[tamimio]

That’s great, but there’s a caveat. When I normally create a random email with my own domain as a username, I am not tied to a specific service. I can always migrate to another one without having to take any action. However, if I used this with Fastmail, for example, the generated emails are with fastmail.com or similar domains that aren’t under my control. If I wanted to migrate in the future, I would have to redo all of these randomly generated emails.

[toomuchtodo]

It's an important consideration; email sovereignty is at odds with a domain hosting relay aliases where you can blend in with everyone else. Perhaps the solution is a mechanism where you can migrate aliases between services, creating new aliases and updating at each service, and invalidating old aliases, all programatically. Somewhat similar to token and secret rotation. It's just a string identifier that can be an email target.

[tamimio]

Or maybe having an option to generate aliases using my own domain. I don’t mind exposing my domain or even creating a new domain only for this purpose, say @aliasdomain.com. That way, I am still in full control and utilizing the generated aliases.

[dinglestepup]

Most people use a catch-all email with custom domains — and Bitwarden does have an option for that.

[tamimio]

> Bitwarden does have an option for that.

That’s good to know, thanks!

[dinglestepup]

As mentioned somewhere in this thread, using a custom domain poses other risks, in some cases more significant. All your aliases will be forever tied to your identity (and potentially de-anonymized by a single leak).

[tamimio]

> All your aliases will be forever tied to your identity

A separate domain can be used if really needed. But even with using my own domain, I don’t see it as a problem. After all, emails are not anonymous, and a leak with an alias with a custom domain is still meaningless and doesn’t affect other services.

[dinglestepup]

Most domain registrars require providing identity details. Even if these details are private, a single leak or a config mistake on this domain will expose your real identity, tied to all aliases. With an alias service or a shared email provider you don't have this risk as you don't have to provide your real-life identity.

So while it's tempting to use one random alias (h3hj4gjh234@yourdomain.com) for a high-risk service and another alias for a critical service (github@yourdomain.com), these aliases are easily identifiable as belonging to the same person.

[NoboruWataya]

Bitwarden allows you to specify a custom domain for this (assuming that your email forwarding service is configured to work with that domain).