I know how they got your e-mail address

Your Hijacked E-mail Address

Recently, I received an e-mail that was addressed to me … and 750 other people! Have you ever received an e-mail with a header that looked like the one below?

Actual E-mail Header (names/addresses intentionally blurred)

Ever wonder how you end up on someone’s e-mail blast list? The sender could be closer to you than you realize … a friend of a friend, an acquaintance of an acquaintance, or even someone you’ve met. Here are two primary tactics, how it works, and how to prevent it from happening to you:

1. Copy & Paste

One – or more – of the 750 recipients of an e-mail blast like the one above, sees this as a golden opportunity to grab 750 new e-mail addresses for their own listserv (e-mail distribution list). Copy, paste, done. It’s just that simple. They’ll grab 25 names here … 60 there … and another 750 from somewhere else. Pretty soon, this “blaster” has compiled a list of thousands of perfect … strangers. These folks see it as a numbers game – They believe, “The more people I add to my list, the better the odds that I’ll convert more of them into clients/customers/readers/fans.” Unfortunately, they prioritize  quantity over quality. This is SPAM, pure and simple, yet many people see nothing wrong with the behavior. “Besides, if they don’t want to be on my list, they can always just unsubscribe,” I’ve even heard them say.


Before you give someone your business card…

2. Assumed Permission

Whenever someone asks for your business card (especially at networking events) they may be intending to add you to their listserv. I recommend nipping this in the bud by politely asking them not to, assuming that is your wish. Surprisingly, this is another example of a marketing behavior that many people see no problem with. The fundamental problem is: they do not have your permission – you’ve barely met and they didn’t ask you if you wantedto be included on their listserv. (Perhaps they’re afraid of what the answer might be if they did?) They probably would never think of themselves as spammers, but they are sending you spam (unwanted e-mail).

My guess is that less than 1% of these hijacked recipients actually appreciate being added to lists like this. The other 99% feel interrupted, annoyed or downright irritated. What’s been your experience?


How not to be “That Guy”

If you’re the sender and there’s something legitimate and valuable you’d like to send to several recipients (people you actually know) all at once and you don’t have the time to send it to each person individually…

Here’s the trouble with sending it as a traditional e-mail … and the solution:

1. Some folks are sensitive to who sees their email address.

2. Psychologically, when someone sees that they’re one of (let’s say) 80, they are less likely to take action (i.e., “There’s 79 other people here. He’s got enough support already.”) Of course, if everyone felt that way…

3. Your e-mail message will end up in some peoples’ spam folder (25+ recipients is a major “red flag” to most e-mail clients).

4. Some people will inadvertently hit “reply all” for their personal reply back to you, and that annoys people.

5. When original recipients forward the e-mail, it shows all of the original 80 to those new recipients … and so on.

6. Some people will see this as an opportunity to grab 80 new names/e-mails to begin marketing to.

7. Finally, an e-mail looking like this — with 80 recipients listed in the header — has a very “cold” feel when perhaps it was intended to feel warm and personalized.

The Solution: put yourself in the “To:” line and “BCC” it to everyone else, but no more than 25 people at a time OR better yet, use a professional service such as: AWeber, Constant Contact or MailChimp. (affiliate links)


  1. Enjoyed this post! Being that am not out in the business world, but I use email with large groups (2 PTAs) this was informative and helpful!


  2. So glad to help, Julie 😉

  3. Stuart Itkin says

    Anyone who sends commercial email should also be aware of the CAN-SPAM Act, a law that sets the rules for commercial email, gives recipients the right to have you stop emailing them, and spells out tough penalties, up to $16,000 per each email violation. CAN-SPAM covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.

    A rundown of CAN-SPAM’s main requirements per the Bureau of Consumer Protection:

    1. Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
    2. Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
    3. Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
    4. Tell recipients where you’re located. Your message must include your valid physical postal address.
    5. Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand.
    6. Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days.
    7. Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law.

  4. Wow, Stuart. That certainly is thorough. Thank you for sharing.

  5. Chris Jensen says

    Steve, this info was wonderful and very helpful. I have tried to BCC as I send out info…even then, I think I have probably sent e-mail that was unwanted by some. Of course, I learned this lesson the hard way…by forwarding unwanted e-mails and not using the BCC to start out with.

  6. Glad to help, Chris. Thanks for the feedback!

  7. Eric Abramson says


    Yet another great blog post. One thing to remember when adding people to your emails in the bcc field is the fact that it still doesn’t protect the bcc users from the dreaded ‘reply all’ button. If there are bcc recipients and someone bcc’s then all recipients still receive the email. The best solution, by far, is to use one of the services you mentioned (Mailchimp etc.) or another outfit which handles emails more effectively than Apple Mail, Gmail or Outlook. Those services also have an opt-in feature to remind people signing up OR the person entering mass emails that permission is needed. This can save you a huge fine and also keep your clients and potential clients from feeling like they’re one in 850. Tremendously important.

  8. Excellent points, Eric! Thank you for sharing.


  1. […] Simply exchanging business cards with someone you meet is not implied permission to add that person to your listserv (e-mail distribution list). Invite them instead — If they decline, just know that your “auto-add” would have only annoyed or upset them. […]

  2. […] their permission. Otherwise, there’s a very good chance they’ll view your correspondence as annoying. Ideally, your “subscribers” should be the ones doing the […]

  3. […] You may feel compelled or be advised to import all of your LinkedIn contacts to your listserv (e-mail distribution list) and begin sending e-mails to those contacts. This is called Spamming your customers and contacts. Instead, your e-mail marketing should be permission-based. […]

Join the Conversation (Reply below)

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.