You should read StExo's last security audit, which was stickied in this subforum for a while. I imported 1020 vendor keys a while back and analyzed them for stuff like valid clearnet email address. I think there were about 50 valid addresses that I found. However, just because it's valid (which you can check without sending an email, btw), doesn't mean it belongs to them. They may have accidentally or intentionally used an address that belongs to someone else. They have plausible deniability in that sense, unless LE wants to go on fishing expeditions. It is a bad practice anyway. You should register an email address for SR purposes only and put it in your PGP key so customers can contact you when the SR server goes offline, as it has for extended periods on several occasions. Then that info is actually useful. You can set up a clearnet email account over Tor with some providers. There's at least one thread about that on the forum already. Or you can create a Tormail account, which may be the best option, but Tormail has experienced unreliable uptime in the past