Are companies sharing your personal email address?

As a follow up to a recent post from Marcus about good and bad user experiences, I thought I’d share a handy tip I use (and you can) to keep track of where your email address ends up after you’ve given it to a company.

If you’re a Google Mail user, personal or business (other mail services are available, and may or may not offer this feature), there’s a handy trick you can use to create ‘disposable’ email addresses, which can be used to easily identify if a company has shared your email address.

For instance, let’s say I want to sign up to a service from ShadyCompany Inc. They require an email address and I don’t necessarily trust that it’s going to be secure with them.

As a matter of course, when I sign up to things online, I create a ‘disposable’ email address on the fly with little to no effort by simply adding the company name to my ‘public’ email address, so if my email address was myname@googlemail.com, I’d give the company myname+shadycompany@googlemail.com in the signup process.

I’ve actually had a couple of cases where I’ve subsequently received mail from an obviously spammy sender, using one of these addresses, and the thing is, it’s now hilariously easy for me to see where said spammy sender has got my address from.

Untitled-1
Hmmm, where did you get that email address from, BT?

Sure, it’s easy for the spammer to remove the ‘plus address’ part before sending, and some signup forms won’t validate addresses with a plus in (even more annoyingly, some unsubscribe forms won’t either – but that’s no problem because of Gmail rules) but if nothing else, it provides an interesting insight into if and who your email addresses are shared with on occasion for little to no effort.

Conversely, if you’re a business who handles personal data, please take note; a plus in an email address is perfectly valid, be careful with the data you collect and treat it with respect, or you risk getting publicly called out on Twitter 😉

  • simoncox

    Excellent advice Dan! I have been sucessfully using a simular technique with Cpanel accounts. With these you can set up as many forwarders as you like. I set up boagworld@simoncox.com and I fwd the mail to my main mail account. If I get any spam I simply fwd it to a black hole.

    What has suprised and delighted me is the amount of companies not selling my email address it really has only been a couple over the past decade. Most of my spam has cone from registering a few domains years ago before I started doing this. 

    • simoncox

      and low and behold had an email to boagworld@simoncox.com today! Oddly someone had read a tweet of mine and looked me up to pitch for some work.

Headscape