[gh2k]

I hope nobody uses this for anything serious. I run my own domain and use <category>-<service>@<mydomain> to have a unique email for everything I sign up to.

I have no email address that this counts as anything other than "risky".

If this opts me out of marketing mail then that's probably a good thing, but I hope nobody puts a password-reset or security/billing notifications behind it.

[user3939382]

I’ve been doing the same thing for years and haven’t had any trouble except for Mailchimp. Their overly-clever validation decided mailchimp@example.com is a shared email account (it wasn’t going to be) and blocked me from using it. Their email support apologized but said they couldn’t fix the false positive, and that they hoped the email I used instead wasn’t reflective of my opinion: mailchimp-morons@example.com.

[vxNsr]

Do you have a personal set up for managing these emails and disabling the bad ones? or are you using something like 33mail? Just curious.

[xdrosenheim]

I do the same thing, I catch every mail my domain receives and send it to a catch-all inbox. When ever an e-mail is "compromised" or is being abused, I can just forward <abused-mail>@<domain> to null space.

[DistressedDrone]

Why would that even be a problem?

[rudyfink]

Would you mind sharing your experience on how well that has worked for you? Has the complexity of maintaining different addresses been a problem?

I ask because it is something I have always thought about, but I suppose I kept hoping a service would come along and magic the solution for me. Kudos on making it happen!

[rootusrootus]

I'm not OP but I do something similar, which I can describe. I don't whitelist addresses, I have a domain with a catchall account. So I make up addresses as needed. When I want them to die, I add them to a ruleset on the server that punts them into the bit bucket.

So far it has been really great. Easy, effective.

Edit: Like the other reply you got, I use FastMail for this service.

[btmiller]

Here’s a good guide on how to go about this :)

https://btmiller.com/2019/12/12/regain-control-over-your-inb...

[theK]

Dito, have been doing the same with a selfhosted mailcow for years. Never had a problem :-) Lately I started switching over to account+labels@domain.tld style because of the automated organization so I don't need extra routing rules if I want to organize them.

[wombatpm]

Except for the sites that reject the + character in email. I curse those developers who do that and never go back to that site again.

[dkersten]

I do something similar and also use FastMail. I use <site-name>@sites.<my-domain> for all site signups, eg news.ycombinator.com@sites.example.com

[reid]

Not OP, but I just accept wildcard *@mydomain and give out a unique name for every business. Works very well and I blocked a few businesses by which do not allow for opt-out and/or shared my address with others.

This is easy to do with the Alias feature of FastMail.

[cstrat]

Yeah I do the same thing with FastMail - its awesome.

Here is a recent story where this came in handy.

I recently had a spam phone call from someone fishing for personal information, using a 'survey' as cover. During the call I learned that they had my email address as 'ledger@xxxx.xxx'. This must have come from the Ledger data breach (https://www.ledger.com/message-ledgers-ceo-data-leak). This made the call even more nefarious than I originally thought... nothing I can do, they have that email address and my personal number. Just made me more aware of what is going on.

[NetOpWibby]

That’s terrifying.

[DoctorDabadedoo]

There is a service for that: https://anonaddy.com/

I've used it briefly for testing purposes and I have no complaints about it, it delivered what I expected with no hiccups.

[882542F3884314B]

Adding another comparable offering is https://simplelogin.io and you can set a PGP key for forwarded emails.

[SilverRed]

I did it for ages and eventually stopped. It gets awkward when you have to deal with customer support people and I never caught any spammers via the method anyway. Difficulty wise it was trivial since all emails hit my main address.

[jbaber]

When I can tell it'll be awkward, I just make up some letters on the spot like "gj5@mydomain.com". It's easy enough to look for To:gj5 in your horded mail to find out what business it was.

[cstrat]

I've done this too before, weird thing to have to do but sometimes people just don't get it. Although, nine times out of ten I get asked if I work at that business because the first bit of my email address is their business name.

[prashantsengar]

I use anonaddy for this. A generous free plan, really feasible paid plans, and is open source so you can self-host it as well.

[Supermancho]

I use <mynick>@<signupdomain>.<mydomain>

[nuker]

I just disabled “load remote content” in email clients, stops spam pretty reliably.

[madars]

This looks fantastic --- can you share some tips of setting it up?

[Supermancho]

This is more or less how I did it:

https://pastebin.com/q0H02FaF

[mkr-hn]

Somehow my domain that I've owned without interruption for ~20 years got on a list of throwaway email services.

[thebeefytaco]

Glad to see I'm not the only person who does that! Great way to catch those who share/sell your email and to set up filtering.

[SilverRed]

I did this for 3 years and did not find a single case of spammers using one of the emails. All spam was from the sites I signed up with. Email spam filters catch spam for you.

[scrose]

This isn’t just good against spam. If there’s a data breach on the site, it’s another layer of insulation against you and other accounts you own. It’s close to the equivalent of Apple allowing you to sign up to services using one of their anonymous emails — there’s clearly demand for people to want to keep their emails from being thrown around everywhere.

[pylon]

Wouldn't someone be able to reverse engineer the pattern? I assume everyone is doing some variation of <service@domain.tld> so someone can try to figure out your other email addresses for other sites. Although I don't know if that's worth the time investment.

[scrose]

Right. The method has it’s own flaws, but it’s still another layer of insulation. Someone getting your email off a large user data breach is less likely to pick out your name and attempt to reverse engineer that pattern specifically for you, unless it is a targeted attack against you. For most people, that’s a highly unlikely scenario

[SilverRed]

For the catch all email setups yes. Not with the way apple does it. They have specific mappings setup so you have no way of finding other addresses of the user since every apple user is behind the same domain and the emails are long/random.

[Permit]

> Great way to catch those who share/sell your email and to set up filtering.

Couldn’t the seller just remove the prefix from all emails before selling them?