I was just listening to Darknet Diaries and something the host said sparked an idea. This is just one of those times I thought I’d share with everyone else. It’s a tad techie, so if this isn’t for you, we’ll see you in the next article.

But, if you run your own domain, like I do with nateritter.com, that’s related to my identity, you might consider doing this yourself….

Here’s the idea.

For those of us who are extra security conscious, and can setup and use a catch-all/wildcard email address, you could setup what I’m going to call from now on a “UUID email addresses” per site.

Here's how I see it working from the user perspective:

1. User sets up catch-all email address (i.e., `*@nateritter.com` might forward to `foo@nateritter.com`)

2. Go to a site you want to register at

3. Generate a random string (anything like Raycast or tools like that can do this out of the box) `[random-string]@nateritter.com` to use as the email address when registering. Obviously use a random password generator for the password too. Register with that.

4. Any confirmation emails go to your catch-all (in this example, `foo@nateritter.com`), so you can confirm your email address or whatever you need to do next with it.

5. Whenever you go to sign in, your password manager will fill in the details for you, so no need to remember either the password nor the email address.

This would be similar to `nate+amazon@gmail.com`, where “amazon” can be replaced with anything you want and you still get the email in Gmail, but the wildcard local-part/username (“amazon” in this case) would be a random string.

This would be way more secure because it would be so much harder for hackers to simply guess what the email address is with a “forgot password” or “sign in” functionality, which basically tells them that the email exists on the target website.

That’s it.

I'll be here all week.

Let me know when someone builds this into an automation.

(FWIW, I suggested this to 1Password too, so let’s hope)