I'm researching this issue right now, this is definitely not normal. I don't sell or give out your e-mail addresses to anyone. This person registered then used the sites e-mail and PM function to send their messages. I'm doing what I can to make sure this doesn't happen again.
Well, they can't harvest e-mail addresses from my board, but what they can do is click that little e-mail button at the bottom of your post and then paste their e-mail into it and click send. I'm going through logs right now and it appears that "she" actually sent mostly PMs, though some e-mails did go out. I am going to be forwarding my logs to multiple different authorities that specialize in this type of thing, and I've firewalled her C-block (#.#.#.*) from my server so she can't access my site from the same place she did the first time.
If anyone ever sees this type of stuff, please notify me immediately as I won't tolerate it.