Reducing email spam with a domain and catch-all aliases

I've recently moved away from a regular Gmail account in favor of receiving email on my very own rockbruno.com domain. I did that not just because I thought it would be cool and because it gives me more control over my internet footprint, but also because if you configure things just right, you can make it effectively impossible for spammers to spam you, even in the case of a data leak.

The trick here is that when you have your own domain, most email server providers will have an option to define email aliases, allowing you to "hide" your real address behind a fake one. Although in some providers this is a limited and manual process, in others such as Google Workplace (the one I use), you can define wildcard or even regex-based aliases:

While this was created primarily to allow companies to catch typos in their inbound mail, you can use it to massively increase your privacy. The idea here is that by having "infinite" email aliases, instead of registering on websites with your real address (like me@bla.com), you can instead give each address its own "dedicated" alias, like:

• x@bla.com, for X
• linkedin@bla.com, for LinkedIn
• instagram@bla.com, for Instagram

That way, when one of these websites inevitably sells or leaks your data, you will know exactly who it was based on which of the aliases you're getting spammed from. You can then follow up by either heavily restricting who can reach that alias or simply nuking it entirely in favor of a new one.

In other words this is basically what features like the "private email" in Sign in with Apple and other services do under the hood, but completely under your control :)

Isn't this the same thing as +?

You might know that aliases also technically exist with "normal" emails by appending data with +, like me+alias@gmail.com. Isn't it the same thing?

No. The problem with + aliases is that some websites intentionally strip the alias portion of the address if you try to use one. I have also encountered cases where some websites would not accept these at all, forcing you to expose your real address. In other words, you can sort of do the above trick with a "normal" email address, but your mileage may vary.