[huhtenberg]

I am listed, but it's an address that was never used to register or subscribe to anything online. It's also under a year old.

It must've been vacuumed up from other people's contact or email data.

[luckylion]

Or from the email provider, if it's not your own server.

I know that e.g. GMX has had a leak at some point (or sold data), as an email I created there ages ago was used in phishing. Okay, that's lame, but they've also used the fake name I had given to GMX, spelled perfectly. I've never used that name anywhere when signing up, so it must come from the database.

[huhtenberg]

I use a private email server.