Since e-mail aliases are basically free (it’s a line in a text file), I’ve started the habit of creating new e-mail aliases for what I think have a “high-risk” of getting harvested by spammers.
I created one for Debian’s mailing lists a week ago, and today I received my first spam e-mail to that address. It was an eBay phishing scheme.
Debian’s public mailing list archives make no attempt at address obfuscation–any web crawler is free to come and take as many valid e-mail addresses as they want. My attempts at complaining about this appear to have fallen on dead ears–no one appears to care.
At least it’s nice to definitely know where your spam is coming from.