I care. I use a generated email address at my domain for every account/service/website.
I store the account info in keepass, they all have generated passwords too.
I can see when email comes in who abused the email, was compromised, or sold it.
If an email starts getting spam, i block receiving to that address. if desired, I update the account to have another generated email, but usually if I'm getting spam to that email I don't want to do business with them again.
- at some point my email for amazon was shared, and I started getting offers from some vendor to 5-star review one of their products on amazon. I changed my amazon email address. (I generally trust amazon)
- emails from my bank have to go to a specific email address. I can be pretty certain it is my bank contacting me.
- I generally do not give my email address to retail stores. On several occasions I've given it to them for deliveries, telling them it isn't for anything but for the delivery. I'd say 80% of stores are super disrespectful of this. One spammed me every. single. day. with offers, until I got the delivery and turned off that email address.
- I once gave out a specific email address to a friend. He shared it with a second person to coordinate all of us meeting. and then I started getting phished so we figured out that the second person had his email compromised.
- I rented a car from hertz and had to give an email address. and then they sold it to other companies.
- linkedin stuff. easy to spot fakes since they don't go to my linkedin email address. Also easy to spot emails from people contacting me who got the email from linkedin.
Do you get so much spam from a specific email that you feel safe to ban it completely? Are you able to sue them or just send a strongly worded email about how they sold your email?
Fastmail offers per-service generated addresses. I think it's kind of fascinating to watch my email address that went solely to my local credit union start sending me spam somewhat related to my employer.
Yes, I’ve done this for years. And to be honest, I don’t think I’ve ever “caught” a business sharing a service when they shouldn’t have.
Makes me question why continue to do it.
I've been doing this for years, as well. I've also found that the majority of companies I give an email address to are actually surprisingly good stewards of that information. However, I have found a number of email leaks. It looks like my block list is up to 31 addresses. Most of those are leaks that led to spam. (Although one was a smoothie chain that insisted on sending me email every single day, and their unsubscribe page always seemed to be "malfunctioning".)
I don't think all or most of these companies on the list are intentionally selling my address to spammers. I suspect most of these leaks are due to poor handling of the data or server compromises. (Surely Adobe, for example, isn't so desperate that they would sell my address to spammers.) But whether by malice or incompetence, I can easily block them.
The important detail is to add random nonce/salt to the generated email, like _jri68, so that it's not guessable, so it's provable that the database was compromised. Guessing bestbuy@example.com is believable, but guessing bestbuy_jri68@example.com, is not.
I care. I use a generated email address at my domain for every account/service/website. I store the account info in keepass, they all have generated passwords too. I can see when email comes in who abused the email, was compromised, or sold it. If an email starts getting spam, i block receiving to that address. if desired, I update the account to have another generated email, but usually if I'm getting spam to that email I don't want to do business with them again.
I do the exact same thing.
It gives you quite a bit of insight and control.
some examples:
- at some point my email for amazon was shared, and I started getting offers from some vendor to 5-star review one of their products on amazon. I changed my amazon email address. (I generally trust amazon)
- emails from my bank have to go to a specific email address. I can be pretty certain it is my bank contacting me.
- I generally do not give my email address to retail stores. On several occasions I've given it to them for deliveries, telling them it isn't for anything but for the delivery. I'd say 80% of stores are super disrespectful of this. One spammed me every. single. day. with offers, until I got the delivery and turned off that email address.
- I once gave out a specific email address to a friend. He shared it with a second person to coordinate all of us meeting. and then I started getting phished so we figured out that the second person had his email compromised.
- I rented a car from hertz and had to give an email address. and then they sold it to other companies.
- linkedin stuff. easy to spot fakes since they don't go to my linkedin email address. Also easy to spot emails from people contacting me who got the email from linkedin.
It goes on and on. More people should do this.
Yes.
I use a catch-all. I can accept (whatever)@mydomain.tld
Anytime a new company wants my email address, I just randomly give them one.
So far I only get spam to the email addresses other people posted on a website as contacts for organizations I volunteer with.
(I get spam from web scraping, not from company hacks/sharing etc.)
JW, why?
Do you get so much spam from a specific email that you feel safe to ban it completely? Are you able to sue them or just send a strongly worded email about how they sold your email?
Before this, when just using a single email address, I had no idea where the spam was coming from.
Now I know where the spam (I get) comes from.
I haven't had to ban any addresses yet.
Fastmail offers per-service generated addresses. I think it's kind of fascinating to watch my email address that went solely to my local credit union start sending me spam somewhat related to my employer.
Sure do - though I have my own domain, so I don't need subaddressing. If some address gets compromised, I just set it to bounce.
Yes every service gets a custom address.
It's also interesting that some services don't allow COMPANYNAME@mydomain.com for registration. (Can't remember which)
Yes, I’ve done this for years. And to be honest, I don’t think I’ve ever “caught” a business sharing a service when they shouldn’t have. Makes me question why continue to do it.
I've been doing this for years, as well. I've also found that the majority of companies I give an email address to are actually surprisingly good stewards of that information. However, I have found a number of email leaks. It looks like my block list is up to 31 addresses. Most of those are leaks that led to spam. (Although one was a smoothie chain that insisted on sending me email every single day, and their unsubscribe page always seemed to be "malfunctioning".)
I don't think all or most of these companies on the list are intentionally selling my address to spammers. I suspect most of these leaks are due to poor handling of the data or server compromises. (Surely Adobe, for example, isn't so desperate that they would sell my address to spammers.) But whether by malice or incompetence, I can easily block them.
The important detail is to add random nonce/salt to the generated email, like _jri68, so that it's not guessable, so it's provable that the database was compromised. Guessing bestbuy@example.com is believable, but guessing bestbuy_jri68@example.com, is not.
I care. Maintain a collection of emails per tier of service plus some Apple obfuscation.