Spammers and scammers get hold of email addresses in a number of ways, e.g. . .
1. They simply guess at combinations of forenames (or initials) and surnames that might combine together to make real email addresses, using special software to do so, and then send out emails to all such combinations. For example, if I was to send out millions of emails addressed to
[email protected],
[email protected],
[email protected], etc, there's a good chance that I'd get a good 'hit rate' with those emails ;
2. They harvest email addresses from public websites by using software that scours millions of sites for such information. So, for example, if a local church website includes something like "Choirmaster:
[email protected]", Mr Perkins might then find that his inbox is rapidly filling up with spam and scams ;
3. They hack into insecure shopping sites to steal the email addresses of their customers. So simply shopping for clothing online might expose your email address to spammer an scammer if the company that you're dealing with doesn't take their security seriously enough.
4. They create websites where people are invited to fill in their email addresses in order to enter a competition, or similar.
5. They buy mailing lists from others, who might have used any of the foregoing techniques to create those lists. Alternatively they might have acquired the addresses (semi-) legitimately by including something like "We reserve the right to pass your contact details onto our business partners . . . " in their contract terms when you engage with such a site.
You're right to be wary of clicking on an 'unsubscribe' link in an unsolicited email, as it will confirm to a spammer/scammer that they've found an active email address, triggering loads more junk to head your way. If you don't respond, the senders of unsolicited emails often seem to give up after a while anyway.