I have been using a catchall mailbox with hostname type names for over a decade now¹
So, com.example.shop@example.org for https://shop.example.com account(s). I've recently switched to a randomized username part, as bitwarden supports this well.
This has saved me numerous times from scams². Because scammers would email me on the wrong address. Either they'd mail me on an adress listed on my website, when the actual company would've mailed on the unique address I gave them (more targeted phishing). Or they'll mail me on an address that I know to be leaked (these are redirected to spam in filters).
I am convinced there's an actual solution to a lot of scamming here, if the UX and UI are carefully designed. To be used by "muggles", not just the crowd that knows things like filters and catch-alls and plus-appended etc. It's a pity Google, Microsoft or even proton aren't actively promoting such a "unique mail for every service". But I guess there's little in it for them.
¹ used to self host, but now that's near impossible with the monopolies on mailserves at big tech and moved to mailbox.org. big shoutout!
² aside from the other great benefit. I'm often one of the first to know some service or site was compromised by receiving scam, spam etc. A few times I was even the one to report a breach to such an org via this.
Apple has that with their Hide My Email service (included in the iCloud+ subscription at $0.99/month). It nudges you to create a new alias on every form that contains an email field.
The good part is the that aliases are inconspicuous @icloud.com email addresses that don't follow a specific pattern and are thus:
1) Accepted everywhere (contrary to custom domains — which I also have).
2) Are pretty much impossible to detect ahead of time.
————
For illustrative purposes I just clicked several times on the generate new Hide My Email button and it returned those:
These are burner addresses, the vast majority of which I don't care about. If I ever wanted to move away, iCloud conveniently can show me each address, when I created it, and for what site. I could then change my address on the few sites I wanted to retain the account on.
I actually have a domain I setup with Fastmail just for burner addresses, but Apple offers enough additional functionality (easier to use, tracks the site I created it for and when) that I keep using Apple's offering.
So, com.example.shop@example.org for https://shop.example.com account(s). I've recently switched to a randomized username part, as bitwarden supports this well.
This has saved me numerous times from scams². Because scammers would email me on the wrong address. Either they'd mail me on an adress listed on my website, when the actual company would've mailed on the unique address I gave them (more targeted phishing). Or they'll mail me on an address that I know to be leaked (these are redirected to spam in filters).
I am convinced there's an actual solution to a lot of scamming here, if the UX and UI are carefully designed. To be used by "muggles", not just the crowd that knows things like filters and catch-alls and plus-appended etc. It's a pity Google, Microsoft or even proton aren't actively promoting such a "unique mail for every service". But I guess there's little in it for them.
¹ used to self host, but now that's near impossible with the monopolies on mailserves at big tech and moved to mailbox.org. big shoutout!
² aside from the other great benefit. I'm often one of the first to know some service or site was compromised by receiving scam, spam etc. A few times I was even the one to report a breach to such an org via this.