I always provide a dedicated email address to each Web site. Many times I've received spam at these addresses, but not yet at my FlyerTalk email address.

The one disturbing trend is that whenever I report what seems like a breach, the issue has always been dismissed for the reasons stated above.

But in most of these cases, none of those reasons apply: The email addresses were given only to one site, were never used to send mail, and were not subject to a dictionary attack (or else my catch-all address would have evidence of that).

My only conclusion is there is a breach somewhere (perhaps even on my side), but IME, nobody seems to want to take it seriously enough to investigate. I always end up disabling the dedicated email address, updating the site with a new dedicated one, and crossing my fingers that it was a fluke.