[saghm]

For me, the value of using aliases on my own domain isn't anonymity, it's provenance; I can tell where my email was obtained from based on the the prefix used. If I get an email sent to git@<domain>, I know that someone (or something) was looking at git logs to get it, if it's sent to resume@<domain>, I know someone got it from my resume, etc.

[tamimio]

Pretty much my exact same reason, plus the separation of concerns concept. If a service got breached and that email leaked, I don’t have to worry about using that email to brute force other services.

[dinglestepup]

In most cases you can have the same level of provenance with a plus addressed email, without needing to support a custom domain.

[saghm]

I'm not sure if the comment I replied directly to got deleted or if I accidentally replied to the wrong thread or something, but for some reason I thought I had replied about provenance specifically in response to a comment saying that separate prefixes didn't provide anonymity. Using a custom domain is mostly a fun novelty for me, and if separate prefixes didn't provide any value, I'd still just use use a single prefix on my custom domain because I like it.

[zfa]

I bet no spammer or salesperson would ever think of replacing such a generic localpart to get to your eyeballs.

[rbut]

I've used <site/company>@domain.com for many many years and never had someone do that.

Spammers simply obtain lists of emails through hacking or purchasing them and then spam them, they don't pick a particular address and modify it.

[zfa]

Spammers who just blast stuff out won't do it, I'm sure.

But as a counterpoint it literally happened to me to me years ago when I used to use name+<service>@exmaple.com. I got cold emails to 'name+paypal' despite never, ever having used that localpart. I've no doubt it was absolutely targetted and not a hit-and-hope spamblast but it was enough of a wake-up call for me to realise it couldn't really be relied on.

[Ringz]

I’ve been doing this for years and have never had any problems with it. It is more likely that generic emails will be generated if you have a domain that is also present as a public website on the internet.

[saghm]

Why would they want to spend effort trying to brute-force addresses to show me emails that they already have the ability to sent to me and I didn't generate them any revenue from?

[zfa]

No idea, just pointing out it is such an obvious alg it doesn't really show provenance.

I used similar (well, plus addressing with localpart=name+<service>) a long time ago and once got emails to name+paypal@example.com even though that was a suffix I'd never used. Some enterprising person out there had obviously obtained one or more of my service-specific addresses and was trying to game my attention by changing the identifier to something 'important'. That's when I personally ditched the approach.

[saghm]

"Provenance" might be have been a bit too strong; maybe I should have said "strong signal". It's an additional piece of info that will almost always identify the source, but in the rare exceptions it's not any worse than if I just used a single address for anything.