In light of the seemingly increasing rate of data breaches and privacy violations in general, I've decided to take some steps further regarding my online presence.
Among other things, I decided to switch all my online accounts to custom domain email addresses, so I grabbed two domain names (with WhoisGuard enabled): one for use with stuff related to my real identity (think
@firstlast.com), and the other for all else (think
@randomword.com). Then, I changed the email address of each one of my existing online accounts, taking advantage of the catch-all feature. To make things short, it goes like this:
Accounts not related to my real identity:
Accounts related to my real identity:
As you might have guessed, the 6 digits ending the local part of email addresses are meant to be randomly generated, in order to mitigate easy guesses by spammers due to catch-all (though I've also created a specific sieve filter to mark incoming emails with "unknown" recipient as spam).
Before you ask, I don't intend to start a discussion about threat modelling here. I just want—as anyone who is not a complete tech-illiterate—to have a reasonable weapon against spam caused by recurrent data breaches, so that if an email address is leaked, I can toss it and replace it with a new one without much effort.
Also, I value owning my email addresses, in the sense that if I decide to change email provider in the future, I won't have to change my addresses too as a consequence. For communicating with real humans (e.g., my doctor), I could use a non catch-all address like
I wonder what do you think of this approach... Is it overkill? Do you see any major concern from a privacy or security standpoint? Are you doing something similar and are happy with it? I would very much like to hear your experiences with email, especially about the approach you settled with.