[spsful]

>you can target them on Quora, Reddit etc as well.

This is one of the reasons I stopped giving out my primary email address for user signups. I use a service called Blur which allows for unlimited "masked" emails to be created, allowing me to give companies read-only email addresses. In the four years I've had it I have created 378 email addresses. If I'm including the email addresses that I've already deleted, the list gets to 400.

Marketing and the 3000 spam messages I get per month made me do this. It does not have to be this way, but as long as corporations can play fast and loose with my email address I will make sure they never get a real one to begin with.

Edit: Want to add here that I am not in any way sponsored by that company, I've just been using them for years now and think their prices are reasonable.

[buzzert]

I registered a domain name that’s basically just a UUID, and pointed it’s MX records to my self-hosted email server (you could also point it to Google Apps or Fastmail).

Everything before the UUID domain is just the name of the service, so something like hackernews@e913ff00...xyz. If someone sells out my email address, I can instantly burn it by just adding a sieve rule since they’re all unique. I even know who sold it based on what name I picked before the @ symbol. This has been working out pretty well for me so far.

[gingerlime]

I'm using a similar technique, but rather generating a random address @my-domain.

To know which provider it was (in case I later get spam from somewhere else), I keep a text-file + email myself any time a new forwarder is set up, so this way I can always look up which service it was.

This way, I was able to spot a leak at box.com and maybe a couple of other places, before it was even announced.

[newscracker]

Looks like a nice idea, since I’ve pondered about getting a name that’s not really meaningful or connected to my identities.

1. What’s the length of the UUID that you use?

2. Haven’t you encountered forms that have shorter email address length limits?

3. Also, wouldn’t such a domain be seen as a spammer/scammer when machine learning starts taking over signup/registration systems?

[buzzert]

1. It is 21 characters long

2. Nope! I would be surprised to see that nowadays.

3. For sending mail, yes absolutely. Receiving mail is a different story though, it seems like most systems do not care.

[dependenttypes]

I heard that some services have started rejecting email addresses that contain their name.

[_v7gu]

For websites that have questionable password policy, I use passwords that curse the company in my native language (if no-one sees it then it's fine, but if someone does then they have deserved it). I bet the same tactic would work if you get creative, ie spotfuckingify@uuid

[Macha]

Oh no, I can't have google@mydomain, guess I have to have goog@mydomain or ggle@mydomain or meggl@mydomain

[hinkley]

How hard would it be to set up a SQLite database or use a simple cipher?

[mceachen]

If you're using gmail, plus-suffixing is a low-effort but effective countermeasure: username+servicename@gmail.com gets delivered to username@gmail.com.

[hinkley]

I have about a 20% failure rate where email address validation fields reject the + character

[gingerlime]

and knowing it's gmail, it's trivial now for the company to simply drop the +... part and store/use your real email address.

[mceachen]

Ah. You can set up dash-suffixing if you're using a custom domain with gmail. Create a new "catch-all" email account. Log into that new catch-all account, and create forwarding rules for alice-* to go to alice@example.com, bob-* to go to bob@example.com, ...

I've done this for more than a decade.

[matheusmoreira]

Once the marketers discover people are doing this, they'll ban email addresses from this service as if they were fraudulent. Wouldn't be surprised if companies started disallowing everything except gmail.

[prawn]

Gmail is where most of my form spam comes from!

[rootsudo]

They already do.

[elorant]

Care to provide a link for the service you're using?

[feistypharit]

He means https://www.abine.com/. personally, I use https://33mail.com/. If you want to go full fake, check out https://mysudo.com/.

[Shorn]

I run https://kopi.cloud - let's you give out burner addresses you can just make up on the fly. SSO through Google, Facebook, Twitter. One touch blocking of burner addresses. Supports replying and attachments. Mail 2 RSS - read Facebook / StackOverflow, newsletters, etc. as RSS feeds. And you can use your own domain if you want, so no lock-in.