[pylon]

Wouldn't someone be able to reverse engineer the pattern? I assume everyone is doing some variation of <service@domain.tld> so someone can try to figure out your other email addresses for other sites. Although I don't know if that's worth the time investment.

[scrose]

Right. The method has it’s own flaws, but it’s still another layer of insulation. Someone getting your email off a large user data breach is less likely to pick out your name and attempt to reverse engineer that pattern specifically for you, unless it is a targeted attack against you. For most people, that’s a highly unlikely scenario

[SilverRed]

For the catch all email setups yes. Not with the way apple does it. They have specific mappings setup so you have no way of finding other addresses of the user since every apple user is behind the same domain and the emails are long/random.