Hacker Neue

Preferences
stevekemp parent
Like many people I have a "main" email address, and I use per-company addresses for almost everything else. Now that the domain-searches require subscriptions this site has become much less useful.

I just added my domain to the site again and I see "2,243 Total Breached Addresses", and "18 Addresses excluding Spam Lists", but I have no idea what they are. Attempting to click the links shows me I need to "upgrade" to see them, and the download of excel and JSON result in 404 errors.

Too bad, I guess if you have only a single email address it might be good to get informed, but if you use a domain with multiple addresses it's way less useful.

flurdy
I have quite a few personal catch-all domain names, and two of the main ones are used for the per website alias as you do, so over a decade and longer later, I would never be able to manually enter each address. Or remember them.

And yes, the subscribe restrictions for domain searches are annoying.

But Troy and family also need to eat, so I understand the need for a payment part, especially for companies.

We just ended up in the grey zone in between. I wish there were some more nuances, but then again, HIBP can't cater for every edge case unless they want to hire lots of devs and customer services.

I ended up signing up for a subscription, checked my domains, and then cancelled the subscription. It felt a little cumbersome, but ok. A non-recurring 2-day access would have worked for me...

eythian
Yeah, I also sit in this grey area. I think the maximum is 10 per domain or so, and last I checked, I'd had 11 or 12 leaked, so I can no longer see them. It's unfortunate though I don't know an easy solution that allows both people with per-site addresses to get free access, and also companies to be required to pay.
diggan
I have a similar setup, and also use lots of addresses at one domain. But I'm not subscribed (as far as I know) and I can do a wildcard search at my domain without issues, and also see exactly what emails been leaked. I don't see what leaks they're part of, but that feels less relevant, I already know where it got leaked as each email is for one product/project/company.
hk1337
I used to just add the +something in my email but now I try and remain diligent to create a masked email. When I first started, I foolishly did it with my domain name but have since moved to creating it with @fastmail.com.
einsteinx2
Why do you feel it’s foolish that you used your own domain name?
BrandoElFollito
I think OP means that they used aaa+facebook@smthg.com, so aaa@smthg.com is now revealed to be their main address.

As opposed of having facebook@smthg.com only

hk1337
I did it like the first one first then moved to the second, where @smthg.com is my domain, but it also has my name in it so it seemed counterintuitive to link my name to it.
BrandoElFollito
ah ok, thanks for the clarification this is a common problem with domains with actual names
hk1337
Because it has my name in the domain. Since I was doing it for to help with privacy too, it seemed counterintuitive.
tiffanyh
Is your per-company addresses a derivation of your main email address?

If so, this is called “email tumbling” and services exist to strip the “per-company” part to expose your main email.

xoa
I can't speak for OP but I too use per-company or per-service emails, and no they have zero connection to my main email (not even the domain actually, domains are cheap so I have multiple ones for different purposes). Since I started doing so a very long time ago I did choose a standard scheme for it (making use of the company's domain), so it would certainly be possible to recognize it's a per-company domain given human attention or (more likely) AI. Ideally the email specifically would not be something I'd see but just a pointer that would be randomly/plausibly auto-generated, and then my email server (or client) could transparently disambiguate it via a db on my side to what the service was. Then it'd be undetectable. Unfortunately while it's clear enough how all the pieces of that could come together I don't know of any existing solution and haven't had time to try to hack on it myself. So far it hasn't given me any problems however.
stevekemp OP
There was a while where I had a complex lookup system Apple got "strawberry.cake@example.com", and posting to mailing lists were sent from "steve@12.2025.example.com" - which would lose MX records after a month.

But in the end I settled on facebook@example.com, instagram@example.com, and similar obvious names.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal