How do spammers get your email? You give it to them. Not directly, no — you sign up for an app or service and happily hand over your email to verify your new account, then that app or service sells your email address to marketers who now know what kinds of apps and services you like.
It's a shady tactic that's symptomatic of the current era of big data, and it may even be illegal in some jurisdictions. But companies get away with it because they're not the ones directly spamming you, so you don't normally have a way of knowing which service is the one who sold your data.
- Don't Miss: How to Use Google Voice as a Burner Number
The next time you sign up for an account with an app or website, add a + symbol and a unique identifier after your user name, but before the @ symbol. So this standard email format:
... would become something like:
Ideally, use the app's name so it's easier to find the culprit. If you sign up for a TikTok account with firstname.lastname@example.org and then you start getting a lot of spam emails with that specific address as the recipient, you'll know it was TikTok who sold your email address — sort of like a marked bill, if you will.
The reason this works is because Gmail ignores everything after a + sign in any email addresses, yet still delivers the emails. So check that Sender field on your next spam message.
You might run into an issue where the service you're signing up for doesn't allow you to input a + symbol in the email field. If that happens, you can use another Gmail trick: add a period somewhere in your user name. For example:
... could be entered as the following when signing up for one website:
... then as this when signing up for a different website:
Similarly to the + symbol, Gmail outright ignores any periods in user names and delivers the email as if they weren't there. You'll have to remember which position the period was in when you signed up for each service, and there are a limited amount of combinations. However, note that you can use multiple periods.
Sadly, you're not going to be able to put an end to shady data sales just by catching a company in the act — there simply isn't an adequate system in place to punish policy violators, if there's even a policy against this in your jurisdiction in the first place. But you can, at least, do your part.
You can report privacy violations to the FTC if you live in the US. If you're in the European Union, you can make a complaint with the Information Commissioner's Office. Don't expect action, but enough complaints could get the ball rolling.
Have an iPhone? See everything that's new with Apple's latest iOS update: