The Business of Selling Email Addresses

The Legal Market

The email list industry is a multi-billion-dollar business that operates largely in the open. Companies like Acxiom, Oracle Data Cloud, and Experian maintain databases of billions of consumer profiles, each containing email addresses linked to demographic data, purchasing history, online behavior, and more. These profiles are sold to marketers, advertisers, and businesses looking to reach specific audiences.

The pricing varies enormously depending on the quality and segmentation of the list. A generic list of unverified email addresses might sell for $0.01 per address. A curated list of verified email addresses belonging to C-suite executives in the healthcare industry might sell for $0.50 to $1.00 per address. Highly targeted lists — say, people who recently searched for mortgage refinancing in a specific zip code — can command even higher prices.

How Your Address Enters the Pipeline

There are multiple entry points into the data broker ecosystem:

• Terms of service agreements: Many free services fund themselves by selling user data. That free quiz, the loyalty card program, the "free" app — they all monetize your information.
• Third-party sharing clauses: Buried in privacy policies, these clauses authorize companies to share your data with "partners" and "affiliates" — often a euphemism for data brokers.
• Public records: Voter registrations, property records, court filings, and business registrations are public data that brokers aggregate and enrich.
• Purchase tracking: Loyalty programs and payment processors track your purchases and link them to your email, creating behavioral profiles.
• SDK data collection: Many mobile apps include third-party tracking SDKs that collect and transmit your data, including email addresses, to advertising networks.

The Underground Market

Below the legal market exists a thriving underground economy. Stolen email databases from data breaches are sold on dark-web marketplaces, Telegram channels, and hacker forums. Prices for breached databases range from a few hundred dollars for small datasets to tens of thousands for large, fresh breaches containing passwords and other sensitive data.

The distinction between legal and illegal markets is not always clear. Some "legitimate" marketing companies purchase lists from questionable sources, laundering stolen data into the legal email marketing ecosystem. A company might buy a list claimed to be "opt-in" when it was actually compiled from breached databases.

The Impact on You

Once your email enters the commercial ecosystem, it is nearly impossible to remove. Data brokers share and resell data continuously. Even if you request deletion from one broker (using GDPR or CCPA rights), the same data may exist in dozens of other databases. The result is a permanent increase in spam, targeted advertising, and exposure to phishing — all linked to your email address.

How to Stay Out of the System

The most effective defense is to prevent your real email from entering the pipeline in the first place. Use a TempoMail disposable address for any interaction where you suspect your data will be sold or shared — and assume this is the case for any free service, marketing promotion, or non-essential signup. By keeping your real email out of these databases, you avoid the cascade of spam, tracking, and potential fraud that follows.

For existing exposure, periodically audit your data broker listings (sites like Spokeo, WhitePages, BeenVerified) and submit opt-out requests. It is tedious but effective at reducing your visibility in the legal data market. The underground market, unfortunately, cannot be cleaned up — which makes prevention all the more important.