Nov '25 (edited) ⢠Pro Tips
đĄď¸ SPAM: How to Trace Where Scammers Got Your Address
Scam emails arenât random. The recipient fields already tell you a lot.
đĽ TO, CC & BCC Explained
TO: Youâre the main target
Your email is openly listed. They contacted you directly.
CC: Everyone can see each other
If strangers are CCâd, itâs a bulk blast from a scraped or leaked list.
BCC: You donât appear anywhere
Youâll receive the email, but your address wonât show in To/CC.
Classic sign of mass phishing campaigns.
If you see âTo: (empty)â or the senderâs own address â you were BCCâd.
đ How to Track Where Your Email Leaked
â Plus Addressing
Use aliases like:
name+amazon@âŚ
name+instagram@âŚ
If spam arrives on that alias â you know exactly who leaked or sold it.
â Have I Been Pwned
Check if your email appeared in a breach.
Turn on notifications so you get alerts immediately.
â Email Headers (advanced) or click: â<> Show originalâ in the menu with the three dots if you use G Mail.
Look at return path, server, and SPF/DKIM/DMARC.
If it doesnât match the claimed sender â scam.
Weâll take a deep dive into this in an advanced E-mail course.
What can you do moving forward?
đĄď¸ Protect Your Inbox
- Use aliases or +addressing
- Turn on HIBP alerts https://haveibeenpwned.com
- Unique passwords + app-based MFA
- Donât click links! Open sites manually
5
10 comments
đĄď¸ SPAM: How to Trace Where Scammers Got Your Address
powered by
skool.com/huisvestnl-3698
Get started in OSINT and learn how to find out about anything and anyone online, professionally.
Suggested communities
Powered by