Privacy @lemmy.ml TheTwelveYearOld @lemmy.world 4 mo. ago

Privacy@Lemmy.ml: Why use catch-all email domains over email aliases?

I've been looking at using email aliases services, and right now I'm thinking of using Simplelogin for all my online accounts and accounts where I can change my email easily, and getting my own domain to share with people and where I can't easily update my email. It seems like I shouldn't use my own domain for online services because it would be unique and can be tracked.

I did lots of reading about this and am still wondering why someone would want to opt for catch-all domains over aliases. Catch-alls seem highly susceptible to spam and while I haven't actually done any email aliasing yet, it doesn't seem to take much effort to make a new alias if you have a plan with unlimited aliases.

15 comments

I have basically the same thoughts as you. The reasons I can think of is:

Convenience (but SL is pretty convenient)

Less of a lock-in to one vendor.

Avoiding filters on sites not allowing aliasing domains (often incorrectly under the label "temporary email addresses")
Custom domains mean that if the alias provider enshittifies, you can switch to any other provider near-instantly. As long as you never use the domains to host illegal or dodgy shit it's extremely unlikely you'll ever lose them — far less likely than losing a gmail or whatever.

With SL you can avoid spam by using the "beta" (been beta for 3+ years lol) "auto create" option instead of a catch-all, meaning that you can direct emails to different inboxes (or do nothing) based on specific regex strings you control — up to 100 of them. I had a catch-all regex (.*) as my # 100 and it took 2 years to receive catch-all fishing spam. Then I removed it and now have only random strings (e.g. .*fgyu.*) so new emails must have them if they want to get somewhere. Everything else bounces. All previous emails continue to work until you disable them individually.

I use a mix:

SL-domains: anything I don't give a shit about.

Non-PII domain: anything I would want to persist if I changed provider, but don't need my identity, or can give out a unique email in-person.

PII-domain: banks and all other services tied to my identity.

Top-Secret-PII-domain: critical services that could compromise all others (password manager, email/OS accounts, domain name registrar).
I did lots of reading about this and am still wondering why someone would want to opt for catch-all domains over aliases. Catch-alls seem highly susceptible to spam and while I haven’t actually done any email aliasing yet,

I'm using catch-all since years and no spammer has ever made up a new email alias to spam me.

it doesn’t seem to take much effort to make a new alias if you have a plan with unlimited aliases.

That depends. The moment you are in a shop without your phone/email and they really want an email address you can simply write down their_company_name@your_email_domain_name for them without having to compromise anything.
Both are fine choices depending on your requirements. The thing with external alias services, you are not in control of the addresses/domain. Catch-all addresses are essentially aliases you manage, but something like Simplelogin does have the benefit of hiding your domain name.

Spam is not a big deal on catch-all. A couple of times a year I do get a spam mail to some arbirtary address, but that's more or less it.
- Same experience
  
  Oh , that's cute this spammer thinks there must be an admin@mydomain.com etc
  
  Only other downside I could think if is when my catch all cant be used to send a mail or reply.
  
  So I do use them a lot for suppliers en services, but for registering initially and password reset. But I can't use it to contact support by mail.
  
  Mostly I rely on forms or self service portals when I need it as a customer.
  
  Only other downside I could think if is when my catch all cant be used to send a mail or reply.
  
  On Protonmail, I just create a new address if I need to send email from that address. Afterwards I just delete it, freeing up the address slot.
Part of the reason I prefer having a catch-all on my own domain is that I can change providers without changing any email addresses. For example at the moment I run my own server, but in the future if that becomes too time consuming I can easily start paying for a service.

ETA: also I’ve never gotten any spam to a email I haven’t given out, people don’t really send emails to random names at a domain as far as I can tell
- This depends if you have a website on your domain and it appears on search engines. I do and had to modify Rspamd as bots were spamming addresses like abuse@ and other dictionary words.
  
  I use a subdomain for aliases, while my real address is at the base domain, which I suppose negates this issue.
What i wanna know is why when ive linked my domaie email to outlook, does it send my emails into people's spam box
- Probably related to the low quality of your communications
  
  I send the usual emails, family, images, files etc. Ive even checked with 3rd party email checkers
  
  😅
I use both, actually. My SimpleLogin has about a dozen catch-all destinations, mostly I did this to help organize things. But I never use the catch-all directly, and anything not from simplelogin gets tossed.

You probably only need aliases.

You've viewed 15 comments.