Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Did a Website Discover My Email Address?

//
I visited a website and two days later, I received marketing information through email from that website for their products. How could they know my email without me providing it when I visited the website? Could it be that they have group mailed somehow? The mail came on my Gmail account.

Depending on the site, it could be a coincidence. Many large companies use mass market email and the fact that you received a message might be completely random.

There are several ways that a company could do this… and again, it’s not based on paranoia. You just need to understand what technology these companies have that allows them to do this.

It all boils down to related sites or sites that use related advertising.

Become a Patron of Ask Leo! and go ad-free!

Related sites

Let’s say you visit Site A and buy something. You give them personal information, but at a minimum, you give them your email address.

Site A leaves a browser cookie on your machine, so whenever you visit, it knows that you previously bought something there. Now, Site A can tailor their site to your interests, keep you logged in, remind you of things you’ve purchased in the past, or do anything like that when you come back.

Now, you leave Site A and go to Site B to look around, but you don’t realize that Site B and Site A are the same company (think Gap and Old Navy1). Because the two sites are related, they share a database. They also share the cookie that Site A left on your machine.

Because of this, Site B recognizes you and looks up the email address in their shared database. As you leave, they send you an email related to what you were browsing.

Email EnvelopeRelated advertisers

Now, the sites don’t have to be related for this to happen. Two sites may have the same advertising partner which shares information.

Let’s say that you bought something at Site C. Their advertising partner works with Site D. The advertising partner may have access to information like your email address through Site C and may pass it on to Site D.

Whether an advertiser does this or not depends on the privacy policies of the sites that you visit. If you visit a site, they may have a Privacy Policy checkbox somewhere. As long as it’s checked, the website feels that they have your permission to share your email address with whomever they want.

In that case, a company unrelated to the site that you actually did business with (say Site E) could use this advertising network to get access to your email address and send you more information.

Ultimately, getting your information is merely a matter of data analysis for companies and advertisers. It’s really not that unusual (and not that difficult) for companies to basically share information as you do business or simply visit on the internet.

Footnotes & references

1: I don’t know that they do any of the sharing I’m talking about here; they’re just an example of two stores that are actually owned by the same company.

22 comments on “How Did a Website Discover My Email Address?”

  1. “Many large companies use mass market email and the fact that you received a message might be completely random.” Isn’t that spam by definition? I don’t think many reputable companies would do this as it would backfire with them being labeled as spammer by the recipients and even getting flagged on services like WOT. I’d tend to go with the ad partner theory where the person may have inadvertently opted in for affiliate advertising,

    Reply
  2. Today I searched a few sites for eye glasses. I filled out NOTHING. About 15 minutes later I have an email for eyeglasses from a site that I didn’t even visit. I am an internet marketer. I understand how most everything works including remarketing, etc. This scenario boggles my mind and if it’s possible to get email addresses from a visit, that would do wonders for my Adwords campaigns.

    Any info?

    Reply
    • I think it’s just a coincidence. You probably were just thinking eye glasses, and so you noticed that spam email more than you would have otherwise. The site couldn’t get your email unless you gave it to them.

      Reply
    • Your comment sounds almost identical to the scenario described in the article, so I’d probably say it was either a coincidence or you accessed a website which shares a common advertising partner which shares a cookie with them..

      Shame on you Greg. Even if I knew a way to harvest an email through a search or a visit, I would never reveal it as it would be enabling spam.

      Reply
    • Hi Greg, it’s not a coincidence in my opinion. Same thing happened to me. I browsed a website for 2 minutes and then I got an email from that very same company 2 hours later. I have never been on this website before. I didn’t fill out any info. I had fraud on my credit card that same day for $10.71 at Lowe’s. My cc was entered in manually from a car that I never use anymore. But that is the one that auto fills on my iPhone. It blows my mind that website could get my info from just me visiting. But there is no other explanation here.

      Reply
    • It is not coincidence, I use a different email address for any site I give an email address to. Many sites are a visit for the first time and they still are able to get my main email address. That is why I came to this webpage to find out how they are getting it. e.g. the email address for this site will be askleo@ my domain name.

      Reply
      • It could be that they got the email address through an advertising partner as Leo said in the article.

        Reply
  3. Is it possible to receive porn sites and dating sites out of the blue in your spam email account without ever looking up any of it or putting your email in physically please is very important to know this my marriage depends on it

    Reply
    • It’s not only possible, it’s almost a sure thing that you will get porn spam whether you’ve viewed porn or not.

      Reply
  4. I have 3 email addresses, one is personal and given to friends. I visited a website and 2 days or so later I received an email in my personal email for friends. I programmed for a long time and have played with computers too and thought I was careful about my personal email and cannot figure out how they got my email address given to friends. It may have been open on another tab in the browser. Is having an open tab email a security risk? I had about 30 jobs as a programmer or analyst and used many different apps and thought I knew something and cannot figure it out.

    Reply
    • That definitely would be the kind of flaw which browser makers work hard to prevent. If one were discovered, the browser makers would patch ASAP. I won’t say a browser or any program doesn’t have vulnerabilities but it doesn’t seem likely in this case.

      Reply
  5. Hi,

    Today I went on a finantial site to get some investment company rates – top 10 companies etc. They wanted some info. I put in random characters for name, wrong DoB, old post (ZIP) code, wrong phone number. Clicking on NEXT came up “our adviser will call you” and no top ten list.
    2 minutes I got an email “Dear …. the exact same random name I had entered” How can this be?

    Reply
        • No. All I can think of is that something about your situation — cookies, cookies left by advertisers, information associated with other characteristics of your online session and so on — allowed the service to identify your actual phone number via other means.

          Reply
          • I do have a static IP here. Is that broadcast by the browser? There are obviously other sites where I have entered my email address… but then again this was the only time I entered that random name.

            I think I will revisit it with different info.

          • Your IP address is not “broadcast” by the browser, but is available to every site you connect to simply by virtue of the way that TCP/IP and networking works. Even I can see it.

  6. I work retail and we sell products through a 3rd party app. I have only ever given that company (which runs the app) my work email address. I don’t do any shopping from my computer at work, and I’ve never signed in to the app or its website on my phone or home computer. Recently, the company emailed me at an old personal email address (emails are retrieved by my new email account) about an order that is definitely one for the retailer I work for. I am baffled. I’ve asked the company how they got that email address. I suspect they won’t tell me, but we’ll see.

    Reply
  7. Same thing here. After clicking an ad in my email to check out a product, a vew hours later I get an email from them asking if I am still interested in that exact product. Should I clear my cookies?

    Reply
  8. Yesterday, I went to a metal supply site and added some items to my cart. I then forgot about it. Never gave them my e-mail address. Never subscribed to them. Never clicked an ad, etc.

    Today, I received an e-mail stating I have left items in my cart from them.

    Not cool.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.