It doesn't make sense for these companies to run their own e-mail marketing. Sending legitimate bulk mail is massively complicated, and requires a whole department of people to maintain personal relationships with individuals at all the major ISPs and webmail services (Gmail, Hotmail, etc). That's the only way to get reasonable deliverability of the mail, as every mailing they do results in tens of thousands of false spam reports, triggers all kinds of throttles on the receiving servers, etc. On a daily basis, the mailer needs to do cleanup, getting its mail servers removed from automated blacklists and adjusting for major recipients' throttling and other rules.<p>The only way to handle all that affordably is to outsource it to a company whose full-time job is to manage all that complexity. Everyone bringing it in-house would not be practical, not just because it's expensive but because there would be too many people trying to interact with the ISPs/webmail/blacklist people every day.
I use my domains very specifically as far as email is concerned. Some years ago I registered a domain for registering for shopping, online accounts etc. and created a catch-all address, so I could sign up with slord-news.ycombinator.com@<domain> and I'd know if it had been leaked as the address would start getting mail from elsewhere.<p>I don't publish the domain anywhere online (hence <domain>) earlier, I also did this after I signed up for HN, but you get the point.
The alternative to one large basket run by people whose core competency is, most likely, managing this sort of thing specifically would be many, many smaller baskets run by people who may or may not have the slightest clue what they're doing.<p>Think of all the sites you've seen that store your passwords in plain text. Hell, PlentyOfFish sends (or did in the past) weekly emails with your password in them. Think of how horribly wrong these companies are getting really basic things. Now, do you want to trust them <i>all</i> to do everything properly, or do you want that responsibility delegated to someone who'll do it right?
Unfortunately, security through obscurity isn't going to work. Someone will always find a way to grab large collections of email addresses. We need a better solution to help verify senders and highlight fake content/links.
If only they were 'just' all in one secure basket, instead they're all duplicated in dozens of very large baskets with dubious levels of security and varying levels of attached personal information.