Solved: Thanks to all who commented, especially those who took the time to respond to my follow-up questions. Your responses were enough to convince me of the value of buying a custom domain in order to keep one’s true email address private w/ the added benefit of working on websites that block known domains of temp/forwarding service providers.
Original post:
I’ve recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I’m less concerned about concealing my identity as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias.
While updating my existing profiles to point to aliases instead of my real address, I’ve hit a snag - some sites (Steam, Slack, etc) won’t allow me to update my email address to any known domains from my email forwarding service.
On these sites that block email forwarding addresses, for now I’m either updating my existing email address w/ a plus sign if the website allows it, otherwise I’m just leaving my existing email address unchanged. It’s not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I’m still miffed that I can’t completely migrate my existing accounts to my new scheme.
I’ve read numerous posts about the benefits of custom domains to enable portability of email service providers, and I’m wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions:
- How do other people deal with this situation?
- Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I’m thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work.
- Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?
EDIT: Clarified my objectives.
Can you elaborate on the benefit of using a random string for your secret/true inbox? Is it so that if it’s ever compromised you can just spin up a new random string as your new inbox, point all your aliases to the new one, and burn the old one?
Same question, how do the random characters after the company name benefit you? Is it so that if you want (or need) to continue using that particular service after a data leak, then at least you can update your profile to company_name-[different set of random characters]?
Something obvious like “inbox@” or “hello@” would get a lot of spam, a random string does not receive spam as spammers usually do not send anything to my random string. :)
I doubt it’ll ever get compromised, as I don’t use this emailadress anywhere. It’s just internal for my emailserver. I could also have it drop that all in a specific folder of my personal emailadress, but that’s how I’ve set it up. Should I ever receive spam there, I’d set up a new random string and fix my aliases to point there.
But again, highly unlikely that this should become necessary.
No, it’s just so that I receive less spam. Imagine you use corp@example.com at a website, that gets leaked. Someone could have the idea, looking at this, that they could use this to find out where you have accounts by seeing whether emails get rejected from the mailserver or not and they could also just flood you more easily by just sending thousands of emails to every $companyname@example.com.
For a short while, I had it without, but this way I got some spam, which is solved now.