A lot of email services that provide the aliasing feature have seamless integration with password managers, so when you sign up you generate a unique email and password on the fly, and it get saved in the manager.
isn’t this easy for a potential attacker to mitigate, i.e. dropping from the address everything after the plus? it’s a known trick for gmail so i would not be surprised if an attacker knew how to get to the “real” address by cleaning it up.
Yes, even some attackers I noticed they excluded all custom domains from their dumps to avoid alerting individuals before they sell it. It’s why it’s better to have a fully unique email, preferably masked one (not custom domains) as some email services provider do, so you get the isolation feature but also blending in without going noticed by attackers.
A lot of email services that provide the aliasing feature have seamless integration with password managers, so when you sign up you generate a unique email and password on the fly, and it get saved in the manager.
Outlook supports having multiple arbitrary email addresses as well as allowing login from only one of them.
It's only 1 email account but with either catch-all or aliases configured.
Just adding plus signs and the vendor name in the address would do it.
isn’t this easy for a potential attacker to mitigate, i.e. dropping from the address everything after the plus? it’s a known trick for gmail so i would not be surprised if an attacker knew how to get to the “real” address by cleaning it up.
Yes, even some attackers I noticed they excluded all custom domains from their dumps to avoid alerting individuals before they sell it. It’s why it’s better to have a fully unique email, preferably masked one (not custom domains) as some email services provider do, so you get the isolation feature but also blending in without going noticed by attackers.