I’ve recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I’m less concerned about concealing my identity as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias.
While updating my existing profiles to point to aliases instead of my real address, I’ve hit a snag - some sites (Steam, Slack, etc) won’t allow me to update my email address to any known domains from my email forwarding service.
On these sites that block email forwarding addresses, for now I’m either updating my existing email address w/ a plus sign if the website allows it, otherwise I’m just leaving my existing email address unchanged. It’s not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I’m still miffed that I can’t completely migrate my existing accounts to my new scheme.
I’ve read numerous posts about the benefits of custom domains to enable portability of email service providers, and I’m wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions:
- How do other people deal with this situation?
- Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I’m thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work.
- Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?
EDIT: Clarified my objectives.
Fastmail + masked email has worked flawlessly
I use a custom domain with catch-all enabled.
I’ve seen this approach mentioned in other threads. Where does one configure catch-all, is that in the settings for the mail provider or the domain registrar?
Don’t use Catchall, this can lead to a lot of spam, as ANY address on your domain will be accepted, making it even easier for spammers guessing valid addresses.
Gotcha, so then without a catch-all, is it still possible to make up something on the fly or will I need to predetermine my aliases before I give them out? I guess it’s kinda rare, but I’m thinking about the odd circumstance where I need to come up with something on the spot and I’m away from my computer.
Well, in my case I just add an alias to my mailserver each time. Your mail-eage may vary.
I don’t want to use plus signs as that always let’s anyone kow what the real address is.
I forward those emails to an address which is random. For example: udhxhdjeiwk@example.com
This address is never used anywhere. So I know all emails appearing there aren’t spam but from the original sender.
Each alias looks like this: company_name-[eight random character/numbers]@example.com.
If I ever get spam, I simply delete my account at the company, as they had leaks (I often know way before Have I Been Pwned) and delete the alias. This way I have no spam (only on my personal address, which I hand out).
Okay, I think I’m following, thanks for the detailed explanation.
mail-eage
Nice!
I deal with it by not patronizing those sites. Refusing to accept alias domains is nothing short of malicious. Same with VoIP.
Going forward, this approach checks out, but I’m also looking to unfuck my existing accounts. Beginning to think a custom domain is the way to achieve that.
Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?
I’ve never had my own custom domain be blocked for signing up at a service personally.
I only ever had had a website reject my domain once, in around 15 years of using my own domains for email. I just signed up at another website providing the same service.
I host email using Stalwart, in case anyone is looking for something that is really easy to set up and maintain.
Years ago I was in a consulting company that had a tld ending in .consulting
So many websites didn’t allow that because of shitty email verification rules that assume outdated tlds…
It’s a blacklist. You’d just have to use a different domain.
I use fastmail for this, maybe give it a shot if you haven’t heard of them before. I’ve never had their domain blocked so far. You create masked emails for whichever service you need. It’s also integrated into 1password.
I use Proton Pass for this. It creates the alias, which can be paused when not in use, and manages the login. The free tier gives you a handful but the paid tier is unlimited. If you own/buy a domain, you can configure it to be the domain for all of your aliases. For example, you walmart login could be
walmart@curious_dolphin.netI have a list of the websites that I can’t use an alias that I’m signed up for, for those sadly I just leave my real e-mail address or use a secondary one depending on how much I trust the web site. Luckily I changed my alias on some that don’t let you before they added the blacklist (like Steam and GitHub) so I am able to use aliases, although they are not formatted like how I format them now.
