Tens of marketing emails within hours of registering a .COM - How are they doing it?

Each top level domain registry makes a dump of all whois data available. You can either download it yourself periodically, or subscribe to a service that does so and alerts you to changes.

Marketers subscribe to be notified of all newly registered domain names so they can send you spam.

See: Possible to download entire whois database / list of registered domains?


Spammers will go to great lengths to obtain contact information from website owners, these are just some of the most common methods:

  • Whois lookup
    • Using a online database of newly registered domains they can then perform a scripted WHOIS lookup using windows whois, linux whois or similar and output those entries for later harvesting. Often spammers will look at common name servers to find newly registered domains, for example the top 50 name servers.
    • Despite belief most spammers do not harvest whois information from online websites that cache WHOIS information. This is because most will throttle and use some kind of captcha service, which can be easily cracked using a online service as little as 0.07 USD per a de-captcha but the process takes resources and money making it more practical to do locally.
    • As mentioned by Stephen registrars do have a list of domain whois information but generally these lists are well guard and its far easily and more cost effective just to scan newly registered domains that it is to obtain one of those lists.
  • Common email aliases
  • Direct page harvesting
    • Other harvesting methods including scanning the website for emails, these can be text form, javascript form or raw text... bots are rather clever these days and can detect things like alias at example.com, alias(a)example.com and alias at example dot com, I even read somewhere that spammers prefer alias that are not so common as they have better lead rates.