logoalt Hacker News

overlordalextoday at 2:25 PM3 repliesview on HN

The way that this is done these days (and likely what the author did/does) is that you use a custom domain to receive mail; you provide an email like [email protected], and that way when service@ starts receiving spam you know exactly where it comes from

Replies

ValentineCtoday at 2:26 PM

^ I've been doing this with catchalls since before Google Apps for Domain was even a thing.

Sometimes customer support staff bring up "oh, do you work at <company> too"? I just tell them that I created an email address just for their company, in case they spam me.

show 3 replies
aaomiditoday at 2:27 PM

Take it a step further and do uuid@

fragmedetoday at 2:32 PM

yes, but service is too guessable, so append a randomly generated nonce as well, eg [email protected]. It doesn't need to be cryptographically random, just non trivially guessable to prove the service is leaking email addresses.