-mails that are publicly available are easy targets for spambots, which are automated programs that scour the Internet for e-mail addresses. Once “harvested”, these addresses are sent junk mail, spam.
Sometimes, however, it is desirable to have an e-mail address visible to the public – to do so, a special approach should be taken to protect it from spambots. For example, you can use services like reCAPTCHA Mailhide, which challenges viewers with a CAPTCHA before it displays the full e-mail address.
Curious about whether or not my e-mail was “out there”, I decided to look into it. Below, I explain how you would go about checking for public references to your e-mail address, and how future slips could be prevented.
Google Your E-mail Address
Try searching for the e-mail address using Google. Search engines scour the Internet for web pages, rather than just specific elements in the page (like e-mail addresses). They do so through programs called crawlers, sometimes referred to as spiders. If they have indexed a webpage that has your e-mail address mentioned, you’ll be able to find it in the engine’s search results. The important fact here is this: if you can find it using a search engine, you can safely assume that a spambot would be similarly capable. It is therefore important to remove any references to your e-mail address – in doing so, you’ll be making it a little bit harder for spammers to target your address.
To do so, try launching a Google search for your e-mail address, using this format:
The double-quotes will tell Google to look for that exact string, which will limit the number of false positive search results that are returned. If you get no results with the double quotes, try removing them.
After running the search, if you spot search results that actually have made your e-mail address publicly visible, you’ll need to try and remove them. In my case, when I did this, all the hits were sites that I could log into, and then remove my address. If you’re lucky, it’ll be that simple. Otherwise, you might have to contact the site owner to get it removed.
Question How Websites Use Your E-mail
To avoid getting into potentially complicated situations, it is worthwhile to spend some time determining how websites intend to use your e-mail. An e-mail is almost always requested when registering, but the uses vary. It could, for example, just be used to contact you to activate your account. Or, it could be used for a multitude of things, including as a publicly viewable piece of information. Take the time to check FAQs, site forums, or even contact the site owners if there are doubts – this could prevent an increase in spam received.
Sometimes, however, it isn’t as straight-forward as them displaying your e-mail address- sometimes certain sites will indirectly expose your address. I’ll give you an example… consider Google Profiles. By default, the URL that points to your profile looks something like this:
You can, however, choose to have your username appear at the end, like this:
This is naturally better for search engine optimization, and it also allows you to memorize your profile link – but it introduces a flaw as well. Looking at that URL, I know that the e-mail address “firstname.lastname@example.org” exists. It has to, that’s how Google accounts work – they are based on an e-mail address, so there is no doubt about what the username portion is. If I know that, then I can deduce that there must be a spambot out there that is smart enough to exploit the same flaw. Even if no spambots are currently exploiting this, I’m pretty sure one eventually will. Thankfully, though, Google has explained the feature very well on the settings page – reducing the likelyhood that someone would enable it unknowingly:
To make it easier for people to find your profile, you can customize your URL with your Google email username. (Note this can make your Google email address publicly discoverable.)