• Swarfega
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    I do pay for SimpleLogin and will continue to do so. The only place my actual proton email address is exposed is on SimpleLogin. Every site I use on the internet has its own alias. That’s 350+ sites currently.

    The only downside to a catchall, as I see it, is someone could just start creating any random email address knowing it will find your legitimate mailbox. Also sending as any of the aliases can be a pain.

    • zarenki@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      Compared to simplelogin (or proton pass aliases, addy, firefox relay, etc), one other downside of a catchall is in associations across accounts. Registering with a @passmail.net address implies that I use Proton; registering with random-string@mydomain.org implies I have access to that domain. If 10 data breach leaks have exactly one account matching the latter pattern then that’s a strong sign the domain isn’t shared. If one breached site has my mailing address, my real identity can be tied to all the others.

    • PiJiNWiNg@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Yeah, I have to agree that the ‘send as’ can be a pain, would be nice if it sent as the recipient email by default. As far as people spamming looking for a legit address, I’ve fortunately not run into that, but I could see how that could happen.

      • Swarfega
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Yeah. I mean, even if you did get targeted by someone they really don’t want to waste their time on someone who is more privacy/security conscious. Thieves want easy targets.