This seems to just generate a random string to go with whatever domain I have set. Personally I prefer my email aliases to be of the form `<business_name>@<my_domain>` or `<website_domain>@<my_domain>`. That way if you do start getting unsolicited email it is crystal clear who is spamming you (or has sold/leaked your data).
In fact, given it seems to just put a random string in front of a domain name you give it I'm a little curious as to why they need your API key at all - is it just to ensure that you are not creating duplicate email aliases?
Needs your API key as it needs to access the email forwarding service which you want to use with it.
It's not just making up a bullshit address, it's generating a random localpart then going to the email forwarding service you've integrated and having that service create an email forward to your real address per whatever settings you have there.
Any email sent to the address it generates (signup confirmations, password resets etc) need to get to you, after all.
This design is completely different to using <business>@example.com. The latter is kind of useful for your use of 'who has sold my address' but has privacy drawbacks this design doesn't. e.g. if a spammer gets [email protected] they know you prob also have [email protected], [email protected] or whatever else and it's all just the same guy with the same inbox.
Truly 'random' addresses at generic forwarding services means that if Ashley Maddison gets breached again then your secret remains safe. [email protected] could be anyone.
> It's not just making up a bullshit address, it's generating a random localpart then going to the email forwarding service you've integrated and having that service create an email forward to your real address per whatever settings you have there.
Fair enough - the one I use automatically creates an alias whenever it receives an email at the relevant domain so there's no need to manually create one, I assumed the other services were the same.
In fact, given it seems to just put a random string in front of a domain name you give it I'm a little curious as to why they need your API key at all - is it just to ensure that you are not creating duplicate email aliases?