Comment

Comment on Massive X data leak affects over 200 million users.

<- View Parent

joshchandra@midwest.social ⁨3⁩ ⁨weeks⁩ ago

Wait, so you literally have hundreds of accounts? How do you manage them all?

source

Sort:hotnew top

mbirth@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
My email provider allows for unlimited aliases. So, while I have 600+ email addresses, emails to them all end up in the same mailbox.

The accounts for all the websites and services (with their specific email address) are in a KeePass database and they all have random passwords, too.

The only small issue is when you have to contact support of some service. Then, I have to configure the specific email address in my client so they can match that to my account with them. But most email clients allow multiple sender addresses without having to fiddle with the rest of the settings.

source
- partial_accumen@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  
  My email provider allows for unlimited aliases. So, while I have 600+ email addresses, emails to them all end up in the same mailbox.
  
  I do this too. The unique email address I create for each is identifiable to the place I’m using it. This has other benefits. If an organization you created and account with sells or has a data breech you know exactly which company it was when you start receiving spam or phishing email directed to that address. This is also nice because you can “black hole” that email address and all the spam goes with it even future spam not sent yet.
  
  source
  - mbirth@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
    Exactly! I add a random string to each email address, too, so you can’t just guess other addresses. So, it’s usually something similar to lemmy-r4nd0m@mydomain.me. And, whenever a breach happens, I’ll generate a new random part and set that as my email address and invalidate the old one. Until the next breach. (Looking at you, LinkedIn…)
    
    source
    peereboominc@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
    That is clever!
    
    source
CatZoomies@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
This is what I do as well. I purchased my own custom domain name and run aliases off it using Addy. So as an example, an email for an online account would look like: ‘random9.words@mycustomemail.com’

Then I feed these accounts into a password manager so I don’t have to remember them.

All the aliases forward mail directly to my main inbox. Companies never see what my real address is. If I get spam, I know which company either sold my data or leaked my data. I can then take action by simply turning off that email alias and then spinning up a new one.

The best thing about owning your custom domain is that you’re in control and never have to change your email addresses. If I want to move to a new email provider, I can easily do that. The process, simplified:

Buy a domain name

Sign up for an email account at Tuta, Mailbox, etc.

Set up your custom domain at that provider.

Go to your Domain provider and update your MX records so that it syncs with the email provider.

if you want to switch email providers, get a new one and then update your MX records to point to the new provider.
source
- Gibibit@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Thanks for the guide on how to switch. I’ve been using a mail provider with my own domain for a while now. I’m not unhappy with their service but they only let me make a few inboxes. Good to know switching can be seamless.
  
  source
- brbposting@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
  Awesome. How’s the Addy privacy posture looking?
  
  source
  - CatZoomies@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    I signed up with them ensuring I read their privacy policy. Based on my personal privacy threat model, I’m okay with their policy. This wouldn’t fit a more intensive threat model.
    
    I haven’t read it recently but last I remember they do have the option to temporarily store an email in the event of a failed delivery, until it can eventually get sent to you. This is opt-in I believe, and a toggle you can enable in your account.
    
    In the time I’ve used them I haven’t had any issues with email deliveries. Been happy with the service so far, having left SimpleLogin and Proton for political reasons.
    
    source
- max_dryzen@mander.xyz ⁨3⁩ ⁨weeks⁩ ago
  wouldn’t profilers simply track via the domain tld instead of the whole address…
  
  shopping1 at uniquedomain.com, bank2 at uniquedomain.com, etc
  
  source
  - CatZoomies@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Great questions! Seriously, those made me think for sure.
    
    For question one, I suppose a profiler could do that. If my domain name is myemaildomain.com, they probably could track all emails and sell it collectively. But I don’t think corporations do that at this time. That would be akin to profiling all Hotmail, Gmail, Live, etc emails, appreciating those are massive services. I suppose if nefarious actors were to do that to my domain, I could consider switching domains - I have multiple domain names I own, and it’d be trivial to use the other ones. In the years I’ve been using a custom domain for email, I haven’t encountered any nefarious actors and have significantly eliminated any spam.
    
    For question two, the domain provider I use doesn’t do that in their terms of service. However, if they did look at my MX records and decided they wanted to profile me as a user of Addy, they definitely could do that. Though it would hurt their business as many users would migrate their domains to new registrars - I certainly would move my domains to a new registrar!
    
    source
- Appoxo@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
  How do you reply to those emails in case of needing to contact with said company.
  I’d assume they would deny service if the user (even on the same custom domain) is not equal to the account holder.
  
  source
  - CatZoomies@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    When you get an email from Company A that sends to your alias email, the email goes to your inbox. When you reply to that email, your alias provider forwards it to Company A where the sender is your alias address.
    
    In short, you simply reply and your alias service takes care of it for you so that the recipient only sees your alias email and not your true email.
    
    source
  - null_dot@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
    I don’t use an “alias provider”.
    
    I just don’t use aliases for companies I need to send emails to. There are very few.
    
    source
NikoWantToGoBowling@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
Password manager plus an emailing alias service. Protonpass integrates with SimpleLogin but there’s also ones like Firefox relay and anomaly (all open source)

source
- joshchandra@midwest.social ⁨3⁩ ⁨weeks⁩ ago
  Thanks, though do you have a link for Anomaly? I can’t seem to pull up anything.
  
  source
  - NikoWantToGoBowling@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
    Anon addy sorry lol
    
    source
suicidaleggroll@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
Yes, and Bitwarden+SimpleLogin. Bitwarden to keep track of login info including the alias that is used for that site. SimpleLogin is where the aliasing is actually handled, they have a decent UI for enabling/disabling or generating reverse aliases (for outgoing emails) when needed.

It does take a little more effort to manage it, but it’s worth the payoff. I’ve been using this setup for about 9 months now and I finally got my first spam email a week ago. I looked at the address it was sent to, it was a site I ordered something from about 6 months ago. I sent them a message letting them know that either someone at their company is selling customer info to scammers or their database has been leaked, then I shut off the alias.

source
- brbposting@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
  
  I sent them a message letting them know that either someone at their company is selling customer info to scammers or their database has been leaked, then I shut off the alias.
  
  🫡
  
  source
ploot@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
My email provider will auto-generate aliases with no limit, and I also subscribe to Mozilla Firefox Relay, which allows me to invent email addresses on the fly and have them relay emails to my inbox. The advantage of the Firefox Relay is that it isn’t tied to the email provider so if I switch provider the aliases can still work.

source
- joshchandra@midwest.social ⁨3⁩ ⁨weeks⁩ ago
  Hmm, 5 for free, I see; thanks for sharing. Is your provider Proton Mail?
  
  source
  - ploot@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
    No, I’m on Fastmail. It’s full-featured and has a slick web UI, but it’s not as good for privacy as Tuta, Proton, etc. Also, although Fastmail is Australian they apparently host their servers in the USA.
    
    source
zugzwang@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
I use addy.io

source
- joshchandra@midwest.social ⁨3⁩ ⁨weeks⁩ ago
  Wow, infinite aliases?! This is way better than Fx Relay, thanks!
  
  source
Ideonek@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
Proton Pass has a feature exactly for that. You can create unlimited number of aliases, and kill ones that bacame compromised.

source