A new web app has debuted in the vein of Have I Been Pwned that focuses on whether or not emails have been sold to spammers and advertisers.
The app, Have I Been Sold?, checks users' email addresses against a database to see if they have been sold without permission to services that send spam and advertisements to them in order to generate revenue.
Have I Been Sold has a 6-step process to protecting email addresses from being sold:
Step 1: Custom email domain
This is a necessary but all around useful thing to do: get a custom email domain. Domains are cheap, hosting is too. Use something like NameCheap for the cheapest option.
Step 2: Custom email provider
Set up a custom email provider on that domain. Services like Google Apps come with Gmail out of the box, and Protonmail is pretty great too and very private.
Step 3: Set up a catch-all address
This will vary from provider to provider, but each will have their own official instructions on how to do this - Googling for this is your best bet (i.e. "Protonmail set up catchall").
Step 4: Define a filter
Set up an entrapment filter like "all emails starting with trap should go to the 'Trap' folder, delete all others" or something similar.
Step 5: Use a new trap email for every service you sign up for
This is the most important part. Every time you sign up for a new service or register a new account somewhere, sign up for a newsletter or give out your email at a conference or meetup use a different email. Be as descriptive as you want, but keep the prefix as defined earlier. For example: email@example.com could mean that this email was given out at 2018's Consensus conference on May 20th. Because you've set up a catch-all email on your domain and a prefix which puts all emails that start with "trap" into a special folder, you can easily keep an eye on the entrapment emails coming in without them cluttering up your main inbox, while keeping the main inbox filled only with the important stuff.
Final step: Pounce
When you notice that an unrelated service has contacted you from an address that was obviously given out elsewhere, for example CoinTelegraph emails you to your trap-consensus2018 address, that can be proof that Consensus has sold your email address and CoinTelegraph has bought it. If this is something you consented to when buying your Consensus ticket, fine. But if not, this is a big GDPR violation and both companies deserve to be reported.