Ask Leo! by Leo A. Notenboom

Why do I get spam that's not addressed to me?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » EMail » Spam

Summary: Spammers use many techniques to try and slide their garbage into your inbox. BCC'ing you on messages is one such way.

Why do I receive junk emails that are not addressed to my specific email address but to several subtle variations of my address? Why do these emails get delivered to my address when they are not addressed specifically to my address? And how should I most properly dispose of them?

Spammers are doing everything they can to get their garbage in front of you. And that means using and abusing every tool at their disposal.

One of those tools is something that's available to you and me when we send messages as well.

You were "BCC'ed" on the spam.

"BCC" for "Blind Carbon Copy" is a technique to send someone an email without their email address appearing on the message.

Typically, email programs have, in addition to the "To:" and "Cc:" fields, a "Bcc:" field that can be filled in as well. Here's an example in Thunderbird:

Thunderbird Addressing Dropdown

You can see that Thunderbird allows you to specify Bcc: as one of the addressing options.

"Spammers are doing everything the can to get their garbage in front of you."

In short:

  • To: is one or more direct recipients for the message.

  • Cc: is one or more recipients who also get the message. While the message is not directed "at" them, they also receive it. Often people use this as an "FYI" to others to see the message. Any Cc: recipients are displayed in the message on the Cc: line.

  • Bcc: is one or more recipients who also get the message. This is exactly like Cc: except that the list of people receiving the message via Bcc is not included in the message when it is sent. Upon receipt there's no way to tell who, how many, or even if any Bcc: addresses were used when the message was sent.

Because this comes up time and time again, let me be clear:

Upon receipt there's no way to tell who, how many, or even if any Bcc: addresses were used when a message was sent.

Spammers use this technique to send one message to perhaps hundreds of people at a time because actually listing all those addresses as Cc: or To: makes the message more likely to be flagged as spam. Since there's no way to tell when you get the message that Bcc: was used, the fact that it might have been can't factor in to figuring out whether or not it's spam.

And those hundreds of messages might well be what's called a "dictionary attack", meaning that they just try variations on email names with the hope that one or more will actually reach a real person. For example they might try "leo@", "leoa@", "leob@", and so on, on any of my domains. Some might work, some might not, but there's no added cost to the spammer to try 'em all. Most might well be hidden in the Bcc: that you can't see.

Ultimately, there's nothing you can really do specifically about this situation. Flag it as spam, if your email program supports that, and other factors and characteristics of the message will likely be added to the database of what looks like spam to you, and maybe the next one will get flagged automatically.

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C3590 - December 12, 2008

Recent Comments
5 Comments

Although everything that was discussed is very interesting, I don't believe that the question was answered.

I don't claim to know the exact answer to the question but, for example, I do know that gmail has this feature that if your email address is:

myEmail@gmail.com

you might type my.Email@gmail.com and for gmail both addresses are the same one. It can even go as far as being myEmail+someSite@gmail.com and gmail will still consider it to be the same address which is usefull since if one day you receive an email from an unknown source with this email address, you'll know that "someSite" sold its emails database.

Posted by: Sergio Romero at December 16, 2008 12:41 PM

I have to agree with the above; I'm not sure the question was answered. I know of a couple of reasons that might produce the situation described, for instance, if the e-mail recipient happens to own the domain and their e-mail address is the "catch all" address for the domain.

Also, spammers can fake most of the header information in their e-mails. I'd advise the questioner to check the "Envelope-to:" and "To:" lines in the e-mail's header.

Posted by: Ray at December 16, 2008 10:48 PM

Not exactly the question raised here but perhaps a related issue....

Not so much recently but in the past I received numerous crap emails seemingly addressed *from* me. (If my email address is, for example, abc@xyz.com the email would not only be addressed *to* that address but *from* that same address.)

Concerned at first thinking someone was sending spam from my hijacked email address after some time I ceased being worried and simply figured the spam-sender's program somehow simply did this by design -- perhaps further enticing the recipient to open the email (after all, it was sent from me!).

BTW - Either HTML tags on these boards don't work for me or the effects of using them don't show in the "Preview" window. I'm not sure which.

Posted by: Duane at December 20, 2008 2:35 PM

When I first used hotmail, I got hundreds of spam,phishing, and plain con e-mails [ including money scams ] then I loaded the ACMA submission page in my favorites.Every time I got crap - I passed the whole page to ACMA [ located in Canberra ] Their job is to track these scum, arrest them and prosecute. It's been over a year now and I don't get any spam EVER!!!. And I don't even run any anti-spam programs; I guess when the federal police start knocking on doors, some people get the message :)

Posted by: John Neeting at January 11, 2009 5:47 AM

I'm confused. The answer does not match my experience. When I get one of these spam messages...there is nothing in the headers to indicate that the message is meant for my account. However, when people BCC me...there are headers in the message to indicate that the message is meant for my account. So I still do not understand how I keep getting spam email in my account when no header in the message indicates that it is for my account?

Posted by: alpha omega at June 22, 2009 7:32 AM

Post a comment on "Why do I get spam that's not addressed to me?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!

http://ask-leo.com/why_do_i_get_spam_thats_not_addressed_to_me.html
Copyright © 2003-2009 Puget Sound Software, LLC and Leo A. Notenboom

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure