I migrated from Gmail to Fastmail 2 years ago, and I agree with this. With Fastmail, I now have the wildcard address for a domain ([a-z0-9]{7}@example.com), whereby I create a new randomly generated email address for each company/site/contact. I set up rules to direct emails sent from expected addresses (sometimes by base domain regex rather than a single address) to whitelist emails to show up in my main Inbox folder. eg. My HackerNews email might be qvae82d@example.com, whitelisted to accept emails from *@ycombinator.com to my main Inbox.

The thing is you don't want to completely blackhole/delete messages received at a valid randomly-generated address, but which were sent by an unexpected sender. For that, I have a separate "Suspicious" child of my main "Inbox". The main exception I've seen that falls under "Suspicious" is that Amazon shares your account's email address with their shippers; so you'll receive a Fedex delivery notification at your Amazon address, which falls under "Suspicious" because the sender address doesn't originate from Amazon.

What I find mildly strange is that, in the 2 years since I've migrated from Gmail to a super-organized and rules-based organization with Fastmail, I have literally not received a single spam email. I credit this to having migrated my GitHub account to use their privacy wrapper, so none of my commits have a personal email attached to them. I thus suspect that most developers who receive spam have had their email crawled from commits to public Git repositories.

Of course, there is a caveat: I do not expect to be able to maintain this kind of scheme into old age. There's no way, at 60-70-80-90 years of age, that I will still be mentally capable of managing a wildcard domain. So while it works for now... at some point I will need to simplify back to a single email address. Sigh... fml in advance. :(

> There's no way, at 60-70-80-90 years of age, that I will still be mentally capable of managing a wildcard domain.

Do you think this will get technically harder and you'll no longer be familiar with the "new" process? Or are you more worried about your mental capabilities in general when you're that age?

Most of us will wind up with some form of mental or physical degradation… that may mean Alzheimer's, or Parkinson's, or psychiatric conditions, or horrific cancer (eg. prostate, breast, uterine, COPD/emphysema, etc.) that weakens us for months or years at end-of-life. The fact is, there are so many things that can go wrong regarding health in one's mid-to-late years, that expecting to manage a complex identity/password system is unrealistic.

That’s interesting - I haven’t seen GitHub’s privacy wrapper in their docs, do you have a link?

I’ve gotten some spam, but so far it’s only come in to aliases I haven’t made (like info@) which I think I can block in the fastmail settings.

I did this a while ago for myself; it looks like the setting can be found here[1], labelled as a checkbox "Keep my email addresses private". Note that (I think, not sure if it gets overridden if you check the box), you also need to set your "user.email" git config to use the noreply email they provide. Personally, I'd never committed to an external 3rd-party repository, and I crushed/re-imported (erasing history) my own repositories using the new noreply email. This is because I know no external users were depending on my old repositories. I suspect that if you've already pushed commits to a 3rd-party repo, it's too late (the email address is part of the commit and cannot be revoked without a history-changing rebase). In my case, I deleted my repos and re-imported, history be damned.

[1] https://help.github.com/en/github/setting-up-and-managing-yo...

Ah thanks - yeah I've already pushed with my new aliased email for git (I recently switched to Fastmail and set up a less extreme alias configuration :) ).

you can set things up much, much easier, fastmail calls it subdomain aliasing or something like that.

Basically, it allows you to create email aliases without having to whitelist.

Setup yourname@yourdomain.com and reject everything else arriving there.

Accept anything at @i.yourdomain.com

I have an inbox, everything yourname@yourdomain.com arrives there.

Then I have an "other" mailbox where all the @i.yourdomain.com emails arrive.

If there is a really annoying website that doesn't respect my wishes I create a filter for the offending email to ban any mail to my spam folder.

Could this be automated, e.g. by a browser extension or a small app setting up an alias and an ding a site-specific rule to your FM account? I am thinking about a one-click sort of thing, a DYI alternative to Sign In with Apple.

Ideally generating a disposable email address should happen at the same time you generate a unique password in your 1Password/LastPass/etc.

Correct, I was trying to assess if I should prototype a solution myself, hence the browser extension path.