alt Hacker News> Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address.
I think a lot of services will "de-alias" the email addresses from these tricks to prevent alts, account spam, and to still target the "real" account holder email. So the old tricks like "<name>+<website>@<host.com>" is not considered a unique email from "<name>@<host.com>". Unless your site-specific emails are completely new inbox aliases, then I don't think this is as effective as people think it is anymore.
Replies
I use Fastmail with my own domain and 1Password. Together they give me a “masked email” button for forms that generates a random enough email address (two common words and four digits) and records the domain it was for. You can also create them ad-hoc from Fastmail’s interface.
As well as simply attributing leaks, it’s most valuable as a phishing filter. Why would my bank ever email an address I only used to trial dog food delivery?
iCloud has a great feature that allows you to generate unique aliases on the fly quickly and easily. For example when signing up for new services via the web browser on iOS, you can generate a new address with the click of a button.
Many years ago, before I started using iCloud Mail, I was running my own email server and had it set up to forward everything sent to any address on my domain to my inbox. The advantage was that I could invent random aliases any time I wanted and didn’t even need to do anything on the server for those emails to get delivered to my main inbox. The very big drawback as I soon experienced was that spammers would email a lot of different email addresses on my domain that never existed but because I was going catch-all, would also get delivered to my main inbox. They’d be all kinds of email addresses like joe@ or sales@ or what have you. So apparently they were guessing common addresses and because I was accepting everything I’d also get tons of spam.
Of course. I use Firefox Relay to generate a unique email address for every site where I have to use an email. That method hasn't failed me so far.
I just do <website>@<myhost.tld>. It is sometimes confusing by when interacting with customer support ;-)
> So unless your site-specific emails are completely new inbox aliases, then I don't think this is as effective as people think it is anymore.
Even if it's a "new" alias, I often see people[1] using simple schemes to derive the address, eg. [email protected]. With cheap LLMs it's not hard to automatically guess what the underlying pattern is.
edit:
[1] ie. in this very thread
I use DuckDuckGo Email and it generates unique addresses that I can both receive emails (obviously) and reply to from that email. There's also an option to shutdown that address and never receive spam again.
I personally do [email protected]. It makes it very obvious when you start getting spam (I’m looking at you dji).
The way that this is done these days (and likely what the author did/does) is that you use a custom domain to receive mail; you provide an email like [email protected], and that way when service@ starts receiving spam you know exactly where it comes from