Find out if your email address has been sold

Martin Brinkmann
May 31, 2018
Updated • May 31, 2018

Have I Been Sold is a new free and open source web service that helps you find out if your email address has been sold by companies in the past.

If you received spam in the past you probably wondered how the sender of the spam message got hold of your email address. There are plenty possibilities; you may have published your email address publicly, replied to emails, signed up for web services or an account may have been hacked that you communicated with.

Some companies sell data to brokers next to that and it is not always disclosed by those companies.

Note: The developer is involved with which happens to be the "world's largest, most accurate database of people and companies". He stated that there is no affiliation between the two products, and that Have I Been Sold does not sell, distribute or share email addresses "with anyone for any reason".

Tip: We published a guide in 2016 to set up accounts to find out which companies or services sold your information.

Have I Been Sold

have i been sold

Have I Been Sold is a new service that works similarly to the password leak checker Have I Been Pwned. You type or paste an email address in the form on the Have I Been Sold website and click on a button to find out if the email address is in any of the databases of the service.

The service returns to you if your email is found on a list that was sold. It appears that you get options to report the company that sold the data in first place but I could not verify that since none of the email addresses that I typed in to the form were on any of the sold listings.

You can request that email addresses that are found are removed from the service's database. You may also authorize the service to inform you if your email address is found in new databases of email addresses that the service acquires or gets its hands on.

The service lists five steps to protect email addresses from getting sold on the same page:

  • Use custom email domains.
  • Use custom email providers.
  • Set up catch-all addresses.
  • Define email filters.
  • Create unique trap emails for any new service you sign up for.

Closing Words

Have I Been Sold may be a useful service to some but it probably is not something that most Internet users may want to use.

  • The list of sold email addresses is limited.
  • You have to trust the service to use it.
  • If you get spam emails already, chance is high that you know that your email got sold or leaked somehow already.

The only value that you get out of it is if Have I Been Sold lists the company or service that sold your email address. I don't know whether that is the case, however.

The best way to go about it is to create unique email addresses for any service you sign up for. This works very well if you buy a domain name and either use the web hoster's email management dashboard to create emails, or use a service like Google Apps for that instead.

Now You: What's your take on services such as Have I Been Sold or Have I Been Pwned?

Related Articles

Find out if your email address has been sold
Article Name
Find out if your email address has been sold
Have I Been Sold is a new free and open source web service that helps you find out if your email address has been sold by companies in the past.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. John Doe said on June 6, 2018 at 3:02 am

    Using services like Have I Been Sold is just another way of being sold; it’s like opting out e-mail spam by sending a confirmation email to spammers.

  2. Weilan said on June 1, 2018 at 2:16 pm

    Even my earliest e-mails from 2006 seem to be OK.

  3. GearWorst said on May 31, 2018 at 6:29 pm

    A cynic might suspect that someone was trying to gather and validate genuine, in-use email addresses from unsuspecting users. I’m sure this particular website is entirely geared towards public service however….

    1. Tom Hawack said on May 31, 2018 at 7:21 pm

      Sure? Some users are “sure” of the opposite. I guess doubt calls the principle of caution. Personally I’m sure of nothing. Some users may be sure and right, but how to know? Problem is that caution happens to be invalidated when the ground is clean, and lack of caution pointed when the ground is dirty. Knowledge is gold.

  4. Leo said on May 31, 2018 at 4:56 pm

    Hotmail was once hot. Everyone and their cat had a Hotmail address. I have friends who signed up with their real name as their address way back then. We were all naive in those days. Having used their real name in the past has lead to nothing but aggravation today – reams of online junk mail, telemarketer calls and snail mail advertising. The slurping business started with email. Even if you cancel an email address, the stalking of your online activity will continue forever. A real name plus analytics results in a sale to someone, somewhere. Your goose is cooked.

    I see no value in this service. Free comes with a cost, eventually if not sooner.

    1. Jason said on June 2, 2018 at 5:26 pm

      “I have friends who signed up with their real name as their address way back then.”

      I remember those Hotmail days, and the Yahoo and Geocities days that came before. But it’s no different from how people sign up for Gmail and Facebook today. People never learn. Unfortunately a large part of the tech industry has been built on tacitly encouraging this naivety.

  5. SADHANA said on May 31, 2018 at 3:54 pm


  6. BitchBat said on May 31, 2018 at 2:23 pm

    I’m clean

  7. John said on May 31, 2018 at 2:00 pm

    And why not a site named “Have my secret codes been stolen ?” or “Are my secrets secret ?”

    Our best friend Martin, once in a while, is going into the wild.
    Come back, Martin ! Please, come back !

    1. justaned said on May 31, 2018 at 3:59 pm

      Is it not better for Mr. B. to brave the wilds for us? :-)

  8. SwampCat said on May 31, 2018 at 1:27 pm

    @Ban me
    The link is at the very beginning of the article :-)

  9. bam said on May 31, 2018 at 12:54 pm

    Would be better if one could enter hashes of the Email or password in such websites

    1. Martin Brinkmann said on May 31, 2018 at 1:20 pm

      I agree but it would probably appeal only to experienced users then. I would like to see this as an option, or confirmation that the email address is not sent but that the hash is generated locally and then used to determine whether the email was sold in the past.

