cross-posted from: https://infosec.pub/post/37292398
My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.
haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.
Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.
I was looking at this yesterday. If you actually go and look at the results for your domain, it’s likely that it will only show you the subscription free details and none of the recent ones
I don’t miss any breaches (I inform myself with other news portals) and the most recent one with 2 billion is included but no actual account. Of course some of the addresses the spammers guessed for my domain could be in a breach that I don’t know of but I don’t care. Just guessing email addresses is not hard for a catch all address.