If your Gmail login name was myname@gmail.com and you went to www.testsite.com to fill out a registration form, instead of just entering myname@gmail.com as your email, enter it as myname+testsite.com@gmail.com[Let the '+' be in between] instead. When Gmail sees a “+” in an email address, it uses all the characters to the left of the plus sign to know who to send it to. In this example it would still send it to myname@gmail.com.
Now what will help you is if you search Gmail for myname+testsite.com, you will see all messages[read as Spam] that were sent to that email address.
To see who is responsible for sending a specific message click the Show Details link and you will see the complete address. Now you've zeroed in on who sold your e-mail credentials to a Spammer.
