A self-proclaimed data enthusiast calling themselves ‘ThinkingOne’ has made a huge database containing 201 million pieces of user data from X freely available. The data is said to have come from two previous leaks and includes email addresses, locations and profile data of users of the social media platform.
This is what I do as well. I purchased my own custom domain name and run aliases off it using Addy. So as an example, an email for an online account would look like:
random9.words@mycustomemail.comThen I feed these accounts into a password manager so I don’t have to remember them.
All the aliases forward mail directly to my main inbox. Companies never see what my real address is. If I get spam, I know which company either sold my data or leaked my data. I can then take action by simply turning off that email alias and then spinning up a new one.
The best thing about owning your custom domain is that you’re in control and never have to change your email addresses. If I want to move to a new email provider, I can easily do that. The process, simplified:
Edit: All providers make it very simple to set up a custom domain. If you can follow instructions and copy and paste text, their systems will run checks to make sure you did it correctly and it’s syncing properly. Very easy for those who aren’t technical.
wouldn’t profilers simply track via the domain tld instead of the whole address…shopping1 at uniquedomain, bank2 at uniquedomain , etc
and in the case of aliasing, couldnt a domain provider tell where the aliases rout to and sell that info as a side earner?
Great questions! Seriously, those made me think for sure.
For question one, I suppose a profiler could do that. If my domain name is myemaildomain.com, they probably could track all emails and sell it collectively. But I don’t think corporations do that at this time. That would be akin to profiling all Hotmail, Gmail, Live, etc emails, appreciating those are massive services. I suppose if nefarious actors were to do that to my domain, I could consider switching domains - I have multiple domain names I own, and it’d be trivial to use the other ones. In the years I’ve been using a custom domain for email, I haven’t encountered any nefarious actors and have significantly eliminated any spam.
For question two, the domain provider I use doesn’t do that in their terms of service. However, if they did look at my MX records and decided they wanted to profile me as a user of Addy, they definitely could do that. Though it would hurt their business as many users would migrate their domains to new registrars - I certainly would move my domains to a new registrar!
Thanks for the guide on how to switch. I’ve been using a mail provider with my own domain for a while now. I’m not unhappy with their service but they only let me make a few inboxes. Good to know switching can be seamless.
Awesome. How’s the Addy privacy posture looking?
I signed up with them ensuring I read their privacy policy. Based on my personal privacy threat model, I’m okay with their policy. This wouldn’t fit a more intensive threat model.
I haven’t read it recently but last I remember they do have the option to temporarily store an email in the event of a failed delivery, until it can eventually get sent to you. This is opt-in I believe, and a toggle you can enable in your account.
In the time I’ve used them I haven’t had any issues with email deliveries. Been happy with the service so far, having left SimpleLogin and Proton for political reasons.
How do you reply to those emails in case of needing to contact with said company.
I’d assume they would deny service if the user (even on the same custom domain) is not equal to the account holder.
When you get an email from Company A that sends to your alias email, the email goes to your inbox. When you reply to that email, your alias provider forwards it to Company A where the sender is your alias address.
In short, you simply reply and your alias service takes care of it for you so that the recipient only sees your alias email and not your true email.
I don’t use an “alias provider”.
I just don’t use aliases for companies I need to send emails to. There are very few.