Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How Did a Website Discover My Email Address?

I visited a website and two days later, I received marketing information through email from that website for their products. How could they know my email without me providing it when I visited the website? Could it be that they have group mailed somehow? The mail came on my Gmail account.

Depending on the site, it could be a coincidence. Many large companies use mass market email and the fact that you received a message might be completely random.

There are several ways that a company could do this… and again, it’s not based on paranoia. You just need to understand what technology these companies have that allows them to do this.

It all boils down to related sites or sites that use related advertising.

Become a Patron of Ask Leo! and go ad-free!

Related sites

Let’s say you visit Site A and buy something. You give them personal information, but at a minimum, you give them your email address.

Site A leaves a browser cookie on your machine, so whenever you visit, it knows that you previously bought something there. Now, Site A can tailor their site to your interests, keep you logged in, remind you of things you’ve purchased in the past, or do anything like that when you come back.

Now, you leave Site A and go to Site B to look around, but you don’t realize that Site B and Site A are the same company (think Gap and Old Navy1). Because the two sites are related, they share a database. They also share the cookie that Site A left on your machine.

Because of this, Site B recognizes you and looks up the email address in their shared database. As you leave, they send you an email related to what you were browsing.

Email Envelope Related advertisers

Now, the sites don’t have to be related for this to happen. Two sites may have the same advertising partner which shares information.

Let’s say that you bought something at Site C. Their advertising partner works with Site D. The advertising partner may have access to information like your email address through Site C and may pass it on to Site D.

Whether an advertiser does this or not depends on the privacy policies of the sites that you visit. If you visit a site, they may have a Privacy Policy checkbox somewhere. As long as it’s checked, the website feels that they have your permission to share your email address with whomever they want.

In that case, a company unrelated to the site that you actually did business with (say Site E) could use this advertising network to get access to your email address and send you more information.

Ultimately, getting your information is merely a matter of data analysis for companies and advertisers. It’s really not that unusual (and not that difficult) for companies to basically share information as you do business or simply visit on the internet.

If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,

Leo

Footnotes & references

1: I don’t know that they do any of the sharing I’m talking about here; they’re just an example of two stores that are actually owned by the same company.

26 comments on “How Did a Website Discover My Email Address?”

  1. “Many large companies use mass market email and the fact that you received a message might be completely random.” Isn’t that spam by definition? I don’t think many reputable companies would do this as it would backfire with them being labeled as spammer by the recipients and even getting flagged on services like WOT. I’d tend to go with the ad partner theory where the person may have inadvertently opted in for affiliate advertising,

    Reply
  2. Today I searched a few sites for eye glasses. I filled out NOTHING. About 15 minutes later I have an email for eyeglasses from a site that I didn’t even visit. I am an internet marketer. I understand how most everything works including remarketing, etc. This scenario boggles my mind and if it’s possible to get email addresses from a visit, that would do wonders for my Adwords campaigns.

    Any info?

    Reply
    • I think it’s just a coincidence. You probably were just thinking eye glasses, and so you noticed that spam email more than you would have otherwise. The site couldn’t get your email unless you gave it to them.

      Reply
    • Your comment sounds almost identical to the scenario described in the article, so I’d probably say it was either a coincidence or you accessed a website which shares a common advertising partner which shares a cookie with them..

      Shame on you Greg. Even if I knew a way to harvest an email through a search or a visit, I would never reveal it as it would be enabling spam.

      Reply
    • Hi Greg, it’s not a coincidence in my opinion. Same thing happened to me. I browsed a website for 2 minutes and then I got an email from that very same company 2 hours later. I have never been on this website before. I didn’t fill out any info. I had fraud on my credit card that same day for $10.71 at Lowe’s. My cc was entered in manually from a car that I never use anymore. But that is the one that auto fills on my iPhone. It blows my mind that website could get my info from just me visiting. But there is no other explanation here.

      Reply
    • It is not coincidence, I use a different email address for any site I give an email address to. Many sites are a visit for the first time and they still are able to get my main email address. That is why I came to this webpage to find out how they are getting it. e.g. the email address for this site will be askleo@ my domain name.

      Reply
      • It could be that they got the email address through an advertising partner as Leo said in the article.

