Me too. It used to work for whole domains. Then I guess the limit was added as part of some kind of monetization push. I don't derive enough value to pay for a monthly subscription any time it occurs to me to check, nor figure out how to check addresses one-by-one programatically. So the site is basically dead to me now. It's a shame because there were a few breached lists where people were speculating on where exactly they came from, and I was able to add to the discussion based on which of my tagged addresses were in the list.

I've had that experience re: my personalized addresses being used to more closely identify the source and time of a breach. When I start getting spam to one of my personalized addresses I'll usually reach out to the party for whom the address was created to let them know. Usually I get treated like a crank but occasionally I get somebody who understands and appreciates the help.

My password manager (Bitwarden) does that automatically.

I use Bitwarden with a Vaultwarden server so I have some familiarity. Bitwarden checks new passwords against HiBP. I'm not aware of functionality where it can retroactively check old email addresses or passwords to see if they're included in a breach.

It's under Reports: https://bitwarden.com/help/reports/

Ahh, okay. I assume that's a part of the Bitwarden offering, presumably happening server-side. I'm just using their official client w/ a Vaultwarden server.

It is also available in the Vaultwarden web interface (which is just a rebranded Bitwarden web interface).

enpass.io does this automatically if you selected the option.