For more than 10 years now, I’ve used custom email addresses when I log in to a web site I don’t fully trust, e.g. ben-SITENAME at adida.net. Until recently, the only time I’ve actually been able to trace emails to their source is when I saw how Democrats reused some of their mailing lists during the 2004 and 2008 campaigns.
This weekend, though, I received an unpleasant surprise. I got a spam email sent to ben-healthengage. HealthEngage is a health web site I tried out a few days months ago to explore how some companies are working on device connectivity. I’m 99% certain I haven’t used that email address anywhere else (why would I?) So, is HealthEngage leaking email addresses in some way, either because they’re selling them or because they’re not protecting them very well and spam crawlers are picking them up somewhere?
Either way, it’s a little bit disconcerting: this is a health-data web site, and its members surely worry about their privacy.