If your Gmail login name was firstname.lastname@example.org and you went to www.testsite.com to fill out a registration form, instead of just entering email@example.com as your email, enter it as firstname.lastname@example.org[Let the '+' be in between] instead. When Gmail sees a “+” in an email address, it uses all the characters to the left of the plus sign to know who to send it to. In this example it would still send it to email@example.com.
Now what will help you is if you search Gmail for myname+testsite.com, you will see all messages[read as Spam] that were sent to that email address.
To see who is responsible for sending a specific message click the Show Details link and you will see the complete address. Now you've zeroed in on who sold your e-mail credentials to a Spammer.