[kroltan]

Yeah, I've had to explain that a couple times already, usually when dealing with customer support or in-person registrations.

And a "malicious" actor can get away with pretending to be another company by spoofing the username if they know your domain works like that. I don't think this has reached spammers' repertoire yet, but I wouldn't be surprised.

Eventually I'd like to have a way of generating random email addresses that accept mail on demand, and put everything else in quaraintine automatically.