It looks like someone is currently mad at me and has signed my email address up for a few spam/scam newsletters I’m not too fussed, it’s easy enough to resolve.
But it brings me to a question I’ve asked myself time and time again. Is it worth having a unique email address per service? Or a unique email address per category of services (finance, social, etc.)?
Just wondered if anybody here may have any experience with this I already use VaultWarden as a password manager, so randomly generating email addresses under one of my domains wouldn’t be any hassle.
Pinging the king of email for his opinion too @Jarland
It’s a tough call for me because I see randomly generated emails as an indicator of spammy activity. Looking like I’ll have to break myself of that as trends are going.
I’ve always used a bit of a hybrid approach to this.
I have an email address i use for signing up to things that are not life or death (i.e. forums like this, Netflix, random online websites that need registration, any newsletters)
I also have a “personal” email address that I use for things that I know are important to me such as online banking, job applications, personal correspondence etc.
This has always worked well because I generally don’t care that I get a ton of spam and crap to my “sign ups” email address and the sites that have that email are often more likely to sell that email address on but it doesn’t bother me. Meanwhile my personal email address is old (old enough to be a Microsoft email thats three letters long) and I’ve never really had any spam!
I personally couldn’t be bothered to manage the overhead of new email addresses for each sign up but I can see why this would be good in some ways!
I have two personal email addresses - Home (netflix and shiz) and then “professional” personal (council tax, bills, job applications, etc).
Then I have a throw away account which supports plus addressing, which I use per service so I can work out which company sold my data. If one of the plus addresses becomes to much I black hole it…
I actually do that, and for the most part it’s probably not worth it. The number of companies that sell your email or spam you even after you unsubscribe is pretty low in my experience. The catch is that you don’t know which companies will do it until they do it. If they do, then it’s easy to just blackhole that address/alias and carry on. So I’m not going to stop doing that, but it’s a hard case for anyone outside of a forum like this to make.
I’ve always used a unique address for every signup/service, not random, usually based on the name of the service so I can white/black/sideline list any e-mails I then get. Those addresses always contain a tell-tale pattern, so I can use a catchall mailbox, but reject sales@, info@, jane@, john@ etc. etc.
Never felt it as a hinderance as I also use a unique random password for every service too and use keepass to login, click the URL, click and paste username, click and paste password, done.
I do have a handful of such unique addresses that have at some time gotten onto a spammers list, they’re aggressively spammed from all and sundry often effectively i.e. passing spam rules, but fortunately none are for services I still use, so can blacklist them to an unwanted folder and review that from time to time more out of curiosity. In that respect I’m glad I’ve never used a single address, outside of friends and family.
Interestingly I used to also use subdomains for time limited e-mails e.g. [email protected] (but not that obvious) for entering competitions etc. I could simply pull the DNS MX record for the subdomains as they time expired and thus no spam after the competition draw dates. Haven’t entered that many since Covid lifted but was always amazed how few Companies actually follow up in the short term.
Good explanation. One more issue to add that I forgot to mention is that, if your email is part of a large scale hack, it will eventually make it to the dark web and spammers will absolutely flood that address. At that point you’ll be happy you used [email protected] instead of [email protected]
I have a catchall email address, so it’s easy for me to use a separate email address for each site. If any particular address starts getting spam, I can blackhole just that one address. Works well enough
I could tell that the LinkedIn data breach happened before it was announced publicly because I started getting a LOT more spam to an address I only used on LinkedIn.
I have a random .xyz domain (since it’s very cheap) and I’m using a catchall email adress. Whenever I signup for something I used the service as the mailbox name. This way I can separate them easily.
About 25% of my users use some variation of this. My only complaint is that I can’t find their account right away, when they get in touch with their ‘normal’ address.
Understandable. In my experience, providers don’t try to do this. They just say that there is no account for this email. If you tell them your account info, they say that it would be a security issue to reply to the wrong email.
I use 3 kinds of Emails with unlimited number of addresses: @gmail.com : Too personal, no sharing coz they’re linked to banks and assets @myname.tld : Personal use, mostly everywhere starting like [email protected] and [email protected] for FB and others. @cloudmate.in : Professional Use
Actually, all of them are configured with Gmail to retrieve and send mail using POP3 and SMTP and forwards, so all mails at one place!
I’ve always used unique address coz it’s easy to seperate and no single point of failure.
About Spam, I am also irritated. Not easy to resolve in my case when there’s no unsubscribe button. I actually report every email to SpamCop!
Right, that was my thought when reading it too. I use Gmail for work-related activities only, where I generally don’t expect privacy to begin with. I’d never use Gmail (anymore, at least) for financial or personal conversations.
There’s only one thing that I don’t use my own domain email for and that’s the registrar.
I understand wanting to use Gmail for banking when you have a custom domain forwarding to Gmail anyway. Using the custom domain introduces up to three points of attack. If an attacker gets your registrar, DNS provider, forwarding service, or Gmail, they can receive your 2F codes.