Registration for Websites
Many websites enforce registration before they can be used. Sometimes only limited access is available to unregistered users. If users want to use all the functionality of the site, then they have to register and provide their email addresses.
In the past, some websites used to sell the email addresses of their users. Now, most reputable sites publish email policies allowing users to opt out of any email marketing. If a user registers for a website, they should ensure that they read the policy thoroughly and choose the appropriate response on the sign-up form of the website.
Some websites state that their policy is not to sell or give out user's email addresses, but marketing information from other companies is still received. The email is sent from the website on behalf of the third party, and so the policy is not being broken. The only consolation is that the marketing emails received are usually inoffensive and even possibly of interest.
Tracking Email Address Usage
When spam is received, it is difficult to know how the spammer obtained the email address. If a user makes use of a number of email addresses, there are techniques that can determine where an email address is being shared with other organizations.
If a user uses a particular email ID for only one site or service and starts to receive spam on that ID, then it is obvious that the email address has probably been sold, passed on, or stolen from that site. It is possible that sites that do sell email addresses examine their list before sale, and remove any traceable email addresses. This technique may act as a deterrent in some cases.
Sendmail Plus Technique
Sendmail users can take advantage of the sendmail plus technique, where a valid email address can be suffixed with a plus (+) and another word. The email is delivered to the user name as described before the plus sign; the other word after the plus sign is discarded. The user john@domain.com can use john+list1@domain.com or john+website1@domain.com to register for particular websites or mailing lists.
This approach can also be used by system administrators who add user accounts, or by an organization that uses one of the many ISPs that provide a large or even unlimited number of email addresses.
Rogue Employees
Despite the privacy policy of a website, there is a possibility that a rogue employee could copy the database of users, including their email addresses, and sell it for marketing purposes. In June 2004, an America OnLine (AOL) employee was arrested after being suspected of selling up to 30 million email addresses to a spammer. There is little that can be done, except to deal only with established, reputable sites that have an image to maintain.