So...
I'd like to report that I have the same thing happening with me.
I have an email address that's unique to wowinterface... my email system routes anything in the name of myaddress-anyrandomtext directly to me, and I tag my sites that way... so my address here is
[email protected]in
A week(ish) ago I got a phishing mail asking for WoW information.
I run my own mail server, nobody shares it but the people that live with me (who don't have administrator access), this email address has never been posted, used to send mail, or otherwise exposed to the real world, other than being used as the account email for wowinterface.
One roommate (who doesn't use the per-site unique addresses) got the same thing to the email address they have registered with wowinterface (though they use it on several sites, so that's not authoritative proof).
I seriously doubt that someone just randomly thought to append -wowinterface to an otherwise working address to get through to me. I think the likelyhood of doing it twice with two different people's addresses is pretty damned unlikely. And my roommate never had an attempt at using a -wowinterface form of their address, just their normal address, so somehow the pharmer knew who was using tagged addresses and who wasn't? Seems incredibly unlikely.
Unless my email address is public. I just looked through all of the account options I could find, though, and couldn't find anything about making one's email address visible (or not).
So, I tend to agree, something might be going on here.
And no, unless you use a common name as an email address (e.g. "john@wherever"), a private domain can't get spam if the email address is never used anywhere. Especially not something like mine, where the -wowinterface (or whatever) part doesn't even exist.
-j