upvote

points

by keyle14 hours ago |
comments
upvoteby alexfoo6 hours ago|
next
[-]
Plus addressing (or movable periods in gmail addresses, etc) is increasingly pointless for a whole host of reasons.

It may keep out the bottom x% of spammers/hackers but it doesn't do much for the increasingly sophisticated scams that are appearing.

If the bit before the + ends up in your inbox anyway then it'll just get stripped off and used. Spammers seeing this kind of thing across several breach dumps:

bob+trello@example.com, bob+spotify@example.com, bob+chase@example.com

and will leverage that to target spam at you for other sites, or just email bob@example.com as there's a good chance that'll get through.

Years ago I did a test with my own domain where I created who unique aliases with plus addresses, e.g. steve.smith+iawer@example.com, bob.jones+wpoqe@example.com

It didn't take long for emails to start arriving to steve.smith@example.com and bob.jones@example.com even though that email address had never been used anywhere ever before.

As others have said, you're better off just creating unique emails with `pwgen -s 16` such as wmR5pNhGI8yidU7N@example.com and storing that in your password manager alongside a similarly random password. (Yes, this is roughly what those unique email address services provide.)

Also many services/sites/providers simply assume the username is immutable. $DEITY forbid you might have to change your email address at some point in the future.

reply
upvoteby Cider998613 hours ago|
prev|
next
[-]
I recommend people use proper email aliasing, not plus addressing. Duckduckgo makes a free one that's can integrate into Bitwarden, if you have iCloud+ Apple's($0.99/month) hide my email is good. Addy.io and SimpleLogin are the best and allow PGP encryption to prevent another party having access to your emails, but they are paid for full features.

> Organizations like the IAB require that advertisers normalize email addresses so that they can be correlated and tracked, regardless of users' privacy wishes.

https://www.privacyguides.org/en/email-aliasing/#over-plus-a...

reply
upvoteby 13 hours ago|
prev|
next
[-]
deleted
reply
upvoteby AlienRobot7 hours ago|
prev|
next
[-]
One time I clicked "I forgot my password" on a website and they e-mailed me my password.

Ever since I don't trust online services.

reply
upvoteby IshKebab12 hours ago|
prev|
next
[-]
Plus addressing doesn't work well unfortunately - lots of poorly written websites will reject it.
reply
upvoteby keyle9 hours ago|
parent|
[-]
+1 for not giving those websites your email in the first place!
reply
upvoteby andrepd13 hours ago|
prev|
[-]
The + trick is useless to protect you, obviously. Instead, use a a service like simplelogin to create unique emails for every place you sign in.
reply
upvoteby keyle9 hours ago|
parent|
[-]
Correct, but you get to see who leaked you.
reply
upvoteby lionkor7 hours ago|
parent|
[-]
Depends if the criminals are smart enough to strip the +.. part when sending you phishing.
reply