MichaelBluejay - 8:30 pm on Dec 18, 2009 (gmt 0)

Whenever I sign up with a company or for a list, I use a unique email address specific to that company/list, and never use that address for anything else. Today I got pharma/ED spam to various of those unique addresses. After a little research, I found the common thread: The companies I gave those addresses to use [mailing list] services. ([this company] provides mailing list services to businesses, e.g. sending newsletters to a company's customers.)

So it looks like [they were] hacked and email addresses were stolen. (I doubt they'd be foolish enough to *sell* the addresses.)

This is one reason I recommend using a unique email address for every entity you do business with, if possible. Providers like Gmail and Dreamhost make this easy with plus-addressing. If your address is me@example.com, then you can use me+anything@example.com whenever you fill out a form. (e.g., me+Name1@example.com, me+Name2@example.com) Anything with a plus address goes to your main mailbox. If you start getting spam to your plus address, you can turn off just that address, and all your other email will be delivered.

Remember, even if you trust a company to whom you give your address to not sell it to others, the company could be hacked -- or the company's email provider could be hacked.

[edited by: phranque at 5:50 am (utc) on Dec. 20, 2009]
[edit reason] specifics [/edit]