How To Figure Out Who Is Leaking Your Email - An illustration showing your email ID on the left. This email ID is being shared with three services at the center: A music streaming service, a newsletter subscription, and a video streaming service. The newlsletter subscription leaks your email ID to three different spam services on the right.

Why would you wish to figure out who is leaking your email ID? Well, let us say that you use your email address to sign up for a bunch of online services. All of a sudden, you start receiving spam emails from unrecognised sources.

The email account that you carefully maintained all this while is now the camping ground for African princes and billionaires who generously wish to share their wealth with you. For starters, don’t you wish to figure out who the culprit that leaked your email ID was?

I was faced with the same situation. And I just had to look for a solution. The solution that I came across not only helped me figure out who the culprit was, but it also enabled me to completely neutralise all further spamming attempts.

I will begin this essay by giving you a step-by-step breakdown of the procedure that I followed (it is surprisingly easy and simple). Following this, I will explain the ingenious email technology behind this solution. Without any further ado, let us begin.

This essay is supported by Generatebg

A product with a beautiful background featuring the sponsor: Generatebg - a service that generates high-resolution backgrounds in just one click. The description says "No more costly photographers" and displays a "Get Started" button beneath the description.

Sign Up Using Plus Addresses

Let us say that you wish to sign up for a random online service using your email ID. The first thing you need to do is share a plus address from your email service provider instead of your original one. Let me explain.

Suppose that this is your email address: JohnDoe@FictionalMail.com*

And further, suppose that you wish to sign up for a music streaming service called FictionalStream.net. In their sign-up form, provide the following email ID (as an example):

JohnDoe+FictionalStream@FictionalMail.com

Don’t worry. You will still receive all emails from this service provider in the inbox associated with your original email ID (JohnDoe@FictionalMail.com).

The string after the plus (+) symbol is not considered part of your email address, but rather a label (more on this later).

You can use the same logic to sign up for other services as follows:

Fictional Service 1: [email protected]

Fictional Service 2: JohnDoe+FictionalService2@FictionalMail.com

This way, each service provider gets a unique instance of your email address. But you get all of their emails in your inbox. Now that we have taken care of that, let us see how we can leverage this labelling system to track the culprit down.

Set Up Filters and Actions Based on Labels

Depending upon the email service provider you use, you might need to manually set up labelling. In simple terms, you tell your email client to do the following:

If an incoming email has the following ‘To’ address: “[email protected]”, label it as follows: “Fictional Service 1”.

How To Figure Out Who Is Leaking Your Email — A screenshot of a Gmail functionality that lets you assign a custom label to an email with the ‘To’ field marked to “johndoe+fictionalservice1@fictionalmail.com
Example of email filter/label — Courtesy: Gmail

Then, you can leverage these labels by setting up automated filters and/or actions upon email arrival. For example, you can tell your email client to automatically move emails with particular labels to specific folders, or delete them, etc.

This is what we will be using to not only figure out who the culprit is, but also take automated action to neutralise further spamming attempts.

How to Figure Out Who is Leaking Your Email ID

Now that we have our labelling system working, as soon as you start receiving spam emails, you will notice the label of its original source. That is, you will directly see which culprit leaked your email ID.

You might now think that you could just unsubscribe from this service and that would fix the issue. But the challenge is that we do not know just how many spam sources this service provider leaked your Email ID to.

So, even if you unsubscribe from the questionable service provider, you might still continue receiving spam emails. To counter this issue, we are just going to leverage the filter/action system we set up earlier.

How To Figure Out Who Is Leaking Your Email — An illustration showing your email ID on the left. This email ID is being shared with three services at the center: A music streaming service, a newsletter subscription, and a video streaming service. The newlsletter subscription leaks your email ID to three different spam services on the right.
Email Leaks — Illustrative art created by the author

You can tell your email client to automatically move further emails associated with the ‘culprit’ label to your spam folder or even to delete it automatically.

How To Figure Out Who Is Leaking Your Email — A screenshot of a Gmail functionality that lets you create a custom action based on the custom label ‘Fictional Service 1’. There is even an option to directly delete emails that carry this label.
Example of automated email filter plus action — Courtesy: Gmail

There you go. Not only do you neutralise spam email attempts this way, but you need not manually unsubscribe or recover your email address from each source.

Now that I have covered the procedure that I followed, let me get into the basic technical details of how this solution works.

Subaddressing — The Basics

Technically, the concept powering this solution is known as ‘subaddressing’ or more colloquially, ‘plus addressing’. Simple Mail Transfer Protocol (SMTP) email addresses use the following email ID syntax:

<local-part>@<domain>

When you use subaddressing/plus addressing to label your email subscriptions, you use the following syntax:

<local-part>+<tag>@<domain>

the ‘+<tag>’ part refers to the custom label that you choose for each service provider. As far as I could check, many popular email service providers (all the ones that I use) offer this functionality. So, for most mainstream applications, this solution should work well.

On that note, we do need to consider some restrictions when we use this technology.

How to Figure Out Who is Leaking Your Email ID — The Restrictions

The ‘+<tag>’ part that you choose is subject to the regular character restrictions that SMTP email address are bound to. For example, you are not allowed to use spaces.

Furthermore, some online service providers use forms that do not recognise the plus (+) symbol. So, this solution might not work with them.

Another limitation that I came across is when you have to manually send an email from your email ID to a service provider in order to unsubscribe.

In such a scenario, your ‘from’ address will be your default email address (for example: [email protected]) and not the one you used to register for the service (for example: [email protected]).

Your service provider might refuse to accept/acknowledge your ‘unsubscribe’ request due to this mismatch. I know that most services don’t operate this way (they use an ‘unsubscribe’ link), but in some cases this can be a pain. So, just be aware of that.

By now, I think I have covered almost every relevant aspect of this solution. So, I’ll just round things up by summarising the steps once again and sharing a bonus use case for this technology.

How to Figure Out Who is Leaking Your Email ID — Summary

Here is a step-by-step breakdown of what we have covered thus far:

Step 1: Subscribe to/register with each online service provider using a plus address: <local-part>+<tag>@<domain>. Choose the ‘+<tag>’ part uniquely for each service.

Step 2: Label incoming emails with the plus-registered ‘To’ address using a unique identifier in your email client (such as FictionalService1).

Step 3: Notice which label each spam email carries — this label leads to the culprit.

Step 4: Set up automated filters/actions based on the label in question. For example, you can automatically route such emails to a spam folder.

More Functionality for Better Organisation

Asa bonus use case, you can employ this technology to organise your email connections better. For instance, instead of handing out separate email IDs to friends and family members, you could hand out the following email IDs for each case:

To friends: [email protected]

To family members: [email protected]

As you can imagine, you can extend this concept to business email addresses as well. For example, you can have a separate tag for ‘Billing’, ‘CustomerSupport’, etc. I’ll let you work out further creative possibilities on your own.

I came across this cool technology when I was trying to solve my own problem. In the process of solving my problem, I learnt so much about the technology that I thought I’d write about it.

I hope you found my essay useful. Furthermore, I wish you fun and success in organising and tracking your email sources using this technology.

*All email addresses that I have used in this essay are fictional by intention. Any resemblances to real-world email IDs are purely coincidental and not intended.

Reference: Microsoft.

If you’d like to get notified when interesting content gets published here, consider subscribing.

Further reading that might interest you:

If you would like to support me as an author, consider contributing on Patreon.

Street Science

Explore humanity's most curious questions!

Sign up to receive more of our awesome content in your inbox!

Select your update frequency:

We don’t spam! Read our privacy policy for more info.