Spammers have found a new way to use Twitter. This one lets them harvest email addresses easily, and use these addresses to do their dirty business. The good news is that you can avoid this practice by simply not tweeting your email address.
Twellow's lead developer Matthew Daines pointed out that a simple query on Twitter Search can return large numbers of email addresses that spammers could potentially exploit.
"You can sit and just watch the email addresses steadily trickle in," he noted. "I wouldn't doubt it if spammers are harvesting these."
"It would be trivial to write a script that gathers these addresses," he added. "They could have several hundred thousand over a few weeks at the rate they trickle in."
The ability to search for email addresses has always existed on search engines like Google, but Twitter and it's real-time updates brings a whole new element to the matter. They come in fast, and they're always going to be up to date. This is why it could be enticing for spammers.
"The Twitter stream really weeds out all sorts of irrelevant data and cuts right to the email addresses within 140 characters, so it's a lot less intense, and would require very little coding skill," says Daines. "The thing is this makes it just too easy to get email addresses."
Warren Riddle at Switched makes a good point about the threat. The retention rate among Twitter users has not been the greatest, and the potential for spammers to harvest users' email addresses might turn some off too, although the ball is in the users' court on this one.
Twitter may want to consider taking some kind of precautions to prevent this kind of abuse. Spam is already a huge problem plaguing email and the web. When a service continues to grow in popularity the way Twitter continues to do, such abuse should be a great concern.
The lesson here is: Don't throw your email address in your tweets unless you want it to be searchable. That means it will be vulnerable to this kind of practice.
Some are probably thinking that this is common sense, but looking at a query that uses the above technic makes it pretty clear that people are not really thinking about this. And if they are, they must not care.
Of course already there are scripts being passed around in the spammers blogs and portals that does just this. It will harvest 1000s of emails in seconds, load them into a mass mailer and begin sending spam with one simple click of the mouse.
BOTTOM LINE IS "AVOID TWITTER ALL TOGETHER"
Also note that twitter has now tooken the number one spot for getting spam and malware, followed by friendster and myspace. These social networks are simply a breeding ground for malicous drive by spam and malware, not to mention viruses, trojans, keyloggers and now spam dumps.