I do pay for SimpleLogin and will continue to do so. The only place my actual proton email address is exposed is on SimpleLogin. Every site I use on the internet has its own alias. That’s 350+ sites currently.
The only downside to a catchall, as I see it, is someone could just start creating any random email address knowing it will find your legitimate mailbox. Also sending as any of the aliases can be a pain.
Compared to simplelogin (or proton pass aliases, addy, firefox relay, etc), one other downside of a catchall is in associations across accounts. Registering with a @passmail.net address implies that I use Proton; registering with random-string@mydomain.org implies I have access to that domain. If 10 data breach leaks have exactly one account matching the latter pattern then that’s a strong sign the domain isn’t shared. If one breached site has my mailing address, my real identity can be tied to all the others.
Yeah, I have to agree that the ‘send as’ can be a pain, would be nice if it sent as the recipient email by default. As far as people spamming looking for a legit address, I’ve fortunately not run into that, but I could see how that could happen.
Yeah. I mean, even if you did get targeted by someone they really don’t want to waste their time on someone who is more privacy/security conscious. Thieves want easy targets.
I do pay for SimpleLogin and will continue to do so. The only place my actual proton email address is exposed is on SimpleLogin. Every site I use on the internet has its own alias. That’s 350+ sites currently.
The only downside to a catchall, as I see it, is someone could just start creating any random email address knowing it will find your legitimate mailbox. Also sending as any of the aliases can be a pain.
Compared to simplelogin (or proton pass aliases, addy, firefox relay, etc), one other downside of a catchall is in associations across accounts. Registering with a
@passmail.netaddress implies that I use Proton; registering withrandom-string@mydomain.orgimplies I have access to that domain. If 10 data breach leaks have exactly one account matching the latter pattern then that’s a strong sign the domain isn’t shared. If one breached site has my mailing address, my real identity can be tied to all the others.Yeah, I have to agree that the ‘send as’ can be a pain, would be nice if it sent as the recipient email by default. As far as people spamming looking for a legit address, I’ve fortunately not run into that, but I could see how that could happen.
Yeah. I mean, even if you did get targeted by someone they really don’t want to waste their time on someone who is more privacy/security conscious. Thieves want easy targets.