Skip to main content


Home Email harvesting

Email harvesting

Email harvesting definition

Email harvesting involves gathering email addresses from various sources without permission. Cybercriminals use automated tools to scan websites and databases. Once collected, these addresses often receive unwanted spam or phishing attempts. Many websites inadvertently expose user emails. Implementing protective measures helps combat such unauthorized collection.

See also: Credential harvesting, Email attack

Use cases of email harvesting

  1. 1.Spam campaigns. Collecting vast numbers of email addresses allows perpetrators to send out unsolicited emails en masse. These spam messages can range from unwanted advertisements to more malicious content. The aim is often to either sell products, drive traffic, or spread malware.
  2. 2.Phishing attacks. Email addresses harvested can be used to launch targeted phishing campaigns. Attackers impersonate legitimate entities, like banks or service providers, to deceive recipients into revealing sensitive data.
  3. 3.Selling email lists. There's a black market for lists of active email addresses. Harvesters might gather these addresses and sell them to third parties, from advertisers to other cybercriminals.
  4. 4.Competitive espionage. Companies may engage in email harvesting to collect information about competitors' clients or subscribers. They can launch campaigns to lure away customers by obtaining a competitor's client list. This underhanded tactic can offer insights into competitors' business strategies and customer preferences.
  5. 5.Research and data analysis. Not all email harvesting has malicious intentions. Some researchers or marketers might collect email addresses to study internet trends, user behaviors, or market segments. However, ethical concerns arise when this is done without transparency or user consent.