I do something very similar, and have a similar result - almost no cross-sharing/selling of addresses.
The two sources I have:
- Leaks
- Guesses - eg. webmaster@domain.com
- Kickstarter
Kickstarter gives over your email to projects, and now I get get lots of kickstarter type spam where it's clear projects have shared it out. It's annoying. My fault for using a real email with kickstarter years ago.
I'm pretty sure all the spam I get on my original account (20 year old email, first@firstlast.com) are also more leak related than anything else. That email has been around for so long, and is in a lot of leaked cred dumps. Whenever there's a new dump I get a small spam uptick.
I've been segregating passwords for several years, but nothing like the age of my original one true email.
I recently bought a whole new anonymous domain too, to keep non-personal email off my personal domain (it's firstnamelastname.com). It's fun to have a second domain and totally unique emails per vendor, but doesn't seem to do much. I suspect this is also a volume/value thing for spammers. Everyone has a gmail so search/guess/spam those and it's easy. Individually targeted attacks on domains with very small address lists aren't worth it, and almost worth removing from your spam attack because someone with a small custom domain isn't likely to fall for it. Similar to the delivery typos approach of selecting for people who aren't sensitive/cautious to correct language.
I find Fastmail does a really good job at detecting spam in general too.
The two sources I have: - Leaks - Guesses - eg. webmaster@domain.com - Kickstarter
Kickstarter gives over your email to projects, and now I get get lots of kickstarter type spam where it's clear projects have shared it out. It's annoying. My fault for using a real email with kickstarter years ago.
I'm pretty sure all the spam I get on my original account (20 year old email, first@firstlast.com) are also more leak related than anything else. That email has been around for so long, and is in a lot of leaked cred dumps. Whenever there's a new dump I get a small spam uptick.
I've been segregating passwords for several years, but nothing like the age of my original one true email.
I recently bought a whole new anonymous domain too, to keep non-personal email off my personal domain (it's firstnamelastname.com). It's fun to have a second domain and totally unique emails per vendor, but doesn't seem to do much. I suspect this is also a volume/value thing for spammers. Everyone has a gmail so search/guess/spam those and it's easy. Individually targeted attacks on domains with very small address lists aren't worth it, and almost worth removing from your spam attack because someone with a small custom domain isn't likely to fall for it. Similar to the delivery typos approach of selecting for people who aren't sensitive/cautious to correct language.
I find Fastmail does a really good job at detecting spam in general too.