I can get from your Hackaday.io profile to your email address at Google pretty easily -- follow your linked homepage and it's right there.  "at gmail dot com" ain't gonna fool any bots, or even regexes, in 2021.  

I don't believe that Supplyframe has any business with "well known standards organizations", so I would put that channel as unlikely.  I also don't think that Google reads your e-mail and gives the information away. It is however a known fact that they use that information internally to better build a profile of you, and to track your purchases.  Because that's what they do.  But to the best of my knowledge they attempt to maintain their informational monopoly power, for better or worse.

So here's my best guess.  The standards org in question hires a PR firm.  PR firm does a web search for the standards org's name, and takes one or two degrees of separation from that, slurps up all the e-mails.  As you say, though, subscribing you directly to a mailing is pretty abusive, but I could write Python code to do this in 20 lines or fewer.

But if you want to get a lot of weird spam, try having a public @hackaday.com address!

Hell, <code>wget -r -l 1 http://www.xyz.com | grep "gmail"</code> will get you 90% of the way there.  

Before Google took over the universe, at least they'd also have to search for "hotmail" as well...

I have to admit that I've been made quite curious by that last line ("a lot of weird spam [...]"). One imagines it's more than just the usual Nigerian prince crap and "You have a FedEx package, fill out this form" with what obviously isn't in a million years ANYTHING like a FedEx tracking number lol (more like a cat on a keyboard!) and the sort of stuff you'd have to put a lot of black boxes over to show publicly.

I don't suppose you'd be willing to elaborate?

I sometimes wish that we could post them somewhere!  

We get every imaginable kind of heavy machinery spam -- I don't even know what half of the products are.  I think that somehow we're in some database as a tank or earth-mover manufacturer.  We get at least two or three of these per day.

What else?  Any time any product is mentioned on Hackaday, and sometimes even just a product category, we get the people who run PR for that product asking for link-throughs or do-follows or some such BS.  I actually have a script that autoreplies to them.  With a firm "no".  

"We can see that you wrote an article about a bicycle in 2012, can you link to our random bike accessory company? Or would you like to repost our bike accessory infographic?"  No, but at least that's more relevant than a 300 kW induction furnace, I guess...

And the scammers, of course.  I'll have to keep a list.

@Elliot Williams well, you have Benchoffisms, why not Hackaday Spam? Seriously.

@Elliot Williams if you decide to do a project for these, *please* Chat me the link, I want to give it a +Follow.

*sigh,* from the comments thus far... I can't believe we've allowed this... wars were once fought to prevent such things. Supreme Courts held trials against companies doing such things. The friggin' Constitution has a section regarding such things! This is not the world we were promised. I sure as hell wouldn't choose to bring a new soul into it. How can anyone in good conscience?!

LOL

Wars... trials... the Constitution... (well, I'm not 100% sure about that last part, would have to ask Mom)... yeah then money happened. You're right that we weren't promised this world, but "hey we're gonna screw you into the ground and tell you it's your fault" doesn't make for great ad copy, now, does it? ;)

why don't you ask the organization that sent you the email where they got your email id from?

Already did... awaiting response...

Eric. Everything sent over e-mail is considered non-secret anymore. I do always keep it in mind. In my experience there was funny case, when cryptocurrency exchange has sent me an e-mail containing all the data that I prefer to keep from my email provider: telephone number, id-number, monero wallet address where money have been sent to. If someone wants to investigate me and see that I buy monero, what would he think on me?

Yikes...

Probably something to do with Google AdWords... "business as usual". Emphasis on 'business'.

I've heard tell of plenty quite-similar phenomena.

Did you read the Privacy Policy? If you signed up for a HAD account then you would have agreed to this:

"We may enter into agreements with companies that provide the SupplyFrame Offerings by way of a co-branded or private-labeled website or companies that offer their products and/or services on our website (“Third Party Companies”). A Third Party Company may want access to Personal Information that we collect from its customers. As a result, we may disclose your Personal Information to a Third Party Company"

i read the privacy policy before Supplyframe took charge... hmmm...

No you didn't -- Hackaday.io is post-Supplyframe.

touche, @Elliot Williams ! Got me there!

If you aren't using disposable addresses for everything then it could be any site, even one you don't use.  Some company might have even scraped your site and picked up the address and it so happens that org is an advertiser with them.  Also, yes, the evil empire of advertising has gotten that out of hand.

Also, when it comes to technology, there are MANY reasons an advertiser could have found you.  If you use a smartphone then you have already sacrificed your privacy.

This world is truly scary.

Yeah, I have my own email domain and use custom address for every service I use, but the one for HAD didn't leak yet. Only two did in several years, sourceforge many many years ago and one local shop two years ago.

This!   I was actually able to report a breach of their e-mail database to Instructables (waaay back in history) by using a disposable address that was pinned to them.  

They cleaned it up, I used a new dispo address with them, and it's been fine since, BTW.  

But... you might think that using disposable addresses is just good for you, but it's actually good for the whole world. :)

On that inspiring note of the goodness of such organizations' values and willing/caringness to listen to and investigate anonymous customers' concerns, I'll leave this thread up, after all.

But, I've gotta say, scraping email addresses three links deep from the page mentioning their name, and doing-so despite the implied "please don't spam me" in obfuscated email addresses truly borders on "fire that PR company quick, before they get you into legal trouble" to such great extents as to wonder about the ethics of such companies who would so blindly hire such a PR firm in the first place... to such great extents as to make me wonder if such a renowned standards organization could've possibly been so short-sighted at all.

Frankly, it seems more likely, having just searched my email for all references to said organization, that the account I signed up with to get documents from them many years ago, which has never prompted an email from them since the first confirming my accout activation, somehow was passed-along to their email-list on the day I wrote that log-entry, out of sheer coincidence. And of course, that liklihood, of such an incredible coincidence in timing, is far less likely than nearly all the others I've come up with... of course, with the exception of the first, which I have on great authority is less likely than the least-likely suggested. ;)