this post was submitted on 25 Aug 2023
14 points (100.0% liked)

Proton

5266 readers
6 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

So i've set up a custom domain to use with protonmail and was curious if anyone else uses the catch all in this manner.

I was thinking that when a new account is created on $website I would use a custom email address that would then be caught by the 'catch-all'. So say the domain is catata.fish, and the website is target.com, then when signing up I would use [email protected]. Previously when using gmail I would use [email protected].

Does anyone see any issues doing it this way? Thanks!

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

This is exactly how I use it. Basically, if you receive spam on [email protected] you know exactly who sold/"lost" your address.

One downside is that you cannot send from this address, but you usually don't need that anyway. And in the rare case that you do, you can just create an actual alias.

[–] [email protected] 2 points 1 year ago (1 children)

Ah that is a good thing to keep in mind. Proton allows 15 email addresses on the account I have so I could always create one and delete it later.

[–] [email protected] 1 points 1 year ago

SimpleLogin too. Create aliases even more.... aliased (aliaser?) .

I use them for extra control with some things. Example: I may have 5 main proton aliases each for a different thing like shopping or banking etc. Then sign up for Zillow House hunting emails with a SimpleLogin alias which forwards to one of the proton emails. When I'm done house hunting, I turn it off and they never had my regular one to lose in a hack or restart marketing and sell.

Too much work for me personally, to use one for every site but it's great for any heavily email traffic like political donation emails or a site with heavy notification emails.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Assuming ProtonMail supports catch-all (I don't use Proton), this is fine and a typical use of the catch-all. You may get weird looks when you give a business their name back as your email, and if anyone figures out that you have a catch-all they might just spam you regardless, at any email address they want, e.g. "[email protected]". I would add a string of numbers/letters at the end, like "[email protected]" so you can be sure when someone sells your email.

All said, it's a little bit weak to any determined adversary. Any human who figures out your plan can easily start playing around with it - Target may sell your email as "[email protected]" and you'll never know who sold it.

Edit: Also, you're trivial to track across different accounts if anyone figures out that you own the email domain.

[–] [email protected] 1 points 1 year ago

Makes sense. I’m not too worried about privacy in that regard considering bad actors are going to do what they do. This was more for the automated systems, plus I don’t see how it would be any less privacy focused than just a standard email + aliases.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Don't use + as delimiter. It is an email standard for alias and will send the email to the none alias version inbox. Better to use a different delimiter, like minus, -, instead. Not sure how easy it is to do with Proton.

I keep a whitelist of email addresses allowed, the rest is therefore blocked. This means I can't send to [email protected] and get to the inbox.

[–] [email protected] 1 points 1 year ago (1 children)

huh, I never knew you could use delimiters other than +. That is a good thing to know.

I think I'll just stick with using aliases with a delimiter.

[–] [email protected] 1 points 1 year ago

You can't. It is not an official alias. That is the point. So they will be seen as separate accounts. But I forward everything to he same account. Have to configure it for every email address. This way I keep a whitelist.