Somewhere right now, a company you've never heard of has your email address, your approximate age, your income bracket, your home address, and a list of your likely purchase interests — and they're selling all of it to anyone willing to pay. These companies are called data brokers, and they operate almost entirely out of sight.
Understanding how they get your email is the first step to limiting what they can do with it.
What are data brokers?
Data brokers are companies whose entire business model is collecting personal information, combining it into profiles, and selling access to those profiles. Their customers include marketers, insurers, employers, landlords, political campaigns, and law enforcement. The largest brokers — Acxiom, LexisNexis, Experian, Oracle Data Cloud — hold records on hundreds of millions of people.
Unlike the companies you knowingly interact with, data brokers typically have no direct relationship with the people whose data they hold. You didn't sign up with them. You didn't agree to their terms. Your information arrived through other channels.
How they get your email address
Data brokers aggregate email addresses from multiple sources simultaneously:
- Purchase from other companies. When you buy something online, the retailer may sell your email (along with purchase data) to data brokers as part of their own revenue model. This is often buried in privacy policies under language like "sharing with trusted partners."
- Public records. In many countries, voter registration records, court filings, and property records are public and contain contact information. Brokers scrape these systematically.
- Social media and public profiles. Email addresses listed publicly on LinkedIn, Twitter, personal websites, forum profiles, or GitHub are harvested by automated scrapers.
- Data breaches. After a breach, leaked email databases circulate widely. Brokers incorporate breached data into their profiles — legally in some jurisdictions, illegally in others, but the enforcement gap is vast.
- Loyalty programmes and sweepstakes. Sign up for a loyalty card or enter a competition and your email is frequently sold or shared. The data collection is the product; the discount or prize is the acquisition cost.
- Website tracking. Third-party tracking scripts embedded on websites can associate your browser identity with your email if you've ever logged into a connected service. This links browsing behaviour to your email profile without you ever explicitly providing it.
What they do with it
Your email address is used as a universal identifier to merge data from different sources into a single profile. Once brokers have your address, they can cross-reference it with purchase history, location data, public records, and inferred attributes like estimated income, political affiliation, and health interests.
That profile is then sold to advertisers for targeting, to employers for background screening, to insurers for risk assessment, and to anyone else who pays. The profile is continuously updated as new data arrives.
Why opting out is difficult
Most major data brokers offer opt-out processes — but there are hundreds of brokers, each with their own process, and removal from one doesn't affect the others. Opt-outs also tend to be temporary: brokers re-acquire your data from new sources and the cycle restarts. Services like DeleteMe automate the opt-out process across hundreds of brokers, but they require an ongoing subscription to stay effective.
In the EU and UK, GDPR gives you stronger rights — the right to erasure is legally enforceable. In the US, legal protections vary significantly by state, with California's CCPA providing the strongest consumer rights.
How to limit what brokers can collect
You can't fully disappear from data broker systems, but you can significantly limit the data they can collect going forward:
- Use a disposable email for signups. When you give a unique temporary address to each service, brokers can't merge those interactions into a single profile. The addresses don't link back to your identity and expire before they accumulate meaningful history.
- Don't list your real email publicly. Remove it from social media profiles, forum accounts, and public directories where scrapers can find it.
- Opt out of data sharing during signups. Many services have opt-out checkboxes buried in the signup flow or linked in the privacy policy. It takes time, but it reduces downstream sharing.
- Submit opt-out requests directly. The major brokers — Acxiom, Spokeo, WhitePages, BeenVerified — all have opt-out pages. Request removal once a year; it won't be permanent, but it reduces your exposure.
The temp mail connection
A disposable email address doesn't stop data brokers from existing. But it breaks the most important tool they use: the persistent email identifier that links your activities across services into a unified profile. A temporary address that expires after one use gives brokers nothing to aggregate around.
It's one of the simplest and most effective ways to limit what they can build on you — without opting out of anything, without trusting a third-party removal service, and without any ongoing maintenance.