ZDNet: Tech Update: Networking / Meet your spammer
How the heck did all these people get my e-mail address?

Unfortunately, the answer is, very easily. Your work e-mail, if it's posted on your company's Web site, is probably even more vulnerable than your personal address. Your personal e-mail is likely to be culled from newsgroups, but savvy e-mail marketers are more likely to troll company Web sites for e-mail contacts.

For home use, you can change your e-mail address, or simply get an alternative "spam catching" address from a free e-mail service and use it when you post to newsgroups or fill out forms on the Web. But businesses can't have employees changing their e-mail address every time the spam piles up. Nor would it be good business practice to remove employees' e-mail addresses from the company Web site.

Relying on legislation to halve the size of your inbox has proved a waiting game, although plenty of states are trying to whittle away at spam. In California, the unsolicited e-mail I receive is required by law to have a label of "ADV" or "ADV:ADLT" in the subject line, only three of the last 50 spams I received were appropriately labeled. Obviously, e-mail transcends state boundaries--much of it originates overseas--which makes such the legislation difficult to impose. In some cases, it's weak by design. If, for example, you live in Delaware and receive a spam e-mail from out of state, your state's anti-spam law only applies if there's "a reasonable possibility" that the sender knows you are in Delaware. Just keep deleting.
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2880792,00.html