Millions of harvested emails offered for sale

By Dancho Danchev

What does it take to be a successful spammer in 2012? Access to a botnet, managed spamming appliance, spam templates that are capable of bypassing spam filters, and most importantly freshly harvested databases of valid emails from multiple email providers.

Let’s profile a web-based service currently selling millions of harvested emails to potential spammers, and find out just how easy it is to purchase that kind of data within the cybercrime ecosystem.

Like every successful marketer, spammers too, know the basics of market segmentation, and market localization. From vendors of localization on demand services, offering spammers to ability to  translate their messages to the native languages of their prospective recipients, to vendors of segmented email databases, in 2012 spamming is easy to outsource and manage as a service.

The web-service I’m going to profile is called Baza-Inform. Basically, it offers potential spammers segmented databases of harvested emails.

Currently, the service has the following inventory of emails:

  •,,, – 15 970 807
  •,, – 3 091 994
  •,, – 1 636 720
  •,, – 1 944 490
  • – 185 987
  •, – 8 888 053
  •, – 36 267 998
  • – 28 829 391
  • – 22 356 273
  •, – 12 465 024

Just how easy is it to harvest emails? Like in every other market segment within the cybercrime ecosystem, spammers are quick to adapt to emerging trends aiming to prevent the automatic harvesting of emails. In 2008, I came across an email harvester that’s capable of harvesting emails in the following formats:



mail [space]mail [space]com



mail AT mail DOT com

Moreover, in 2009 it became evident that spammers are directly harvesting emails from Twitter users who share their email details over the micro-blogging service. Clearly, such lists are fairly easy to compile, given the active harvesting on behalf of the spammers. In terms of quality assurance, prospective buyers cannot verify the validity of the database until they purchase it. Once they purchase it, they will use tools such as the High Speed Verifier to verify their validity automatically.

Monitoring of the service is ongoing. Details will be published as soon as they update their underground market proposition.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

12 thoughts on “Millions of harvested emails offered for sale

  1. Pingback: A peek inside the PickPocket Botnet « Webroot Threat Blog

  2. Email Spider is a fast multi-threaded application that “scrapes” email addresses from given URL ’s. You can import both emails and link allowing you to remove duplicates if need be. Crawl a little or crawl a lot at once, it’s up to you!

  3. After reading your blog comments my heart stopped because I have setup so many different accounts – Hotmail – Gmail – Yahoo – tons on ADMIN accounts and such…I really didn’t know it was so easy to harvest emails for power folk like you…Now I am determined to tighten up my ship and be more careful…I’m starting to get more and more spam emails all the time and appreciate your help in doing so…At least I’m more aware of what’s going on behind the scenes…I can’t be such an idiot about this Internet stuff anymore…There are people out there that are going after me…Thanks again for your help and information…I’ll get better going forward with protecting myself and knowing what’ really going on out there in the world you speak of! 🙂

  4. Pingback: Is Voice Recognition Prone to Security Threats? | Webroot Software

  5. Pingback: 採取された無数の電子メール アドレスが市場に流通 « ウェブルート ブログ 日本版

  6. Pingback: Research: U.S accounts for 72% of fraudulent pharmaceutical orders « Webroot Threat Blog

  7. Pingback: Millions of harvested U.S government and U.S military email addresses offered for sale « Webroot Threat Blog

  8. Pingback: New DIY email harvester released in the wild « Webroot Threat Blog

  9. Pingback: A peek inside a managed spam service « Webroot Threat Blog

  10. Pingback: A peek inside a boutique cybercrime-friendly E-shop – part five « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  11. Pingback: Segmented Russian “spam leads” offered for sale | Webroot Threat Blog - Internet Security Threat Updates from Around the World

  12. Pingback: One-stop-shop for spammers offers DKIM-verified SMTP servers, harvested email databases and training to potential customers | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s