1 comment

[ 3.1 ms ] story [ 12.0 ms ] thread
> a website can silently drop the part after the plus sign and use your real email address instead.

I wonder if there are any documented cases of this? I suspect it would be hard to detect, other than in combination with a catch-all domain.

I've been doing the catch-all for almost 20 years now. My suggestion if you go this path: use a subdomain.

At least when I first enabled it, catch-all on a top-level domain gets a massive amount of dictionary-style spam with common names (admin@ john@ jane@ postmaster@ etc), and that was with a fresh domain where I was the first registrant ever. This doesn't happen with a subdomain.