I’ve recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I’m less concerned about concealing my identity as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias.
While updating my existing profiles to point to aliases instead of my real address, I’ve hit a snag - some sites (Steam, Slack, etc) won’t allow me to update my email address to any known domains from my email forwarding service.
On these sites that block email forwarding addresses, for now I’m either updating my existing email address w/ a plus sign if the website allows it, otherwise I’m just leaving my existing email address unchanged. It’s not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I’m still miffed that I can’t completely migrate my existing accounts to my new scheme.
I’ve read numerous posts about the benefits of custom domains to enable portability of email service providers, and I’m wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions:
- How do other people deal with this situation?
- Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I’m thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work.
- Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?
EDIT: Clarified my objectives.
I’ve seen this approach mentioned in other threads. Where does one configure catch-all, is that in the settings for the mail provider or the domain registrar?
Don’t use Catchall, this can lead to a lot of spam, as ANY address on your domain will be accepted, making it even easier for spammers guessing valid addresses.
Gotcha, so then without a catch-all, is it still possible to make up something on the fly or will I need to predetermine my aliases before I give them out? I guess it’s kinda rare, but I’m thinking about the odd circumstance where I need to come up with something on the spot and I’m away from my computer.
Well, in my case I just add an alias to my mailserver each time. Your mail-eage may vary.
I don’t want to use plus signs as that always let’s anyone kow what the real address is.
I forward those emails to an address which is random. For example: udhxhdjeiwk@example.com
This address is never used anywhere. So I know all emails appearing there aren’t spam but from the original sender.
Each alias looks like this: company_name-[eight random character/numbers]@example.com.
If I ever get spam, I simply delete my account at the company, as they had leaks (I often know way before Have I Been Pwned) and delete the alias. This way I have no spam (only on my personal address, which I hand out).
Okay, I think I’m following, thanks for the detailed explanation.
Nice!