The problem with catch-all inbox is when you have to reply to an email. Then you have to create the email address to be able to send emails from it. Or are there other solutions?
There's no solution to a non-problem. Precisely 3 of the hundreds of the generated email addresses I've given out over the past ~12 years have needed replies. When this happens, I simply reply from an address that actually does exist, while CCing the original generated address and setting it as the reply-to address.
If I ever have to give a generated address out to an actual person, then I'll let them know replies will come from a different address. So far I'd guess 99.999% of the emails I received are transactional emails and/or sent from noreply@...
Far more annoying are a few websites I use that only support magic links for login--my password manager doesn't auto fill them, and some of them I now have a number of accounts at due to inconsistent spelling/formatting.
True, I simplify it a bit based on the capacity of my mail provider. I have like 4 or 5 generic addresses that I give out and use for sending. Sometimes I mix up when sending, but my mail provider (zoho) is pretty decent at keeping track of the addresses anyways.
In a way if I reply, the other party gets upgraded to one of my 5 addresses, so if they send an email to ContosoCoffeeShop@myname.com I might reply from whatever flavour I'm using nowadays or is more appropriate like hello@myname.com
It's like a 3 layer security system, the least privileged get access to one very specific address, if they send me an email which makes sense and I reply, they get upgraded to a bucket. I might sign up directly with a bucket email and skip the most paranoid layer, that's fine.
In general I try to take more care of the newest alias and become more liberal with my older more ruined addresses, alias1@ has like 8 years of signups, while alias5@ has just 1 if any. And I'm sure the list will grow.
Downside is that if there's a leak it's harder to attribute exactly, but at least I can check the recipient to get some kind of hint.
It's more like art than it is a water-tight security protocol. You paint the world with your wacky addresses and occasionally surprise the observant employee with the inverted expectations (usually the name comes before the at)
I have those things? Did you miss the part where I have multiple vanity URLs and hundreds of email addresses? Of course I have a paid mail provider and catch all. The problem is the cost of haveibeenpwned is too much for me as an individual.
I meant that you are already paying for those, so being charged by providers to support our hacky email addresses is not a novelty introduced by Troy's service
So cost was always part of this strategy