Poll: Do you create seperate email addresses (or aliases) for each website?

4 points by georgerobinson ↗ HN
Happy Sunday!

I read a comment on here a week or two ago wherein the commentor (I think ptacek) wrote that many infosec researchers (and other tech savvy or privacy sensitive people) tend to create seperate email addresses (or aliases) for each website they sign up to.

For example, if my email address were george.robinson.87@gmail.com I might create an address george.robinson.87.hn@gmail.com: the advantage being twofold:

1. I can see whether Hacker News (or any other website) share my email address with third parties, such as advertisers

2. I can keep my original email address free from spam and newsletters

So I want to find out just how popular this is amongst HN readers! Do you always do this, sometimes, or never?

N.B: that email address above is fake (if it does exist, it doesn't belong to me).

5 comments

[ 0.27 ms ] story [ 24.4 ms ] thread
(comment deleted)
well, the example using gmail isn't practical, but instead if you own your own domain and setup a catchall, then it becomes very easy (since you only need to check one email to access all potential email)
Gmail does support the "+" separator, although (as I pointed out in another comment) many sites either a) don't allow "+" as a valid character in e-mail addresses or b) simply strip off the "+foo" portion.

For example, if your e-mail address is "me@gmail.com", you can send mail to "me+foo@gmail.com" and it will be delivered to you. This makes filtering mail from specific sites pretty easy if there isn't already an easy way to do so for that site.

I create a new, unique e-mail address -- alias, technically -- for 99% of all sites where I register/sign up that require one.

To be more specific, I have my primary "me@example.com" e-mail account that I use. When I register/sign up at www.company.com, I create an alias of the form "zzz-company@example.com" which goes to "me@example.com". I do this primarily for exactly the two reasons you mentioned above.

FWIW, I run my own mail server and all e-mail accounts and aliases are stored in SQL. A small script that I wrote makes creating a new alias entry in the database quick and easy, e.g.:

  $ newalias zzz-hn
Also, that's a literal "zzz-" prefix. I do this to avoid any "coincidences" where a spammer tries to send mail to a random address that actually exists as one of my aliases. That is, a spammer may try to send to "hn@example.com" which very well could exist. A spammer would be much less likely (it seems, anyways) to try to send to "zzz-hn@".

I was on vacation out-of-state last week and we ordered a pizza from Papa John's one evening. I didn't have my laptop handy (only my iPad and iPhone) so instead I used the "checkout as a guest" option and employed the "+" separator trick (i.e., I used "me+papajohns@" as my e-mail address). I try to avoid this whenever possible and create an actual alias as some sites a) don't allow "+" as a valid character or b) are aware of this "trick" and simply strip off the suffix, thus ending up with my real e-mail address. (For the curious, the confirmation e-mail was sent via ExactTarget and they didn't strip off "+papajohns".)

I just started doing this several months ago but it helped me discover that either the dealership I bought my newest car from or Reynolds and Reynolds (who provide an application the dealership uses) shared my e-mail address with Edmunds.com, who later started spamming me. Because I do this, however, that situation was easy to take care of (delete alias and blacklist the sending mail servers).