How to Use Custom Domains and Catch-All Emails
Funnel site-specific emails into one inbox for convenience and security.
Yes, it’s true! At long last, the surveillance state is here! The government is watching you. Marketers are watching you. Google is profiling your email, while Amazon uses your buying profile and overheard Alexa conversations to determine exactly what kind of underwear you most like to wear. We’ll never win. Their resources are too great. So your My Little Pony underwear will soon be auto-shared with your entire Facebook wall. YAY! Your friends will know what to buy you for your birthday.
But other than the biggies, who probably have decent security and only sometimes give your name to the NSA, everyone seems to be asking for your email address. But giving your address away so freely can lead to inbox overload. And what if the vendor gets hacked? Now the hackers have your email address! Welcome, security risks! Wouldn’t it be great to sign up for sites that require an email address, without giving up convenience or security? I knew you’d agree. Alex told me.
You can do this by getting your own domain and using a “catch-all email address.” Catch-all email addresses act exactly as they sound. They are designed to catch all of the e-mails that are sent to a particular domain. Say you go to Namecheap.com and register your own domain. For example, GrandmaCuddles.com. You can then configure a catch-all email address so any email sent to any address at GrandmaCuddles.com forwards to a single Gmail account (the one you really use). Then email@example.com, firstname.lastname@example.org, email@example.com, and more would all forward to that Gmail account. Okay, neat. But why bother?
For one, catch-all emails help you detect and disable spammers. Thomas, cybernetic wunderkind, is a 16-year-old male (mostly). He may have an IQ of 420, but he has the hormonal system of … well, a 16-year-old male. He’s at a prime age for signing up for, er, “shopping” websites as a means of, er, corporatized self-exploration. Yes, that’s what kids are calling it these days.
But every time Thomas shops at a website, he must give them an email address at checkout. And every time he gives a site his email address, five new sites start sending mail to his inbox. Thomas likes some of these promotions, but definitely not all of them. So he can use a catch-all email address to filter out the spammers.
Instead of using his main address, Thomas gives a unique email based at thomasisthebest.com to each site he shops at. He may have an IQ of 420, but he has the sensibilities of a 16-year-old male. So email receipts from Fad Magazine go to FadMag@thomasisthebest.com. And digital newsletters from his favorite band, The Circuits, go to TheCircuitsFanMail@thomasisthegreatest.com. His custom domain’s catch-all email forwards all these messages to his main inbox — just like normal. But unlike normal, each site now gets its own, easy to recognize “to” address. So if one address gets spammed, Thomas can disable it — by unsubscribing, or by redirecting mail to that address straight to the trash — and leave the others running.
Know when an account is compromised
When Thomas starts getting really strange emails from an unidentifiable address asking him to join the professional tickling community, he’s not quite sure what to do. You really don’t want to tickle a cybernetic teenager. Their reflexes are not to be trifled with. Every time he blocks the sender, the same email shows up from a different address. But with catch-all email, Thomas has the upper hand. He can see which “to” address the emails were sent to. So he knows exactly how those odd people got his email address to begin with.
Thomas sees that the “to” address for all the tickling emails was DecentBuy@thomasisthebest.com. So he knows there’s a good chance his account at DecentBuy.com was compromised. Equipped with this information, he can could cancel his account, warn his friends, or even encourage Decent Buy to take steps against the spammers. If nothing happens, he can stop the spam on his own by filtering out email to the compromised address — instead of having to make a whole new email address for everything.