Every time you use your primary email address to sign up for a website or service, you are either giving that service permission to regularly email you or worse yet, leak your email address to spammers. You are also using the same login address for every service.
What if there was a way to create a unique email address for every site you visit, without having to create a unique account on a mail service like Gmail? You would then be able to identify who the culprit was that leaked your email address and more easily create filters to stop it. The answer is a catch-all or wildcard email address.
What you need to do:
1. Register a domain name.
There are a lot of sites where you can register a domain name. I personal use Ionos to host my website and domains, and they make editing your DNS records easy. Upon registering your domain, you should be given a DNS configuration panel where you can add the MX (DNS Mail Records) for your domain.
Once you have a kickass domain name, like website.com, you then need to:
2. Sign up for an email service that allows wildcard address.
Google GSuite does have this functionality, but I prefer a more privacy and security-focused email service like Protonmail.
Protonmail makes the process very easy. First you create an email address (it can be either a primary or a backup address) and point the DNS of your DNS Registrar/hosting provider to Protonmail.com.
3. Set the MX record for your domain to point to that email service.
4. Configure a new email address to be used for the wildcard or catch-all.
For more information on setting up a Catch-All or Wildcard address in Protonmail, go to:
5. Create emails as you go
Whenever you sign up to a new sight, simply create an email address for that site on the fly. Some examples include:
You will not need to create these email addresses via your email service. You simply make them up at the time you sign up for the website. With the catch all set, any emails to a wildcard address will simply show up in your designated inbox.
6. Some pitfalls and suggestions
- You may get some emails destined for wildcards you didn’t create, so pay attention to the destination address.
- It is a good idea to make a record of each wildcard you create, so you can verify it is valid.
- Never click on a link or open an attachment sent to a wildcard unless you’ve verified its validity to avoid phishing and other forms of attacks.
- Use a password manager to track your multiple login IDs.