Best Practice with Unique/Disposable Email Addresses

MONKi1P

I'm curious what you all think about using unique/disposable email addresses with online accounts? I'm trying to understand all the benefits and drawbacks and if it is worth it for me to implement using such a service. Do you use any and if so which service and how do you use it?

One that has been recommended to me is SimpleLogin https://simplelogin.io I haven't tried it yet but has anyone had experience with it?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Ben

Hi @MONKi1P

Personally I don't like relying on email addresses I don't have some level of control over. I'd rather pay ~$10 / year and own the domain name I use for email so that if I decide to change email providers I can do that without changing all of my email addresses. At the moment I'm using G Suite (which has an additional cost associated with it). I'd rather pay for a service than be the product. 🤷

When I want to sign up for a service I create a unique alias / "group" that delivers mail to my main inbox. If I start getting spam through any given alias I can just delete it, and only the service associated with it will be affected. That was the intention anyway. I don't recall ever actually following through on deleting an alias due to spam. :P I really haven't had much that isn't caught by G Suite / Gmail filters.

Ben

MONKi1P

Thanks for sharing @Ben I'm using Google Workspace (formerly GSuite) as well. Haven't used it to setup groups for aliases yet. They'd still all be linked to the same domain, unless I add another domain to my account. I totally get the lack of control over addresses that is a concern and at the same time if I use the same domain it is easy to link it back to the same user.

I guess I am wondering what would help to lessen my interconnected digital footprint. The automated way is easy to dupe with simple adding my email+spam@mydomain.com but again that still links my entire digital footprint together.

XIII

I do something similar using Fastmail.

I don't recall ever actually following through on deleting an alias due to spam

This month I had the first occurrence ever where I received spam on such an address. In fact I had used that address exactly once!

(to donate money to a charity fund raising website; unhappy now that they either have been hacked or sold my email address)

[Deleted User]

I have two inboxes: one with my domain name and one with a mail providers domain. Where I use my real name and want to be identified, I use an address at my domain. Where I wish to remain anonymous or avoid revealing my domain (for example, in groups) I use an address at the providers domain. I don't create specific addresses for each site, but I have ~10 aliases at my own domain and ~5 at the providers domain. So that I can have separate addresses for banking, shopping, phone companies, domain host, cloud storage, password management, social media, spammy sites, etc. However, I did create a custom address of the type random_chars@mydomain.com for a banking website linked to my employment which only requires a 6 digit PIN!

ag_ana

@MONKi1P:

I guess I am wondering what would help to lessen my interconnected digital footprint. The automated way is easy to dupe with simple adding my email+spam@mydomain.com but again that still links my entire digital footprint together.

It sounds like using two domains would help if you are concerned about not linking everything together.

MONKi1P

I’m not sure how concerned I should be. Right now i am just wondering what could make sense to disperse my digital footprint and what ways would be most effective.

[Deleted User]

Something you don't hear about often is the idea of using different usernames on different websites. When I first became interested in internet security/privacy, I was shocked by how much you could find out about me by searching for my usual username. A password manager not only allows you to store unique passwords, it also allows you to store unique usernames. So I would suggest using a different one on every site that allows it. Where the username is public this helps protect your privacy. Where the username is not public it helps protect you security.

XIII

@missingbits Is your username unique for this forum? And related to Agilebits? (your avatar really matches your username; nice!)

[Deleted User]

@XIII yes its unique to this forum and a play on Agilebits. I always google a username before using it and the avatar image came up in the search. How did you choose your username? Did the image come first?

XIII

The name and the image came at the same time...

[Deleted User]

I was a bit confused until I tried googling your username: "You play as “XIII”, a man without an identity"

XIII

:+1:

MONKi1P

Different usernames on each site, as @missingbits suggested, is an easy one to implement as long as they have usernames implemented. The email one is trickier and I'm not sure if it is worth it to jump through the hoops for. Compromised websites or sites that end up selling your data would allow 3rd parties to connected different accounts linked with the same email address or personal domain.

Another way to check if someone has an account somewhere is to initiate a password reset and most sites will tell you if no account has been found or that an email has been sent to that email.

Yeah nuts about the bank 6 digit pin @missingbits and sadly I've come across that as well. Luckily I did not depend on that bank account and closed it a while back.