@IrrationalMethod @paul_ipv6 @alexr definitely. You have to validate each time a report comes in but it's a click. Worth it just to see.

@paul_ipv6 @IrrationalMethod @alexr I'm signed up for "have I been pwned" for my domain and its surprising where I see my email addresses (real or generated) appear.

@paul_ipv6 @IrrationalMethod @alexr yep, that's partly where my script comes from. I can check a box and it'll create an alias record in a sql db that postfix reads. Now I can create "base64_encoded_site+date" as an alias and drop it when I want... but also see when they "leak" my details

@IrrationalMethod @alexr @paul_ipv6 oooh, I've hit a few sites like that. Or combined with the recovery process (remove MFA) not working because it treats a + as space (url encoding), but the sign up doesn't.

I've locked myself out of at least 5 sites and support refuse or cannot help.

@alexr @paul_ipv6 same for ones that dont allow + in the mailbox part. It's in the RFC, even google/Gmail supports it.

I made myself a small script to base64 encode the site + date (in case it's a site that allows you to order stuff but not register), but its not convenient.