If you use email service from your web hosting provider, and your provider offers the option to create a “catch-all” email address, then whenever you are asked to enter an email address by a business, you can create a new address on the fly that contains the name of the business, so that if you start getting spam at that address, you can not only know, but prove, who sold or leaked your personal information.
In our example, Ralph Jones’ regular email address is ralph@notarealdomain.com, but he shares this address only with trusted folks. If a company wants his address to create an account on their website, he would make up a new address on the spot. For instance, if signing up with Acme Electronics, he might put in the address z–acme-elec@notarealdomain.com. The initial “z–” will let the email past the guardian he’s set up. If he later gets spam to this address, the “acme-elec” will let him know who the spammers got the address from. This “z–” rule is arbitrary — you can use whatever signal you like to distinguish random spam attempts from email addresses you provided.
(Just know that email addresses can only contain letters, digits, dash, and period.)
At the moment, Hostinger (not an affiliate link) is the only web hosting provider I know of that provides the ability to establish a catch-all address. It’s not unreasonable to prevent customers from doing this, because spammers will often try random addresses in a domain, so the catch-all address will receive a lot of spam. However, I’ll show how to automatically discard all this spam so it doesn’t clog up your mail files.
Note: Google Workspace (formerly called G Suite) offers this capability, but they’re not free. If you already are using them, what I’m saying here applies to you also.
The first step is to establish the catch-all address — in our example, specify that all email sent to any wrong address in the notarealdomain.com domain will be routed to ralph@notarealdomain.com.
Next, define a rule that executes on the mail server, automatically deleting all mail where the “to” address doesn’t match a specific syntax. Do this using the hosting provider’s webmail interface (i.e. while reading your email in a web browser on their website).
Note: depending what you use for an email client — Thunderbird, eM, Outlook, and Apple’s Mail app are a few — you may be able to define the rule in the mail client instead, but it’s better to throw this trash out on the server so it never even reaches your device.
The details of the web-based mail rules screens will vary, and if you don’t see how to do it right away you may need to contact your email provider’s support. What you want to do, in general terms, is create a filter (some would call it a rule) to process incoming email.
Here’s an example of such a rule as it might appear in the settings of your webmail:
This example screen is from Hostinger — your hosting company may have something different but it should look at least somewhat like this. Notice the logic here — you want the test to answer “yes” if you don’t want the email, and you don’t want the email if it “fails to match” all of the acceptable formats. No email will match them all — it just needs to match one of:
- ralph@…
- z– followed by anything
- …<ralph@… (for when the To address includes his name, e.g. “Ralph Jones” <ralph@notarealdomain.com>)
- …<z–…
If you have other rules, set this one to execute first, since this will quickly discard most of the spam without even leaving it in the Junk folder to waste space.
If a spammer gets hold of one of your throwaway addresses, add those addresses to a block list. If this isn’t simple to do in your mail client, you can create another rule for it similar to the above, except in this case you would be looking to discard anything that does match specific To addresses. Then you might also think about stopping doing business with whoever sold or leaked your data. Or suing them, whatever.