(no title)
alexfoo | 1 month ago
I use a unique string per company but it's not guessable in advance, but it's obvious when looking at it and squinting a bit, for example (and these are not the exact ones I use): sundclod@<domain> or ebuy@<domain> or amzoon@<domain>
Sure I have to remember them but it's easy for me to check and my password manager is filling them in for me 99.99% of the time.
I can filter on those emails instead, and I also know that anything coming to soundcloud@<domain> or ebay@<domain> or amazon@<domain> is definitely spam as I've never used those addresses myself.
If sundclod@<domain> appears in a leak I can (hopefully) change my account email at Soundcloud to sondclud@<domain> and then confine sundclod@<domain> to /dev/null
fencepost|1 month ago
As for Soundcloud, the password I had saved for it and a tiny bit of profile information tells me a lot - a manually created password saved into a password manager, probably in 2010 or 2011 and unused after grabbing a single track.
Addresses for services I actually care about also get what's basically peppering, and have all had updates much more recently than the days of Blackberry devices.
extraduder_ire|1 month ago
I can't imagine anyone spamming in such low quantities that they'll notice a pattern like company@<domain> and act on it.
I have regularly gotten spam emails without a to, cc, or bcc field though. So I can't tell which email they were sent to. (my host doesn't bounce/drop them for some reason)
I do regularly do misspellings of the company name though, since that often trips the "invalid email" check on signup. e.g. twitter.
direwolf20|1 month ago