  10. spook said on May 31, 2018 at 12:26 pm

    Long time ago I installed an email program that allowed me to peek at my email with option to return to sender – not at this address. Sounded great. I went from maybe 4 spams/mo to 25/day.

    Same thing happened with do not call list. Added my business numbers and went from 10 called spams/mo to 20/day.

  11. Malte said on May 31, 2018 at 12:01 pm

    Well, if your email hasn’t been sold it soon will be if you put it in there. Thanks, but no thanks.

  12. Ban me said on May 31, 2018 at 11:00 am

    My take on is no link for this service in the article. Epic.

    1. Malte said on May 31, 2018 at 12:05 pm

      It’s literally the first word. It’s hyperlinked.

    2. Martin Brinkmann said on May 31, 2018 at 11:10 am

      Added, thanks for the info!

  13. Tom Hawack said on May 31, 2018 at 10:39 am

    My take on services such as ‘Have I Been Sold’ or ‘Have I Been Pwned’ is simple as noted in the article : I have to trust the service to use it. It’s not that I distrust, it’s not that I trust, it’s that I have no argument, evidence in favor of either commitment. I just don’t know and therefor won’t use any service of the sort with any of my e-mail addresses neither with any of my friends. But I would have my curiosity triggered with old addresses (I’ve had so many throughout several ISPs and Web E-mail providers in the last 20 years or so that I have but the spoilt for choice).

    1. Clairvaux said on May 31, 2018 at 4:17 pm

      You can trust Have I Been Pwned. It’s made by an Australian MVP who makes a living teaching businesses about Internet security. He’s very transparent on the length he goes to protect the users of his database. He is really knowledgeable about his subject. His site is legit enough that the police cyber-forces of several countries advise their citizens to use it for their own safety. One of the major online password managers automatically checks your passwords against his list of hacked identifiers. I encourage you to have a look at his blog.

    2. Sophie said on May 31, 2018 at 11:53 am

      @Tom – I agree. My first thought was…..well, you are “propagating” your email yet further.

      I had this situation a few months ago. My information/data, was inappropriately secured (or not secured at all), in the Experian hack. I was faced with having to give them yet more information…in order to find out the true extent of what was misused or leaked. In the end, I opted not to take advantage of that “service” they were offering for free….in order not to make things even worse.

      I think you have to be cautious with these kinds of services.

      Last year, a friend of mine organised a birthday party for themselves, and insisted on making everyone “click a box” to accept the invite….hence, loss of control of your email address. When I replied via ordinary email, in order to accept the invite….he promptly told me…”thanks, but can you also click that box”!!!! Why? What was going on there, I wonder?

      Anyway, I never clicked it….I just turned up and had a nice time. :)

      1. Tom Hawack said on May 31, 2018 at 12:39 pm

        @Sophie, situations as those you relate are for the least worth caution. “Be cautious in order to avoid being suspicious” have I always been told, but that is a source of stress when confidence appears as a seldom Nirvana.

        A good practice when it comes to e-mail addresses is certainly to categorize them, i.e. business, administration, blogs/forums, friends, relationships … to use aliases and temporary e-mail addresses. When I see people using a same e-mail for all I throw my two hands towards the sky as those Italian mamas do when they seem to implore the heavens, and ask “Pourquoi, Why, Warum?! (language depends of my mood) :=)

      2. Shiva said on May 31, 2018 at 6:24 pm

        You forgot “Perché”. By knowledge are the sons who shout that phrase. Hovewer with a good amount of struggle, now my italian ‘mama’ knows the use of Bloody Vikings and has a ProtonMail account as alternative too.

        On the other hands in these days I’ve already received two pishing fake emails about GDPR and I was suprised because they have been written very well. Be careful

      3. Tom Hawack said on May 31, 2018 at 7:30 pm

        @Shiva, looks like I’m getting old with old references. I must have had in mind the Italian movies of the fifties (say, sixties, I ain’t that old!).
        Mama mia!
        Don’t tell me there ain’t no Italian mama in Italy’s deep south who never heard of Bloody Vikings, thinks an email account is a bank one, who shares emotions between laughs, cries, songs and her two arms raised when her daughter tells her she’s in love.
        Has life changed everywhere?!

      4. Shiva said on June 3, 2018 at 12:55 pm

        Ah! People of southern Italy could be be more effusive and exuberant beyond stereotypes. In relation to the use of PC is a mess everywhere and, as I told you, are probably the sons who shout ‘Perchèèèèèèè’ with two arms raised.
        Its sadly to say but nowadays between smarphone and social media we have a new category of ‘mama’ who share emotions (and privacy) with emoticons, likes and messages. Worst of all another class of ‘mama’ that we call ‘Mothers informed by Whatsapp’ who think to know everything after a search with Google or social chambers (better than doctors, scientist, …).
        Family or friends, you know the usage statistic of browser and how people pay attention to EULA, privacy, open source, … So actually we seem to be the exception speaking here about add-ons, DNS, … Well, maybe the old mamas of the fifties lived better without PC.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.