Are companies sharing your personal email address?

As a follow up to a recent post from Marcus about good and bad user experiences, I thought I’d share a handy tip I use (and you can) to keep track of where your email address ends up after you’ve given it to a company.

If you’re a Google Mail user, personal or business (other mail services are available, and may or may not offer this feature), there’s a handy trick you can use to create ‘disposable’ email addresses, which can be used to easily identify if a company has shared your email address.

For instance, let’s say I want to sign up to a service from ShadyCompany Inc. They require an email address and I don’t necessarily trust that it’s going to be secure with them.

As a matter of course, when I sign up to things online, I create a ‘disposable’ email address on the fly with little to no effort by simply adding the company name to my ‘public’ email address, so if my email address was [email protected], I’d give the company [email protected] in the signup process.

I’ve actually had a couple of cases where I’ve subsequently received mail from an obviously spammy sender, using one of these addresses, and the thing is, it’s now hilariously easy for me to see where said spammy sender has got my address from.

Hmmm, where did you get that email address from, BT?

Sure, it’s easy for the spammer to remove the ‘plus address’ part before sending, and some signup forms won’t validate addresses with a plus in (even more annoyingly, some unsubscribe forms won’t either – but that’s no problem because of Gmail rules) but if nothing else, it provides an interesting insight into if and who your email addresses are shared with on occasion for little to no effort.

Conversely, if you’re a business who handles personal data, please take note; a plus in an email address is perfectly valid, be careful with the data you collect and treat it with respect, or you risk getting publicly called out on Twitter 😉

Dan Sheerman's avatar
Dan Sheerman
9 June 2016