> you can still attempt to reach me at totallynotyourservice@mydomain.com
not if the catch-all address is actually /dev/null and the totallynotyourservice@ has to be mined from somewhere because it's random.
Overall, I think it depends on the obfuscation strategy. It's true that having a unique @mydomain.com part is a big giveaway and someone could theoretically track one's activity by searching for all e-mail addresses coming from the domain.
My use-case is more to use unique e-mail addresses to throw off credential stuffing attacks, not become untrackable/avoid all spam. For the tracking use-case I generally think several times if I want to register somewhere at all and try the usual routes first (mailinator, random old addresses on public e-mail).
> you can still attempt to reach me at totallynotyourservice@mydomain.com not if the catch-all address is actually /dev/null and the totallynotyourservice@ has to be mined from somewhere because it's random.
Overall, I think it depends on the obfuscation strategy. It's true that having a unique @mydomain.com part is a big giveaway and someone could theoretically track one's activity by searching for all e-mail addresses coming from the domain.
My use-case is more to use unique e-mail addresses to throw off credential stuffing attacks, not become untrackable/avoid all spam. For the tracking use-case I generally think several times if I want to register somewhere at all and try the usual routes first (mailinator, random old addresses on public e-mail).