It happens more than you think. I mean really, have you ever really read the 43 page long terms of agreement that these sites make you agree to before signing up? Many of them probably say something along the lines of "we may give your email to special partners blah blah blah". While you can't always prevent this from happening, you can figure out how that spammy viagra email landed in your Gmail account.
This trick has been around for awhile now, but I have only recently started using it and it works flawlessly. When you sign up for new services on sites that require an email, you won't use your real Gmail address but a slightly modified one. You take whatever your Gmail name is (before the @ sign) add a "+", then add the site name after that, but before the "@". It is not as hard as it sounds.
Lets say Dexter comes along and wants to setup an account at Phlebotomy Emporium to get a quick discount on needles. He would take his original email, add a "+", then add "phlebotomy_emporium" to it like so:
The trick here is that Gmail will ignore anything after the "+", and send it to your real account. If they ever sell your email to somebody else, you will still see which company it originated from when it is sent to you. In some cases, they might have broken the law when selling your email so check up on it and act accordingly.
Test it out by simply sending an email to yourself with +foobar or something else. This may work with other mail carriers but I haven't tested them out. Perhaps you can comment here if you see it working on somewhere other than Gmail. Happy spam fighting!