I have run this for years with very little problems. And I can honestly say that have not found anyone writing to addresses I did not give them at their domain. Simple as this is, it is way to niche for companies to figure it out and exploit it. And if that really was a problem I'd just create a new subdomain.

If you are worried about privacy, get a domain just for this. Use domain privacy and dont host other things there.

Yes, some sites whitelist domains or dont allow subdomains. For those I'll use another account - or a firefox alias or something. But 9 out of 10 work fine.

I am not a fan of alias services since materializing names takes discipline. How many do you make? Maybe there is a limit of 50. When do you share them across services? My guess is many people just create 2 or 3 aliases they use for everything - which defeats the purpose. Sure, it masks your personal address, but once one gets compromised, you find it basically served as your personal address anyway.

I also dont really keep track of most of the names I use. Since most are one time things that I would never use again, like to sign a waiver or something. But I mostly stick to '{domain}@' for the names. So my nytimes account would just be nytimes@, which is predictable when I need to recover it. I used to use addy.io for this, but it was not as good since it had account limits and I had to manually manage every alias. Much easier for me to just create a mail filter to sinkhole an old name. Of course I have never really needed to do this anyway.

I've found using a subdomain helps with that, spammers will try everything@domain.tld but won't bother trying to brute force subdomains.

However be warned some surprisingly large websites don't support subdomains, for example eBay will silently send user@sub.domain.tld to user@domain.tld and you'll only figure it out by looking at your server logs for rejected mail.

In those cases I have to specifically alias that username@domain.tld to the subdomain.

With this new Apple privacy subdomain maybe eBay will finally fix this.

> Also, another downside is that you will loose privacy by using your own domain.

Not really no. You can absolutely create a domain using bogus WHOIS information. No one will bat an eyelid.

> The problem is if someone figures it out and starts sending you spam to {random}@domain.tld.

It's a non-issue. I've been using a catch all domain for at least a decade. I get a small amount of spam to random made up emails but not enough to care about plus it all gets caught and filtered.

The mechanism I use is ordered. All specific aliases are tried first and then it falls through to the catch-all forwarding rule.

So, it's a piece of cake to add "{random}@example.com" to the block list. Usually it's something like "msg-bestbuy@example.com".

> The only awkward thing is when I am in person or on the phone and have to explain that my customer email address

I had one small business aggressively threaten me that they fully owned their business name and I wasn't allowed to use it in my email address.

My solution was to keep my wonderful aliases and dump them. If a business is concerned but nice about it I'll offer an alternative such as plumber@

> The other downside is that it's forward-in only, wish I could proxy responses without setting up a whole new inbox (and outbox).

If you have your own domain most mail providers don't care what username@ you use on your sent mail so you shouldn't need any additional mailboxes (especially if they already offer inbound catch all)

I also use the ReplayAsOriginalRecipientUp [1] extension in Thunderbird which takes the recipient address and puts it as the sender for ongoing communication.

[1]: https://addons.thunderbird.net/en-US/thunderbird/addon/reply...

Just happened to me today! I was at the Verizon store and my address was verizon@... Sometimes it leads to confusion, but sometimes it leads to getting extra special treatment actually! They think I'm someone important.

They act as if I discovered fire when I give them a plussed address.

Its not the worst.

I was once on the phone with german insurance provider and they dictateted me email to send documents to: kundenbetreuung@passportcard.de

I dont speak German so it was both tough and funny EuroTrip-like moment.

Yes its really email they use.

You can proxy responses with a ton of e-mail clients, even Gmail supports it once you verify you can get a message sent to that address.

sometimes I'm lazy and I just have it as spam@firstlast.com or noreply@firstlast.com and they get quite puzzled

So I guess I'll take a moment and plug my email provider, Fastmail. Their integration with 1Password to enable creation of Masked Email at account creation time is really fantastic! I have several hundred of these at this point, it's made my digital life appreciably better.

But to the point of forward-in-only -- I use the fastmail web client and iOS client. Both of these respond using the Masked Email address if you choose to respond to an email. In fact I can choose any of my masked email addressed as I am composing mail to initial communication from that address.

In short, "it just works". I really can't say enough good things about Fastmail!

Yeah, I think I only record maybe 10% of them that actually have logins associated. For the others I just search through my email.

This is absolutely not difficult to get right. Run OpenDKIM and OpenDMARC on your server along with your email stack (I use Postfix and Dovecot). Use a tool such as mail-tester.com to verify compliance.

That's nonsense. I have a DeepSeek account, of the form ai+deepseek@mydomain.com.

addy.io and proton pass are both great, affordable options. (Proton pass has a built in hide-my-email feature that supports custom domains)