I run my own IT. I host my own email, authoritative DNS, web, etc. I use wireguard for a lot of stuff. I put stuff behind cloudflare. I'm sneaky when I need to be, but mostly I'm just a control freak. I also know way more than the average person about email and email authentication. Or lack thereof.

Every entity gets it's own email address. As others have pointed out, it lets me track who ends up with it. Sometimes I find it surprising, mostly I don't. Sometimes, though, people are up to some shit.

edit to say that those actually creating mailboxes for everything should just use aliases that funnel to a single mailbox. So much easier to maintain than having to have a huge keepass db.

edit 2 employ dmarc if you want to see who is trying really game

I use canaries. I point a dozen domains to fastmail and another dozen to my self hosted email servers. Each have aliases that are mapped to vendors but do not have the vendor name as some vendors are getting upset at this practice and calling it fraud. If I start getting garbage on that alias, I notify the vendor. In most cases they will give me a boiler plate response and then I delete the alias. If they are snarky I create a reject rule with my own snark that also explains the emails for that vendor have been either sold or compromised. This is to let people buying email addresses know they bought a dirty list as some of the modern bots have some telemetry.

I care. I use a generated email address at my domain for every account/service/website. I store the account info in keepass, they all have generated passwords too. I can see when email comes in who abused the email, was compromised, or sold it. If an email starts getting spam, i block receiving to that address. if desired, I update the account to have another generated email, but usually if I'm getting spam to that email I don't want to do business with them again.

I do not. I have three mail boxes, for trashy, job-y and personal things. And a couple of technical (apple id, etc).

Gmail is really good at filtering spam, so I probably looked into it and found a letter that I waited for only one time in last few years. My inboxes are either empty or may get first non-spam marketing emails that I unsubscribe from immediately. Unread count zero.

Idk why people fortify their email that much and investigate who does what. Have no issues nor hesitation with leaving my work email at any local org.

Fastmail offers per-service generated addresses. I think it's kind of fascinating to watch my email address that went solely to my local credit union start sending me spam somewhat related to my employer.

Sure do - though I have my own domain, so I don't need subaddressing. If some address gets compromised, I just set it to bounce.

Yes.

I use a catch-all. I can accept (whatever)@mydomain.tld

Anytime a new company wants my email address, I just randomly give them one.

So far I only get spam to the email addresses other people posted on a website as contacts for organizations I volunteer with.

(I get spam from web scraping, not from company hacks/sharing etc.)

I care but don't have time or the resources. What I have made a habit of tho is registering to any new website or service using example any.name@gmail.com → register using a.nyname@gmail.com. I then take note of which variant / which service.

I have no idea if this works the way I expect it logically could or should, but if it does I guess I have some data to go thru.

I use iCloud’s Hide my Email feature. So I have dozen email addresses and I receive email in the same inbox. I don’t care how my email addresses are used. The moment I see too much spam, I remove the email address.

Yes, I’ve done this for years. And to be honest, I don’t think I’ve ever “caught” a business sharing a service when they shouldn’t have. Makes me question why continue to do it.

The important detail is to add random nonce/salt to the generated email, like _jri68, so that it's not guessable, so it's provable that the database was compromised. Guessing bestbuy@example.com is believable, but guessing bestbuy_jri68@example.com, is not.

Yes every service gets a custom address.

It's also interesting that some services don't allow COMPANYNAME@mydomain.com for registration. (Can't remember which)

I care. Maintain a collection of emails per tier of service plus some Apple obfuscation.

I have a catch-all domain but I don’t bother to setup unique emails for each service. It’s too much of a headache and you have to ask yourself:

If I find out someone sold/shared/leaked my email what am I going to do?

Here the possible responses as I see it:

* Stop doing business with them - This is way easier said than done

* Be mad - ok, great, now what?

* Send a strongly worded email - again, so what?

* Sue them? - Good luck

Selling or sharing my email address is a shitty thing to do, but my recourse is extremely limited and really ends up with me just being angry with nothing to do about it. Given that I’ve decided just to not care.

There are many things in life that I once cared about or once got worked up about that I don’t anymore because I’ve realized that it’s just not worth it. I’ve tried to identify more and more the things that get me mad, but don’t affect any change and then purge those things from my life. Life is too short to spend your time worrying about things like who sells your email.

[dead]