Solved: Thanks to all who commented, especially those who took the time to respond to my follow-up questions. Your responses were enough to convince me of the value of buying a custom domain in order to keep one’s true email address private w/ the added benefit of working on websites that block known domains of temp/forwarding service providers.

Key takeaways:

  • Forwarding services’ shared domains are useful for blending in w/ the crowd. (credit to @Cricket@lemmy.zip)
  • Custom domains are handy when you don’t care about blending in and you want to use a website that blacklists known domains of disposable/forwarding service providers, including the paid-tier domains.
  • Deciding whether to enable catch-all:
    • Enabled: You can make up new addresses without having to configure the alias manually each time, but it’s also easier for spammers to guess valid addresses.
    • Disabled: It’s more difficult for spammers to guess valid addresses, but you’ll have to configure your aliases manually unless you have regex matching for automatic creation of new aliases. With regex matching for automatic creation of new aliases, disabling catch-all has few if any downsides.
    • Regex matching: Seems to provide the best of all worlds by making it harder for spammers to guess valid addresses without having to configure aliases manually each time.
  • For aliases, including a string of random characters after the company name makes it harder for spammers to guess your other aliases and/or learn where else you have accounts by spamming emails to every $companyname@example.com and seeing which ones bounce back. (credit to @erebion@news.erebion.eu)

Original post:

I’ve recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I’m less concerned about concealing my identity as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias.

While updating my existing profiles to point to aliases instead of my real address, I’ve hit a snag - some sites (Steam, Slack, etc) won’t allow me to update my email address to any known domains from my email forwarding service.

On these sites that block email forwarding addresses, for now I’m either updating my existing email address w/ a plus sign if the website allows it, otherwise I’m just leaving my existing email address unchanged. It’s not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I’m still miffed that I can’t completely migrate my existing accounts to my new scheme.

I’ve read numerous posts about the benefits of custom domains to enable portability of email service providers, and I’m wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions:

  • How do other people deal with this situation?
  • Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I’m thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work.
  • Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?

EDIT: Clarified my objectives.

  • curious_dolphin@slrpnk.netOPEnglish
    1·
    1 day ago

    Makes sense. Follow-up question: Is there any particular reason why you use the email+hfu2sb5d@example.com or email+ebay@example.com as opposed to just hfu2sb5d@example.com or ebay@example.com?

    If I understand correctly, the plus sign helps you see which organization has compromised your info, but the drawback of the plus sign is that a savvy spammer can figure out what your true email address is (the part before the plus sign), whereas aliases such as hfu2sb5d@example.com or ebay@example.com conceal your true email address.

    Am I thinking about this correctly?

    ETA I’ve also encountered sites where a plus sign in the email address is disallowed, which is another downside of the plus sign approach.

    • Thorned_Rose@sh.itjust.worksEnglish
      1·
      21 hours ago

      Its just less setup for me. My personal domain is shared with other people so I can’t set a domain level catch all. That and its less setup for me. I have no automated way of easily creating new emails (and my email settings would get very cluttered with hundreds of different emails). With a generic email address that I use with a +, its just one email and whatever comes after the + will go to that email. Then I have more options for what to do with those emails in mail clients. In my case, I have different mail filters to send them to different mailbox folders. But I can also tag them, auto delete, auto forward, etc. Whatever your mail client filters can handle.

      A savvy spammer can do that anyway by brute forcing whatever is before the @ for any email address at all.

      I’m less concerned about spammers (which are annoyingly inevitable after a while) and more concerned with data breaches. Thus if I can see where my leaked email address came from, I know who to blame and its also a lot easier yo change my account logins.

      And yes, some sites annoyingly disallow them but in that case I can create another email address for those since they are few and far between.