Using a catch-all domain is a mistake

Using a catch-all domain is a mistake.
After about a decade of dealing with this madness, surely it’s been worthwhile? No, not really.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Corresponding tweet for this thread:

Share link for this tweet.

Something you can do is instead of using the company-name@ use some-hsyh2-code@, and then just keep a txt file of those codes so you know who they belong to. It makes it less obvious they are being sold as no doubt spammers will remove emails that contain the company name they are breached from…

Yeah no, phone number should not be any form of ID, it is not static, especially for the vast majority of people, and companies constantly using it are just utter and completely broken.

Gotta say, my experience has been vastly different from this author’s. I have several domains, each with a catchall address, plus I use annual throwaways and specific ones for frequent (or suspect) correspondents. It has enabled me to block spam to leaked addresses, know who to smack upside the head for leaking them, and change the address I use with just that one idiot at a time, without having to change the address I use with everybody. I think the author might just not be using the concept very well.

I’d agree Dave - I think they can be super useful, especially if you use a domain that is purely for email as well (so can’t easily be guessed or found on the web).