I just use <myname>+<service>@gmail.com
At the end of day day it’s all delivered to myname@gmail.com mailbox, but I can use filters based on part after “+”.
This is one of the reasons I switched to a different provider using a custom domain. I can make new addresses in any format I want. There's zero risk of a spammer stripping them down to a base address for the primary account. They also don't get rejected by broken validators.
What’s your plan for when you no longer own your custom domain (think bus factor)? Someone else register your domain and now has access to all your accounts.
Everyone has their own risk profiles, mine assumes I retain control over my domains and emails. I prepay for them several months in advance to make sure I don't lose ownership. any service provider worth their salt will have a human factor for customer support who can help you if any such issues show up.
Thank you for expanding. Sure you can prepay up to a certain extent. Eventually your domain will be available to others for purchase and therefore your accounts will become vulnerable. Maybe this isn’t an issue if in the worst situation you’re not around but if this could cause chaos for your friends and family I would suggest taking it into account.
Given that domain renewals can be purchased multiple years into the future, along with the fact that there are grace periods after expiration, it would take an awful lot of failure to lose a domain unintentionally. I've held my primary domain since 1997 multiple registrars and numerous hosting / colocation arrangements over the years. It sounds harder than it is if you haven't done it before.
yep, i use fastmail with a custom domain. i have a catch all email set up, so i just register any account on sitename.com as "sitename@mydomain" and it all gets sorted into a catch all folder. I can then run rules if i want it to go into a certain category like "bills" or just straight to the garbage.
Not sure about normalizing recipients' emails but some are definitely aware of it because I've seen spam that asked to "reply back to defi.n.it.ely.not.shady+email@gmail.com" or something.
I do this as well, but there are a number of service providers that just do not handle subaddressing at all. Like creating an account will result in never receiving a confirmation or verification code because the system failed to parse the address.
I've started using grouped aliases instead for a bunch of things.
The downside is that https://haveibeenpwned.com/ can only find "exact email" addressed, as in, you must search for myname@gmail.com, myname+service1@gmail.com, etc.
>As someone who deals in breach data this is a simple regex to strip out.
Sure it is, but at least you do get later, post leak, a slight chance find out where leak originated.
Data stealers seldom strip out that +extension part before the selling or otherwise dump it somewhere. And while it's passed on, you get to see address as you gave to that party that had leak. Reason seller don't strip of it is perhaps because they sell by number of unique addresses and while +extension usage is quite rare they make more money when they don't strip it off too.
Information where it leaked can be very useful information to pass leaker at least up till point they have announced they know about the compromise happened. I've done that since turn of century too many times I've lost count already and been quite many times the first to get them know that they had a problem there.
And sure I've received thank you emails that I gave them early head-up info about the issue.
Careful with this method. I was unable to purchase plane tickets from Southwest or even change my email address because they changed their parsing rules on me and silently dropped the plus. I found out most airlines don't have a ticket counter to buy a ticket the old fashioned way! But the premier help can issue tickets. Took me two months to have CS get someone to run a DML to remove my "bad" email address.
It's probably easier to tell them "I lost access to that email, I need to set up a new account". People do this all the time.
On some level, my employer uses emails as the primary key for customer accounts, the baseline identifier which all information is filed under. It's quite ridiculous.
> On some level, my employer uses emails as the primary key for customer accounts, the baseline identifier which all information is filed under. It's quite ridiculous.
I've lost track of the number of places that use the e-mail as an unchangeable identifier. Bonus points for my company liking to change domain names for sport, which just confuses support.
And even big tech companies, who should know better, do this. Like the big blue CDN that's in the middle of half the web's traffic. Who also, for some reason, can't be arsed to send e-mails reliably if you need to change your account.
I did, but the CS agent kept trying to change the email to a new one when I told them I had lost access, and the validation failed because it wanted to send an email to the old address about the email being updated and couldn't. They didn't have the right tools to fix it.
It doesn't have to be literally the service name. Can be any unique alphanumeric suffix you make up randomly. As long as you use a password manager you don't have to remember it.
Indeed, it needs to be more than just the company name if you want it to be useful later. If the email address used is company@example.com, any idiot could guess company. But receiving email to company_wkhx46@example.com is clearly gotta be from them, or they got hacked.
I tried to start doing this. The first site I tried to sign up to said it was an invalid email address.
I would say they could fuck all the way off, but there are legitimate reasons to not let people sign up with an alias (like one person signing up for multiple free trials)
There's other issues as well: occasionally a service will not allow using their service name in your email address. My usual response to this is to misspell it and use an address cursing them instead. (Since these accounts are usually one-off to register to view something, I really don't care if they delete my account in the future and I don't bother to save the password)
When I'm signing up for one service, I don't want to have to sign up for another service, no matter how easy it is. It's not a question of difficulty, it's a question of convenience.
That's why services like Firefox Relay exists. Just generates a new email address for you whose inbox gets relayed to your regular email, no fuss needed. I don't personally pay for it but I do use the heck out of the free email addresses they provided.
