It’s not easy or obvious, but sometimes it’s possible if you don’t take care
It depends on your own level of security savvy, as well as how you’ve used that email address in the past.
For example, you could just have given your email address to a spammer.
Unfortunately, that’s not the worst that could happen.
Become a Patron of Ask Leo! and go ad-free!
Using a throw-away email address is the best way to protect yourself when dealing with someone unknown. Sharing an email address can result in more spam, but doesn’t reveal your location explicitly. Public records with your email address, however, can expose that and much more, often with a simple search. And of course, always be skeptical of links and attachments from someone you don’t completely trust.
This situation calls for a “throw away” email address.
Go create a new one at one of the free email services, like Gmail, Outlook.com, Yahoo, or others, and give that email address to the person you’re contacting but don’t quite trust.
That way, you can give them your “real” email address once they gain your trust. If they violate your trust, you can simply discard the “throw away” address.1
All the while protecting yourself.
Protecting yourself from what?
The interesting thing about using this as a way to harvest email addresses is while it seems very labor intensive, the spammer also has a much more targeted idea of what you’re interested in, making your email address that much more valuable.
Enter your email address into a search engine or two.2
If personal information about you shows up in the results, then anyone with your email address can perform the same search and get the same information.
This isn’t the search engine’s fault. It’s simply indexing publicly accessible information on millions of websites. Your email address and associated information happens to be posted publicly somewhere, and thus appears in the results.
Your location is not a characteristic of your email address, so no, people cannot track your email address location directly. Particularly for services like Gmail and Microsoft’s Outlook.com, that information is kept private.
However, there are two rather stunning exceptions:
- If you’ve allowed it to be public. For example, social media profiles are often publicly accessible, and thus anyone can see them. Any information you’ve included — including your location — is visible if you’ve allowed your profile to be public.
- If your email address is associated with your location in some other publicly available document. The biggest example might be public records. It’s easy to forget that many routine government and service agency documents are explicitly part of the public record and visible to anyone, and could potentially allow someone to track your email address location.
Exactly how easy it would be to find this information varies. Some will appear in simple search engine searches. Some may require more direct investigation and access by a sufficiently motivated seeker.
When it comes to malware and data loss, the news is fairly good in that you are ultimately in control. The bad news is that it doesn’t matter what email address that you use.
Let me ask you this: if your new-found contact emailed you an attachment, would you open it?
If you answered “yes”, then you could have just accepted and installed malware on your machine that could wipe it out, steal your account password(s), or who knows what else. In other words, you are definitely at risk if you aren’t paying attention.
For the same reasons, I’d also be wary of visiting websites you don’t recognize suggested by this person.
Politely decline ’em all. If the person is legitimate, they’ll understand. If they insist, get angry, or threaten to leave, that’s a sign that perhaps all isn’t what it seems (or that they need to read this article).
Making contact over the internet
This advice applies to more than just dating sites.
Any contact you make that is initially and only over the internet entails a certain amount of risk. The person may not be who they say they are. They may have malicious intentions. Until you can build a sufficient level of objective trust, it’s best to avoid sharing your “real” email address and view everything with a healthy dose of skepticism.
Footnotes & References
1: Most easily done by just ignoring it. Don’t log in to it ever again, and eventually it’ll disappear.
2: Harder than it sounds, since most search engines ignore punctuation. At this writing, using duckduckgo.com and putting your email address in quotes — “email@example.com” — seems to work.