Sometimes folks ask why I don't want to be forwarded jokes unless I'm on BCC.
This was prompted by Matt's observation that many hotmail users complain about getting spam even though they never give out their email address.
If you truely never give the email addie out (ie: never use the account to send mail or give it to anyone any other way), then you probalby won't get spam unless your username can be guessed. (Brute force username guesses against SMTP hosts are on the rise.)
However, if you phone your girlfriend and give her the address the day it was assigned to you, then you might never log in to the account at all and find out when you do so for the first time a year later that it is full of spam.
Suppose your girlfriend sent you only one message once she had your address.
She sent this hillarious story about a kitten which she knew you would appreicate. She also include her co-worker in the recipient list.
That co-worker had a great laugh, and forwarded it to five friends who like to share 'funny stuff' via email. One of those friends is on a mailing list where folks exchange 'funny stuff'. That friend forwards the message to the list.
Now, if these folks all just hit the forward button, then all of the original recpients' addresses are included in this post to the mailing list.
That list may have an address harvester subscribed.
That list may be accessible via NNTP where havesters lurk in abundance.
That list may be archived on the web, where harvesters are probably more common than on usenet these days.
Subscribers to the list may re-foward, further increasing chances of exposure.
It is possible that by telling your girlfriend your email address, you allowed that address to be exposed to spammers.
If you use an address, it may get spam through no fault of your own. You can try to educate folks to use BCC when sending that kind of content (and don't send it yourself).
The only certain solution is to never use or advertise your email address.
A decent second-best is to use an infinite number of addresses. Try to use addresses specific to each contact/occasion/date/etc so that if the address ever gets spam, you can route it to the big bit bucket.
An interesting example: I once sent mail to Simon Cozens which he forwarded to a perl list. That address started getting spam, and in addition related addresses started getting spam, revealing a bug in some common spam address-processing software I suppose:
This series came from part of a Message-ID header:
None of the above addresses will get to me... they all get auto-trashed because they've been tainted and now receive spam. I could claim that I never used that simon_cozens address but the truth is that I did use it. One time. Now it gets spam. (and so do some releated addresses!)
When hotmail users say they never give out their address, I bet that they've at least used it once.