Stop Giving Out Your Real Email Address! Here's Why...

The Small Habit with Big Consequences

Most people are accustomed to giving their email to stay in touch. They’ve typed it into so many forms over the years that it barely registers as personal information anymore. How else are you supposed to receive updates, receipts, invitations, or reset your password for the 10th time? In fact, when a website asks for your email, it probably requires only one click to autofill…as it’s likely stored in your phone’s password manager. Right? What isn’t so obvious is that your email address is not just a communication tool. Unlike a username that you can abandon or a cookie that you can clear, email addresses stay with us for much longer. Many people still use addresses they created a decade or more ago, well before online tracking became as aggressive and sophisticated as it is today. Over time, that single address becomes a thread tying together countless pieces of your digital life…and once those connections are made, they’re very hard to undo.

Your Email Address Is a Tracking Tool

To advertisers and data brokers, your email address is an invaluable digital breadcrumb. It’s the easiest information they can get ahold of because it’s one of the first things that apps and websites ask for to sign up for a newsletter or discount code, register for an app, RSVP for an event, login to an account, and so on. Every time you do, you’re creating a trail of activity across different websites, services, and devices. Those breadcrumbs can easily be gathered and followed if an app or website sells your data or accidentally exposes it in a data breach. But these days, data brokers and advertisers don’t even have to do that much. Instead, companies create identifiers (like Unified ID 2.0) using your email to recognize you across different platforms and link together every account associated with it. Now, data brokers and advertisers have a singular profile that combines data from all of your different social accounts, browsing habits, purchase history, logins, and so on. And as we pointed out, your email address is persistent by design, which makes these tokens and profiles more valuable and more detailed as you keep your same email address over the course of many years.

So why does it matter if data brokers have a profile on you? Well, these profiles do way more than simply compile publicly available data about you. They can also infer a lot of information about you that’s NOT public: where you went to school, what devices you use, the make and model of the car you drive, your purchasing habits, and even sensitive traits like income, ethnicity, sexual orientation, political beliefs, health and medical history, mental health challenges…the possibilities are virtually endless. And because the data broker industry is not very closely monitored or regulated, there’s no telling who could be buying that data or what it could be used for. More than just targeted advertising, data brokers have been used by stalkers looking to surveil victims, by governments looking to circumvent subpoenas and the law, by foreign intelligence agencies to conduct espionage, and by businesses to engage in illegal discrimination before an applicant can even learn why they were rejected.

Email Messages Can Track You as Much as Cookies

As cookies have become easier to block, email-based tracking has stepped in to fill the gap. Marketing emails frequently contain invisible tracking pixels and tagged links that silently report requested information back to the sender when you interact with a message. Marketing teams use these trackers alongside strong analytics tools to collect surprisingly specific information, including:

• Whether and how many times you opened an email
• The device you used to open it
• Your approximate location at the time of opening
• Whether you clicked any links, and which ones
• Which email provider you’re using

In other words, email tracking comes with non-consensual privacy trade-offs. Not only does this seriously compromise your privacy, but it makes data more susceptible to breaches, affects what content you’re shown, and can lead to an influx of unwanted follow-up emails simply because you interacted once.

One especially concerning aspect of email tracking is how little oversight exists. Laws like GDPR and CCPA require websites to ask permission for and let users opt-out of cookies. They are MUCH less explicit with how they regulate email tracking, which can gather even more information from you. Smaller, lesser-known data brokerages thrive in this legal gray area, pushing ethical boundaries, exploiting data, and sometimes violating regulations with little consequence.

Your Email Provider Could Be Sharing Your Information

The risks unfortunately don’t stop with marketers and data brokers. As we’ve shared many times, your “free” email provider could be selling you out, too. After all, these email services don’t operate out of generosity: they make money by gathering data from your email activity and sharing it with advertisers. Even if your messages aren’t read word-for-word, the metadata, usage patterns, and behavioral signals are all fair game to profile you. Big Tech claims they don’t “sell” your data outright, which is technically true. But Google and Microsoft are the biggest “Real-Time-Bidding” companies, which means that they disclose the profile information that they’ve gathered so that advertisers will hopefully bid to show you targeted ads. In other words, no one pays for the data directly. Instead, advertisers are bidding to buy ad space and they don’t need to win the auction to get a copy of your information. The ICCL recently reported that Google broadcasts private data like browsing and location information 42 billion times every day in Europe or 31 billion in the US.

Since most email accounts are tied to your legal identity, IP addresses, and login histories, they are easy targets for governments as well. They can access your email-linked data and even your inbox through subpoenas, warrants, and buying commercial datasets. In 2016, it was revealed that Yahoo had built a custom backdoor to scan millions of emails at the request of the FBI and NSA. Google even says in their own terms of service that they can disclose your data in response to a government request or order, and shared in their “Transparency Report” that they disclosed at least some of users’ information in over 80% of these cases. And depending on the circumstances, they may not notify you of the government’s request or what information they disclosed. But if you’re worried about subpoenas, you should know that government agencies routinely buy data from data brokers as a way to circumvent subpoenas, as was detailed in a partially declassified report from January 2022.

Private Email: Your Tool to Fight Back

Once advertisers, data brokers, or governments have your email address, that information stays current until you change it. But there is good news: you can fight back against all of this privacy invasion with one simple switch to a private email provider. When you switch to a private email provider, like StartMail, you already block common surveillance tools like tracking pixels by default. That alone greatly limits how much data can be siphoned off by opening a message. On top of that, the right private email provider will provide you with an even more powerful weapon against email surveillance: aliases. Aliases break the idea that you need a single, permanent email address for everything. Instead, you can generate “alternative” addresses that stand in place of your “real” email address, but still forward to your main inbox. And with StartMail, you can create different types of aliases:

• Unique aliases for each website or service, and delete them when you’re done
• Instant burner aliases for one-off signups, discounts, or downloads
• Personal aliases for ongoing relationships where you still want privacy

Suddenly, advertisers can no longer link your accounts across sites. Data brokers end up with fragmented, less reliable profiles. Data breaches and leaks expose disposable addresses, not your core identity. Aliases cut off unnecessary connections and effectively weaken the direct link between your personal data and your email. That’s why, at StartMail, we let every user generate unlimited aliases.

Treat Your Email Like a Home Address

Many of us are still using email addresses we created before digital surveillance became a defining feature of the internet. Back then, giving out your email felt closer to sharing a username. Today, it’s much closer to giving someone your home address. In other words, it’s something you think twice before handing out to a stranger. Remember that criminals, advertisers, and data brokers don’t need your entire life story all at once. They just need crumbs. Using aliases and a private email provider won’t make you completely invisible. But invisibility isn’t the goal. Autonomy is.

Privacy is about choosing when and how you’re identifiable and when you’re not. You don’t have to disappear from the internet to protect yourself. You simply have to make smarter decisions that put your privacy at the forefront. And with StartMail, you can make a single choice that lets you protect your data and your privacy for years to come.