← Back to the blog

Why do websites ask for your email? What it's really worth

A PDF download, a discount code, a Wi-Fi login, reading past the third paragraph of an article — websites demand an email address for things that plainly don't require one. That's not sloppy design. Your email address is one of the most valuable pieces of data a company can collect about you, and the form asking for it is often the product working exactly as intended. Here is what your address is actually worth to them — and how to hand over less of it.

Your email is an identity key

Names collide, cookies expire, phone numbers change — but your email address is unique, stable and follows you across every device and service. That makes it the closest thing the commercial internet has to a universal ID. When two companies want to figure out which customers they share, they match on email. When a data broker merges your shopping history with your app usage and your survey answers, the join key is your email. Every form you fill in adds one more row to a profile that is linkable across all the others — which is also why one leaked database snowballs into spam from everywhere.

Ad matching: the hashed-email economy

You may have noticed ad platforms don't need to see your inbox to follow you. Advertisers upload their customer lists — email addresses, usually hashed — to Facebook, Google and others, which match the hashes against their own user base. The result: the shop you gave your address to can target you (and "people like you") with ads on platforms you never told about the purchase. Hashing sounds protective, but the same address always produces the same hash, so it works as a pseudonymous ID that every participant can match on. As third-party cookies die out, this email-based matching is becoming the backbone of ad targeting — which is precisely why so many sites push so hard for your address.

Tracking pixels: the newsletter watches back

Once a sender has your address, most marketing email arrives with a tracking pixel — a tiny invisible image loaded from the sender's server when you open the message. It reports that you opened, when, how often, on what device, and often your approximate location via IP. Link clicks are tracked individually too. This is standard practice in email marketing, not an exotic attack; it's how senders separate "engaged" addresses from dead ones. It's also why opening and clicking through junk makes things worse — a dynamic covered in detail in is it safe to unsubscribe from spam?

Data enrichment: brokers fill in the rest

The quiet end of the pipeline is enrichment. Data brokers sell services that take nothing but an email address and return a dossier: likely name, age bracket, household income, interests, social profiles, employer. A newsletter signup can be enriched into a full marketing profile before the welcome email is sent. Combined with breaches — where address, purchase history and more leak outright — your address ends up in databases you have never heard of and cannot opt out of, traded between companies you never interacted with.

What you can do about it

You can't change what companies do with addresses — but you decide which address they get:

Ask what the form really needs

Next time a website asks for your email, ask the question in reverse: does *this interaction* need a lasting way to reach me, or does the company just want the identity key? For the second case, give them a key that opens nothing — a free 10-minute address takes one click, needs no signup, and leaves no profile behind. The FAQ covers everything else.

Create a free temporary email address now →