If a lot of people start doing this thing, then it will be trivial for an attacker to figure out name+service1@domain can be changed to name+service2@domain
"service1" could be generated randomly as well, and stored along with the password in a password manager.
Another nice property of this suffix is that one can identify who gave away their email address / which site it was scraped from when receiving spam; not sure where I have seen this written down originally.
I think when spammers see a "+" they just strip everything after it down, i.e. me+spam@example.org -> me@example.org. Not to say many sites just don't accept "+" (or, worse, cease to accept such addresses).
Unique, non-guessable, machine-generated addresses are the way to go (do with emails just like password managers do with passwords), but no common person can use those, because they'll need a domain and self-hosted MDA.
Then I could just make my rand(service1) chars larger. No point in adding it to email address at all. Email leak (privacy) is an issue that this could help with but I do not see any benefit in terms of securing my account
How do you generate new emails? Say, I see a new websites I need a new email? What do you do? Is there a chrome extension that can do it with one click?
My personal domain is set to forward all email to my Gmail. Since Google is my registrar, it's expectedly simple to configure this. I haven't setup outbound addresses; services rarely need email sent to them, and replying from my Gmail hasn't caused me any problems yet.
Yeah but doesn't prevent the attack. Username is still in the email address. Ideally I'd like <domain>+<nonce>@gmail.com that forwards all to my email.