[cube00]

Catch-all addresses are a must have for me now. I allocate unique addresses to every website as these are more robust then using the + operator because they can't be stripped off.

I've already busted one company (I presume selling) my email address to a cloud provider for them to send me marketing material.

I emailed their privacy officer and didn't even get a reply, but that's OK, if it continues, one sieve rule and I can delete any mail that arrives on that address.

I just hope the spammers don't get so advanced they start forging other web sites addresses, maybe I'll have to move to a hashed and salted version that they can't forge.

[mortenlarsen]

I use "-" instead of "+" with a regex: "/^name-.*@mydomain\.tld$/". Then I block them when I get spam after they get compromised. Many spammers already know to remove anything after the +-sign.

But I must admit that the biggest benefit of this setup, was listening to my girlfriend on the the phone explaining to someone, at some company, the reason that their name was part of the email-address:

    "That is because if I get SPAM, I know that I can't trust you."
    ...
    "Just make sure that you don't sell it, or get hacked."
    ...
    "If you are already expecting to get hacked, or sell it... why should I do business with you?"

It was priceless.

[zacwest]

I do something similar, it's been fun journey of issues over the years.

One company gave me a free version of their paid offering because my email address was me@them.my.domain, which triggered their "is an employee?" check. (I reported it to a friend who worked there, but they didn't prioritize fixing it. Lasted a while.)

Uber tried to make me change my email address because:

> As much as we appreciate your enthusiasm, and value you as a loyal rider, I do need to ask if you could, please, update your email to something that doesn't use "Uber" in it, as that's technically a trademark violation.

> I apologize for any inconvenience that may cause and thank you for your cooperation. If I can help further with making that change to your email, please let me know.

They backed down, but it was pretty amusing to get this email in response to a totally unrelated one.

[alteria]

At least one news website threatened to shut my (expensive) paid account because I was using a "generic" email address, and as such, was likely sharing my credentials.

They insisted I change the email to myname@myname.tld, which was enough in their books to prevent credential sharing.

[captn3m0]

Zomato refused the same to me as well, and I use otamoz@ instead. My Uber email is uber@ though, haven’t had any issues.

[Tea418]

If you’re self-hosting your mail server and if you are using Postfix, changing recipient_delimiter could do the job without regex.

http://www.postfix.org/postconf.5.html#recipient_delimiter

[exikyut]

One minor niggle: I can definitely agree with calling shenanigans if a company doesn't make it clear they have no plans to sell my email address, but honesty about planning to get hacked - from a "this is what we will do" standpoint, but also from a perspective that doesn't flat-out rule out "that will never happen" - is honestly something I would find very refreshing to hear. A lot of environments prioritize mitigating the hypothetical liability risk associated with those kinds of big words rather than communicating that type of boldness that comes across as reassuringly supportive and resilient.

This being said, I wouldn't have minded being a fly on the wall listening to that conversation :P

[domlaut]

Clever! Are you running your own email server, or is there a provider/relay other than Google that can route based on regexes?

[mortenlarsen]

My own server, since 2001. Regex part since about 2003. It has been very effective, and still is.

The most effective thing back in the day was blocking based on TCP fingerprint, as "Windows XP" was different from "Windows 2003" IIRC (with OpenBSD PF). After that, greylisting gave me a few SPAM-free years, before it became the norm (OpenBSD spamd). Many OpenBSD users had quite a few SPAM-free years back then.

[exikyut]

<Insert standard "how are you not being blocked by everyone?!?!" here>

(Genuinely curious - particularly with M$)

[iRomain]

The OSS https://forwardemail.net can route based on regex

[gommm]

Because spammers know to remove anything after + or - sign, I've set up an arbitrary sequence of letters so gommmm iai + anything I want will root to gommmm@

I've CS question why I used their company email in my email address and it was fun!

[noja]

> I've already busted one company (I presume selling) my email address to a cloud provider for them to send me marketing material.

Are you using a salt or something along with the company name? Or could we guess the e-mail address for a given company?

[voisin]

Why not use iCloud’s private email feature to generate a new email that forwards to your regular email for these purposes?

[7steps2much]

Just my personal opinion, but the reason I got a domain to start with was to not be dependent on a specific provider.

Also, it's is far nicer to be able to simply sign up to a website with company@example.com than go generate a random email. Especially if you are on another device.

[M5x7wI3CmbEem10]

doesn't this lock you in with the domain provider? google domains or whatever you use

[neoromantique]

You can migrate your domain to a different registrar

[encryptluks2]

Using a custom domain is precisely to prevent lockin that you are getting with many of these alias providers. If you don't own the domain then you can't migrate to a different provider.

[Gareth321]

If you ever migrate away from iCloud, you lose all of those custom addresses. Using even one immediately locks you into iCloud for life. This is a sobering prospect in our age of "one wrong word and we'll ban you from our service."

[domlaut]

I use an email like this for our ISP at home -- one time I was asked what the email on the account was. Much easier to remember and dictate something like comcast@surname.com than one of Apple's "Hide my email" emails.

[encryptluks2]

It sounds great in practice, but unless you are using something psuedorandom, then I can already guess you may have a domain at chase@surname.com or facebook@surname.com. It may be convenient but certainly takes away some of the work if someone wants to target you.

[crossroadsguy]

No, that’s losing control. Though it’d me nice to have more email providers who support this like Fastmail does (inside their mail client iirc), or even better the way iCloud private mail seems to be doing or duck.com I’ve heard probably does. Though I doubt my provider mailbox.org will even try to do it.

[nsomaru]

How are you hosting email, would you mind sharing your setup?

[Razengan]

> I've already busted one company (I presume selling) my email address to a cloud provider for them to send me marketing material.

Who? So we can avoid them.

[btmiller]

So far for me: - Drizly - Stub Hub - Trustmark

[Tepix]

For me, that latest company to have apparently sold my email address was UploadVR.

[encryptluks2]

I've detected an Xfinity data breach using custom aliases, but so far Xfinity refused to acknowledge anything.