What Happens

When we sign up for online services, be it a shopping account or a newsletter, often our email address is a required piece of information.

When we provide this we expect to receive email communications solely regarding the service we gave that email to, but often we get spam from companies we have never heard of.

This typically happens for one of two reasons:

1) There was a data breach and our email addresses were stolen

2) Our email addresses were sold for profit

How To Track It

Being aware of what website lost (or sold) our email can inform us of a possible data breach or have a better understanding of how trustworthy that service is.

We can do this using plus addressing, which is supported by most major email providers including Gmail, Outlook, and Yahoo.

When we give our email to a site, say this newsletter, most folks give their email verbatim, such as name@gmail.com.

If we wanted to track Plain Speak Cyber we would sign up with name+PSC@gmail.com.

Anything from the ‘+’ sign until the ‘@’ symbol will be ignored when delivering email. It’s like it doesn’t even exist except we will see it in the TO field.

If we see name+PSC@gmail.com delivered to our inbox from anywhere other than this newsletter then we have reason to believe that this service somehow transferred your email to another party.

There’s One Catch

Oftentimes our email address is the username for the service, meaning we can’t forget it. This is where using a password manager is key as we do not want to try to remember all of these variations. If we lose the exact email provided it’s possible that account recovery options may not work.

PSC’s Promise

I’ll never sell your email to another party. Want to keep me honest? Use this technique and let me know if you ever receive an unexpected email.