        Reply
  3. Is it possible to receive porn sites and dating sites out of the blue in your spam email account without ever looking up any of it or putting your email in physically please is very important to know this my marriage depends on it

    Reply
    • It’s not only possible, it’s almost a sure thing that you will get porn spam whether you’ve viewed porn or not.

      Reply
  4. I have 3 email addresses, one is personal and given to friends. I visited a website and 2 days or so later I received an email in my personal email for friends. I programmed for a long time and have played with computers too and thought I was careful about my personal email and cannot figure out how they got my email address given to friends. It may have been open on another tab in the browser. Is having an open tab email a security risk? I had about 30 jobs as a programmer or analyst and used many different apps and thought I knew something and cannot figure it out.

    Reply
    • That definitely would be the kind of flaw which browser makers work hard to prevent. If one were discovered, the browser makers would patch ASAP. I won’t say a browser or any program doesn’t have vulnerabilities but it doesn’t seem likely in this case.

      Reply
  5. Hi,

    Today I went on a finantial site to get some investment company rates – top 10 companies etc. They wanted some info. I put in random characters for name, wrong DoB, old post (ZIP) code, wrong phone number. Clicking on NEXT came up “our adviser will call you” and no top ten list.
    2 minutes I got an email “Dear …. the exact same random name I had entered” How can this be?

    Reply
        • No. All I can think of is that something about your situation — cookies, cookies left by advertisers, information associated with other characteristics of your online session and so on — allowed the service to identify your actual phone number via other means.

          Reply
          • I do have a static IP here. Is that broadcast by the browser? There are obviously other sites where I have entered my email address… but then again this was the only time I entered that random name.

            I think I will revisit it with different info.

          • Your IP address is not “broadcast” by the browser, but is available to every site you connect to simply by virtue of the way that TCP/IP and networking works. Even I can see it.

  6. I work retail and we sell products through a 3rd party app. I have only ever given that company (which runs the app) my work email address. I don’t do any shopping from my computer at work, and I’ve never signed in to the app or its website on my phone or home computer. Recently, the company emailed me at an old personal email address (emails are retrieved by my new email account) about an order that is definitely one for the retailer I work for. I am baffled. I’ve asked the company how they got that email address. I suspect they won’t tell me, but we’ll see.

    Reply
  7. Same thing here. After clicking an ad in my email to check out a product, a vew hours later I get an email from them asking if I am still interested in that exact product. Should I clear my cookies?

    Reply
  8. Yesterday, I went to a metal supply site and added some items to my cart. I then forgot about it. Never gave them my e-mail address. Never subscribed to them. Never clicked an ad, etc.

    Today, I received an e-mail stating I have left items in my cart from them.

    Not cool.

    Reply
  9. How do individual parties get my email address? This is frustrating as hell. I have a website. My email address is NOT on that site, but it IS the one that’s linked with Google Analytics. From time to time I get emails from people wanting to provide me with SEO services. Maybe some are scams, maybe some are legit. I also periodically get emails from writers wanting me to post their articles. Are these people looking up my site on Google Analytics somehow, even though they don’t have my Google logins, yet somehow gaining access to data revealing my email?

    When I ask these SEO companies how they got my email, they NEVER respond. I haven’t asked the writers because I never want to post their articles, so I’m not going to say, “I can’t run your article, and by the way, how did you get my email address?” because I’m sure they won’t answer.

    I googled my question and can’t find the answer. (By the way, the email address I provided to post this comment is NOT the email address associated with Google Analytics.)

    Reply
    • It’s better not to ask how they got your email address. Those companies are spammers and responding to their spam only invites more spam. Just mark those emails as spam. It’s all you can do.
      As for how they get your address, if you have a website, they send the spam to something like info@{yourURL}.com or webmaster@{yourURL}.net etc.

      Reply
      • Yes, also a good point. Or if your name is common/short/obvious with respect to your website (like, say, “leo” might be for askleo.com) you can expect a lot of spam that way too.

        Reply
    • What’s the email address associated with your domain registration? That’s the most common thing.

      For the record, I get a constant stream of these the same requests. I’m convinced now that most are automated. Responding just isn’t worth it — I ignore them, and even mark most as “spam” since that’s ultimately what they are. Mark enough of them spam and a good spam filter will start throwing them into the spam folder automatically. it’s just not worth getting worked up over.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.