Introduction
We all get spam. But have you ever stopped to wonder why — not just how it gets past filters, but why your inbox specifically is being targeted?
According to the UK government's 2024 Cyber Security Breaches Survey, phishing was the most common type of cyber crime, affecting 90% of businesses who experienced any form of cyber crime. But spam isn't random chaos. It's a data-driven industry backed by harvesting bots, purchased lists, and automated campaigns.
Understanding the anatomy of a spam email — how it's created, why it reaches you, and what the sender wants — is the first step to protecting yourself.
How Spammers Get Your Address
Before a spam email can reach your inbox, the sender needs your address. Here are the most common collection methods:
Email harvesting bots. Automated scripts crawl websites, forums, comment sections, and social media profiles, extracting every email address they find. If your email appears anywhere on a public webpage, it will be harvested.
Purchased lists. Data brokers and list aggregators sell "verified" email lists to marketers and scammers alike. A single listing on a forum from five years ago can put your address on a list that's sold hundreds of times.
Data breaches. When a service you use is breached, your email address enters circulation. According to Verizon's 2024 Data Breach Investigations Report, 68% of breaches involved the human element — often a phishing email that harvested credentials. The exposed addresses are then used for further attacks.
Dictionary attacks. Spammers generate common username patterns (john.smith@, info@, support@, sales@) and test them against major providers. If the email doesn't bounce, they know it's active.
Referral and forwarding. When you forward a message or a friend shares a contact list, your email can be picked up by intermediate servers that log addresses.
What Spam Emails Look Like Under the Hood
A spam email is engineered to achieve specific goals:
The "From" header is spoofed. The sender address is often forged to look like a legitimate company or a known contact. This is called display name spoofing.
The subject line uses urgency or curiosity. Common patterns: "Your account has been suspended," "You've won a prize," "Invoice attached," "Action required within 24 hours." These trigger emotional responses that bypass rational evaluation.
The body contains a single goal. Either:
- A link to a phishing site that captures credentials
- An attachment with malware
- A request for a reply (to confirm your address is active)
- A phone number for a callback scam
Tracking pixels are embedded. Even in spam, 1×1 transparent tracking pixels report back when you open the email, confirming your address is live and monitored — making it more valuable.
Why Your Inbox Specifically?
Spammers don't target "you" personally (except in spear phishing). They target your email address because it's:
- Validated as active. If you've received one spam email, it confirms your address is monitored.
- Associated with other services. Your email is the key to finding your accounts, your social media, and your online presence.
- On resale lists. Active, confirmed emails are worth more than unverified ones. Each piece of spam you receive is a sign your address has been traded.
The Expira Connection
Expira stops spam at the source. By using a disposable address for every new sign-up, download, or interaction, you ensure your primary email never enters the harvesting cycle. Even if a disposable address is collected, it self-destructs before any spam campaign can use it.
Conclusion & CTA
Spam is an industry that feeds on exposed email addresses. Understanding how it works helps you make smarter decisions about where you share your primary inbox.
Don't feed the spam machine. Use Expira for sign-ups and keep your real inbox clean.
Related reading: Email Harvesting Bots: How They Collect Your Address and How to Avoid Them | 5 Signs Your Primary Email Address Is at Risk Source: UK Government Cyber Security Breaches Survey 2024; Verizon 2024 DBIR