When it comes to spam email lists, I strongly suspect the main culprits are the individuals themselves, not being sufficiently defensive.
This afternoon I bought some stuff in Halfords. At the till, they were asking people if they had an email address "for the receipt". The correct answer is, of course, "I do have an email address but I am unwilling to tell you what it is"
. Unsurprisingly though, the three people in front of me in the queue meekly complied, without even asking any questions about privacy policies.
That was the third time this week I've been asked for an email address, others were at a railway station when buying a travel card, and at an opticians having an eye test. Same answer each time, "I am unwilling to tell you..
.". Companies would not be harvesting email addresses unless they planned to spam you with reminders or special offers or, worse, to sell your email on to other spammers. And even if they don't sell it on, a rogue employee might raid the list and sell it, or their servers might get hacked.
I must be doing something right because I have been using exactly the same private email since 1999, yet the spam count for the last 30 days stands at just 10 messages . Not too bad, really.