Before I start, let me make it clear that I never registered on any dating/matrimony site. 

Today I got an email from Shaadi.com with subject “Welcome to Shaadi.com”, congratulating me on registering at Shaadi.com (which I never did). Mail addressed me with (My email local part)_2009 (common practice of many spammers) and contains a password (normally registration emails do not contain password). I ignored this email like all other spam emails. After this I got a few more emails with subjects like “Your Shaadi.com profile is under Screening”, “Your Shaadi.com profile has been Activated” and more interestingly “Congratulations! ********* has expressed interest in you” . This made me investigate the issue.

I immediately opened Shaadi.com and looked for something like support/help. Luckily, I found the link 24/7 help and Mr. Mohit was there to help me. Here is brief conversation between me (with a fake name) and Mohit:

me: I just got an email that I have been registered at Shaadi.com and my profile has been activated
me: but I never registered for this site

Mohit: Hello (My fake name)

Mohit: I am Sorry for the inconvenience caused to you.

me: dont you people verify the email?

Mohit: May I have your email address

me: Sorry, I cant share it, because I dont want more spam, just tell me dont you verify email after registration?

Mohit: I am Sorry, we do not have that.

Mohit: Please let me know the Email I remove the profile.

me: so I can register a Shaadi.com account for barack obama? (lolz :d)

me: just give me the link to remove my profile I will do it my self (I couldn’t find it anywhere on their site)

Mohit: you may delete the profile yourself by clicking on the link given below:

Mohit: http://www.shaadi.com/my_shaadi/delete-profile.php

me: ok,thanks

Mohit: Thank you for using Shaadi.com Chat Service. Please feel free to contact us on our Tel no 1860 500 3456  or  Tel: (022) 44883456. Standard Charges Apply

I made an dummy account on shaadi.com and opened the delete profile link to test it. I got this error:

The following error/s were found. Please go back and correct the same. 

(My dummy account)’s profile does not exists

If the error message persists please note the error details and write to Customer Support 

I opened the the 24/7 chat again and Mr. Mohit was there again for help.

Please wait for a site operator to respond.

You are now chatting with ‘Mohit’

Mohit: Welcome to Shaadi.com Live Help service.

Mohit: How may I help you?

me: I just checked the link you provided with a dummy account, and it is not working http://www.shaadi.com/my_shaadi/delete-profile.php

Mohit: You have to login to account than only it will work

Mohit: As you have not created the account you will not be able to Login

me: I am logged in with a dummy account

Mohit: Can I know the Profile id?

me: (My dummy profile id)

me: i created this just for testing this link

Mohit: Thank you for waiting. I’ll be with you in just a moment.

Mohit: Profile is under screening and it is not online

Mohit: for the same you received the error.

me: so, I cant delete it untill the screening is done. right?

Mohit: I’m sorry for the delay. I’ll be right with you.

Mohit: Yes

me: so the screening process does not include verification of the email id?

Mohit: If the Email is bounced back to us than we verify the Email.

me: by verification i mean originality, that this email id belongs to the person who is registering

Mohit: Yes, I understood.

Mohit: But we do not have the feature currently.

me: ok, thanks, now please answer my other question

me: if I provide you with my userid or email, can you tell me the time and ip address of registration?

Mohit: I am Sorry, I will not be able to provide you with the insights.

Then I logged into the site with the username and password in welcome email and I was amazed to know facts about me like I have only 1 brother and 1 sister, my birthdate, I am a UK based Indian, My native language is Kashmiri and my phone number is +91-9906765046.

Conclusion:

How they are spammers?

1. Usernames which include local part of your email address are normally used by spammers (My real name was not written anywhere in email or on my so called profile), so most probably they got my email address from somewhere and used the local part (before @) of my email address to welcome me.
2. No proper service will ever email you with your password in registration email. They provided me with a password because I didn’t know it.
3. All information in my so called profile was fake.
4. They do not have a link like “If you did not register for this site please click here” or “If you did not register, please ignore this email”.
5. My so called account got activated without verification of my email address.
6. They do not have a delete profile link anywhere in email or on help pages of their site.
7. Customer support is unable to disclose my time and IP address of registration (This might be their policy).

Other privacy issues with this site?

1. I can register an account for Barack Obama and set his profile.
2. If he has deleted the “Welcome to Shaadi.com” email, he won’t be able to modify/remove his Shaadi.com profile ever. Because the forgot password page will ask for his birthdate (which is fake in this case).
3. Until the profile is approved, you cannot delete it.
4. If Shaadi.com is not a spammer, then sending password in welcome email is a serious security issue.