cross-posted from: https://infosec.pub/post/37292398
My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.
haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.
Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.
I don’t miss any breaches (I inform myself with other news portals) and the most recent one with 2 billion is included but no actual account. Of course some of the addresses the spammers guessed for my domain could be in a breach that I don’t know of but I don’t care. Just guessing email addresses is not hard for a catch all address.