I do pay for SimpleLogin and will continue to do so. The only place my actual proton email address is exposed is on SimpleLogin. Every site I use on the internet has its own alias. That’s 350+ sites currently.
The only downside to a catchall, as I see it, is someone could just start creating any random email address knowing it will find your legitimate mailbox. Also sending as any of the aliases can be a pain.
Yeah. I mean, even if you did get targeted by someone they really don’t want to waste their time on someone who is more privacy/security conscious. Thieves want easy targets.
Compared to simplelogin (or proton pass aliases, addy, firefox relay, etc), one other downside of a catchall is in associations across accounts. Registering with a @passmail.net address implies that I use Proton; registering with [email protected] implies I have access to that domain. If 10 data breach leaks have exactly one account matching the latter pattern then that’s a strong sign the domain isn’t shared. If one breached site has my mailing address, my real identity can be tied to all the others.
deleted by creator
I do pay for SimpleLogin and will continue to do so. The only place my actual proton email address is exposed is on SimpleLogin. Every site I use on the internet has its own alias. That’s 350+ sites currently.
The only downside to a catchall, as I see it, is someone could just start creating any random email address knowing it will find your legitimate mailbox. Also sending as any of the aliases can be a pain.
deleted by creator
Yeah. I mean, even if you did get targeted by someone they really don’t want to waste their time on someone who is more privacy/security conscious. Thieves want easy targets.
Compared to simplelogin (or proton pass aliases, addy, firefox relay, etc), one other downside of a catchall is in associations across accounts. Registering with a
@passmail.netaddress implies that I use Proton; registering with[email protected]implies I have access to that domain. If 10 data breach leaks have exactly one account matching the latter pattern then that’s a strong sign the domain isn’t shared. If one breached site has my mailing address, my real identity can be tied to all the others.