This is how I noticed that 1and1, a huge company, sold my email to spammers. Or worse, their database has been leaked. Needless to say, they acted like I reused that unique address somewhere else. You’ll be glad to be able to blacklist that address when it happens.
Maybe instead of a generating a totally random string for the challenge, you could use the salted hash of the website name. That way you can still recover your account if you lose the details, and don’t have a message from the site in your inbox.
You could also use a password manager to generate + store the unique addresses.
That’s actually a very nice idea.
BTW: This post was authored by my friend Jenda. Just so you guys know if he joins the discussion.
I do this, but in my head. Rather than using a mathematical hash function, I come up with a set of words that will map, in my head, back to the site. For example, if I wanted a throw-away address for lobste.rs, I might use firstname.lastname@example.org. It’s easy for me to map that back to a lobster but it’s not something that someone would be likely to guess from the domain lobste.rs.
I have this + an email address for git commits that automatically marks as spam if it receives an email. Very useful for training the filter on university surveys.
I have an acquaintance who is building a service that generates throw away emails for this sort of things and forwards the mail to your inbox https://www.withalias.com/