That could be a hack or something the company sold to a third party.

During a property search for rentals in the UK I created a throwaway alias email (to my regular account) as I did not really trust them with my data. This was not for those requiring me to provide credit check papers and name of children (!! yes, you read it right, name of children!) at the very first contact in their web form just to start conversation about if there is viewing ability or not, and then perhaps schedule one. No. Those were avoided completely (despite the desperate property market for renters, I am not that desperate: eventually we left the UK in a big part because of property troubles). Two of those were reported to the relevant authority (one case got confirmed after several months, but still pending after more than a year. The other sank, apparently. My trust in the UK institutions is not elevated). There were more than two requiring full set of data on the prospective viewing candidate.

The throwaway email was for the ""reliable"" ones. The trusted names. Or those without over-reaching data collection (one big name, Cheffin, one of the reported one, had over-reaching habit).

Having a throwaway alias proved benefitial. From zero spam to my email suddenly spam started to arrive with about 4 / week frequency. Kept coming until the alias got disabled. Cannot tell which was the culprit, only have a shortlist based on timing. But that never ever elsewhere used email somehow got to fraudster elements from the few UK property agent organizations I contacted. In very shor time (few weeks).

The absolute hell that is looking for a place to live in the UK. I remember having to submit a copy of my passport to one of those letting agencies. I don't even know how they process it and how it is stored, but I am convinced it's just stored on some random personal OneDrive at this point.

Same with me. I started to get spam from the email I used for a Portuguese airline. They didn't even respond.

I've had multiple "big companies" leak my randomly generated email addresses. I create a unique one for each such account, like say my airline frequent flyer account for delta, and I've had several of those leak.

blah1381812301.318719@somedomain.com would never be guessed.

Same, then later learned about TAP being breached. No disclosure from the company itself though...

always cc the local GDPR office when reporting such things

They won't do anything. Had this exact scenario with two Shopify-based sites where my address somehow ended up with the second shop. Reported it, shop 1 investigated themselves and found themselves to be innocent, case closed.

Shopify shares these I think, no?

That would be illegal. I doubt Shopify are to blame here, it's more likely one of the gazillion plugins that every shop uses was the vector. Either way, it's highly likely the shop owner is the data controller, from a legal perspective.

(Scenario: E-Mail address A with shop A, address B with shop B, then received a newsletter I did not subscribe to [already illegal] from shop B to address A. Only common data point: PayPal account.)

They'll just be incorporated in Ireland who are more than happy to be a haven for such criminals.

Where can I read more about this?

Just based on my comment the search query "Ireland compliance haven" would work, but for a more specific one, "ireland DPC big tech before:2026". The "before" is needed because else you'll only get news from a week ago exuberantly claiming that they're changing their behaviour.

Handling of their cases [0]. Suing the EU when it instructs them to investigate Meta's breaches, rather than doing the investigation [1].

> Former Meta lobbyist Niamh Sweeney will co-lead the Irish Data Protection Commission from mid-October. [2]

> A corporate lawyer who has worked for Big Tech played a key role in picking [her].

The DPC is the one responsible for going after GDPR violations. On the level of "Saudi Aramco lobbyist will co-lead the Environmental Protection Board". A lobbyist for the single worst offender in the entire world. You couldn't make it up. If you put it in a movie people would say it's too on the nose.

[0] https://noyb.eu/en/project/dpa/dpc-ireland

[1] https://iapp.org/news/a/court-upholds-edpb-s-authority-after...

[2] https://www.politico.eu/article/big-tech-lawyer-key-in-picki...

Every single time I order from KFC, I get an e-mail by a hot girl in my area. You think I can sue them for free chicken wing buckets?

Those aren't spam. Its that hot girls really want your wings.

How do you generate the email addresses? Do you run your own e-mail server or do you use a third-party service?

Own the domain put catch-all for that domain. No need to generate anything.

How did you solve problem, when your emails are put into spam folder in gmail?

I haven’t used gmail. No idea about the problem.

A few ways I've heard about - DuckDuckGo.com has a system that generates a random email address on their domain where you can request "a new email address" whenever you need one; you request a new alias and they create a permanent mapping to your real address from that new address. Then mail sent to say Foo-Bar-Hotdog@duck.com goes to you, duck remembers the mapping that this goes to your address. You can reply back and duck handles the anon mapping.

Or you can have a catchall email address on your own domain, where anything sent to any alias on your domain gets forwarded to your own address. Then hamburger@myDomain.com and mcdonalds@myDomain.com goes to your real private address. you don't have to set it up. Anytime you join a new service, say reddit, you tell them your address is "reddit@myDomain.com".

All of these have a level of pain associated with them. And they aren't that private. The government could no doubt get a court order to pierce the obscured email addresses.

There's proton email and many others. All of these are too painful for most people.

I have wondered if people who want to be really secret set up a chain of these anon mail forwarding systems.

Fastmail will let you create any number of "aliases" as they call them, with not too much friction.

Theoretically, the easiest way is to use a sub address (more commonly/colloquially known as email aliases or plus addresses, they're described in RFC 5233). You should be able to add a separator character (usually a plus, sometimes other characters instead/in addition) and arbitrary text to your email address, i.e. "myemail+somecompany@example.com" should route to "myemail@example.com"

In practice, this works about 95-99% of the time. Some websites will refuse the + as an invalid special character, and the worst of the worst will silently strip it before persisting it, and may or may not strip it when you input your email another time (such as when you're logging in or recovering your password).

I also suspect spammers strip out subaddresses frequently, very little of the spam I receive includes the subaddress.

So the only 100% reliable way is to use your own domain, but you don't need to run your own custom mail server

Proton let's me bring my own subdomain for those random emails and does a pretty good job of tracking which email is given to whom, and also supports hiding your email even if you want to initiate the email contact, not just reply (plus scheme in mail address doesn't allow this). Otherwise you can also use their domain too, to stay fully anonymous.

So far I've been happy. I hope I'll stay happy.

I've been happy with Proton too. I use my own domain and Proton's catch all for this. I always register using addresses like service.name@matheusmoreira.com.

If you’re on Gmail, there’s “plus addressing” - this allows you to append any term after your email - and then sort accordingly.

So if your Gmail is foo.bar@gmail.com you can use foo.bar+servicename@gmail.com and the mail will still end up in your mailbox. Then you can create a rule that sorts incoming mails accordingly.

I find plus addressing unreliable. Not all websites allow you to have the +.

I use addy.io