To achieve the same cheaply and without lockin, simply have your own domain with a catch-all email forwarding to your real email address. Then always give out your email address for a specific site as <site>@yourdomain.com.
Yes, but this is a pain to administer. Do you have some nice tools for generating these addresses and putting them into effect in the back-end which underlies your domain, without having to whip out an SSH client, logging in to some server, editing files and re-starting services?
I have my own "yourdomain.com". I pay to keep it registered and keep a server running also. Most people don't have this; their mail domain is "gmail.com" or whatever. Sure, a lot of problems could be solved if everyone just had their own domain!
Speaking of "gmail.com"; I'm surprised Google doesn't just make this a feature of gmail. It would be fairly trivial for them to implement for the benefit of all gmail users.
It's already a feature of gmail. Just add "+whatever" to the username and it will still route to you, e.g. use "john+sketchysite.com@gmail.com" when you sign up at sketchysite.com.
Occasionally you'll run into a form with broken email validation that won't let you use a + character, but I've been doing this for years and it works the vast majority of the time.
Because this is implemented by a major, very popular e-mail provider, it effectively reveals your real e-mail address to spammers, who can just look for this pattern in any address in the '@gmail.com' domain and strip away the + part. It will keep only the "honest" bulk mailers out of your inbox, not hard-core spammers.
This type of thing can work, but only for a small-time service provider whose plaintext encoding scheme is not widely known. (Security thorugh obscurity.) Even the hard-core spammers won't sift through millions of e-mail addresses to crack some plain text scheme that is used by two or three of them.
Also, you need the option to permanently destroy one of these, so that you never see mail from it again. No filtering bullshit. Google should control the exact set of anonymized addressees attached to your account. When you destroy any one of them, any further attempt to send to it should result in a non-delivery notice (SMTP bounce).
I have been running this setup for years without any administration. Email forwarding tends to be included from your domain registrar so no server is necessary. You don't need a tool to generate the addresses as you can make them up as you go along.
What do you mean you can just make them up as you go along?
Suppose I have two users in my domain: bob@mydomain, alice@mydomain.
How can alice just make up a new @mydomain address which goes to alice@mydomain? Okay, that part is simple: we can have an entire space of these generated by a rule, like gmail's addr+whatever@gmail.com.
But then how does alice invalidate such an address that is misused?
I want it so that any address that is not valid generates an SMTP bounce; I don't want an infinite space of aliases that map to an address to all be considered valid, but a specific set, controlled by the user. When an element is removed from that set, then further attempts to send to it generate SMTP bounces.
Furthermore, I want it to be completely anonymized, just like Throttle are doing, as in:
<random-chars>@mydomain -> alice@mydomain
The text "alice" doesn't appear in the plaintext anywhere, and cannot be reversed out of the local part.
EDIT:
To solve one of these problems, what we can do is assign to each user some random identifier of fixed length, from which further addresses can be generated. For instance alice@mydomain also gets "xZa3f@mydomain" when the account is created. To this local part, arbitrary characters can be appended: "xZa3f4abPspamming.dickheads.com@mydomain" such that this still routes to alice@mydomain. Doesn't handle the SMTP-level invalidation requirement though.
If it's my own domain (probably not unusual among the HN crowd), I would sign up to e.g. kazinator.com by 'inventing' an email address kazinator@mydomain.com, which is forwarded to my gmail through a catch-all email forwarding setup with my domain registrar. Emails to kazinator@mydomain.com now arrives to my gmail and hence it's easy to block email (e.g. spam) arriving to this email address as well as knowing who leaked my email address to third parties.
As people have pointed out, it now seems possible to use the + functionality of gmail which I was not aware of, but the above setup avoids the issue of forms not accepting + in a valid email address.
This only works with a catch-all email forwarding as I mentioned, so if you want bounce on non-valid addresses it will not work, but like I said it has served me very well.
gmail actually is set up to handle this. You can append +<text> to an address to create a targeted one-off (so if your address is me@gmail.com, you could do me+site1spam@gmail.com) Of course you then have to set up a filter on the gmail side to label it/send it to spam if intrusive.
The problem with this solution is that many email harvesting widgets incorrectly see +xyz as invalid, even though it satisfies the rfc just fine.
I have my own "yourdomain.com". I pay to keep it registered and keep a server running also. Most people don't have this; their mail domain is "gmail.com" or whatever. Sure, a lot of problems could be solved if everyone just had their own domain!
Speaking of "gmail.com"; I'm surprised Google doesn't just make this a feature of gmail. It would be fairly trivial for them to implement for the benefit of all gmail users.