Hmm,
It very much depends on how they source the email address / personal details. A contact form is pretty much an open door, particularily if you respond. With an awful lot of spam marketers (maybe not the right term for what I'm discribing, but it was accidently done by a friend) - basically "send to all" which may include an automatically added email address when recieved from you to their outlook express etc.
Anyway off the point, The Data Protection Act 1988 will basically protect you if you are no a corporate body, or part thereof. i.e. if you are a sole trader you must be removed from any emailing list or it is in breach of the act. Recently a .com domain of mine got a friendly POSTED letter from a certain American registry firm. it was the second year it happened in a row, I emailed off to them and threated to report it to the commissioner and plaster it accross Irish airwaves (my friend has a topical talk show on a Dublin radio station). The companies CEO quickly apologised but I recommended him not to try it on a set list of 4 other websites I cassually look after and if I recieved one letter from them, I would be reporting them, making them in breach of the DPA 1988.
Thats my rant over
Hope it clarifies anything for the future. (I have a feeling I told that story somewhere before?)