I made a mistake many years ago..
..and I'm now paying for it big time.
I'm not the only one either - when I bought shawthing.com and started using that as my email address I decided to be smart and use the "nobody" (catch-all) address rather than setup lots of different accounts.
And then I used pretend email addresses that matched the site I was signing up at. So, at msdn.microsoft.com I registered as msdn@shawthing.com; at Google AdSense I used adsense@shawthing.com, etc.
Looking back now, I'm not quite sure why I did this. I think it had something to do with finding out which sites would share my email address without my permission. So, if I started getting spam to adsense@shawthing.com I could get on my high horse and call Google evil again.
What really happened though, wasn't that I caught web sites selling my email address. No, what happened is that spammers found that anything-they-bloody-well-wanted@shawthing.com worked as a valid email address.
So today I'm getting 2,000-3,000 spam a day that poor spambayes is trying hard to keep under control.
Ironically, very few are to my published email addresses. I estimate that 90% are either to or from a fake email address - which of course beause of the catch-all account I get in my Inbox. Every single one.
I admit that I was going to ask how to find my email addresses, perhaps using some Office API? But then I thought, let's keep is simple you pillock.
So, I started a simple search in Outlook and specified "In Folder" doesn't contain "spam", and "To" contains shawthing.com. And of course, it gave me a list! I just sorted on the To address and soon I will have made this problem my bitch.
Take that spammers. :)