March 7, 2026

The Email Alias Strategy: Why Your Own Domain Is a Privacy Superpower

How infinite email aliases turn every data breach into a minor inconvenience instead of a catastrophe

I've been using my own domain for email for about seven years now. Not a Gmail address. Not an Outlook.com address. My own domain (I actually have a bunch of them, but that's a different story altogether), hosted through Fastmail, with a feature most people don't even know exists: unlimited email aliases.

It's one of those things that sounds like overkill until you understand what it actually does. Then it sounds like the bare minimum anyone should be doing.

Let me explain why.

The Problem With Using One Email Address for Everything

Most people use the same email address for everything. Their bank, their social media, their shopping accounts, their work stuff, newsletters they signed up for in 2014 and forgot about. One address. Everywhere.

When that address gets compromised—and it will get compromised eventually—everything connected to it becomes vulnerable at once.

But the bigger problem isn't even the breach. It's that you have no idea where the breach came from.

Your email shows up in a data dump. Was it from Target? Equifax? That random forum you joined once? Some app you gave permissions to five years ago? You have no way to know, and no way to contain it.

You just know your email is out there now. And you can't change it without updating 47 different accounts, most of which you've probably forgotten you even created.

The Email Alias Solution

Here's how I handle it instead.

I own my own domain. Let's say it's yourdomain.com. My email is hosted through Fastmail, which gives me unlimited email aliases.

An email alias is just an alternate address that forwards to your real inbox. So I can create amazon@yourdomain.com, netflix@yourdomain.com, bankofamerica@yourdomain.com—as many as I want, instantly, with no setup required.

Every single service I sign up for gets its own unique email address.

Here's what that looks like in practice:

All of these forward to the same inbox. I see everything in one place. But each one is functionally isolated.

Why This Matters

1. You Know Exactly Where a Breach Came From

When an email address shows up in a data breach, I know immediately which service leaked it.

If target@yourdomain.com shows up in a breach database, I know it was Target. Not a guess. Not "probably Target." It was definitely Target, because that's the only place that address was ever used.

That means I can:

2. You Can Kill an Address That Gets Compromised

Let's say target@yourdomain.com ends up in a breach and starts getting spam. Or phishing attempts. Or is being sold on dark web forums.

I can just delete that alias.

It takes five seconds. The address stops working. Any email sent to it bounces. I create a new one—target2@yourdomain.com or target-new@yourdomain.com—update my Target account, and I'm done.

The compromised address is dead. It can't be used to reset my password. It can't be used for phishing. It's just gone.

Try doing that with johndoe1987@gmail.com. You can't. That address is tied to everything, and changing it means updating every single account manually, one by one, hoping you remember them all.

3. You Can Track Who's Selling Your Data

This is where it gets interesting.

Let's say I sign up for a new service—some app, some newsletter, some "free trial" that requires an email. I give them newservice@yourdomain.com.

Six months later, that address starts getting spam. Not from the service I signed up for. From random third parties selling things I never expressed interest in.

That means the service I gave that address to either:

Now I know. And I can delete the address, file a complaint, report them to the FTC if they violated their privacy policy, or just quietly stop doing business with them.

You don't get that visibility when everyone has the same address. The spam just shows up, and you have no idea where it came from.

4. You Can Create Disposable Addresses for Risky Signups

Sometimes you need to sign up for something you don't fully trust. A one-time purchase. A sketchy forum. A "free trial" you're pretty sure is going to spam you.

I create a disposable alias. randompurchase-2026-02@yourdomain.com. Use it. Get what I need. Then delete it a week later.

It's the email equivalent of a burner phone. Except it's free, instant, and doesn't require a second device.

5. Phishing Gets Harder

Phishing emails are getting better. They look real. They use the right logos, the right language, the right urgency.

But they make one mistake: they send the email to the wrong address.

If I get an email claiming to be from my bank, but it's sent to amazon@yourdomain.com instead of bankofamerica@yourdomain.com, I know immediately it's fake.

Real emails from my bank only go to bankofamerica@yourdomain.com. Anything else is a phishing attempt. Delete.

No second-guessing. No "does this look legitimate?" No clicking links to verify. If it's not sent to the correct alias, it's not real.

6. You're Not Locked Into a Provider

Here's the other big advantage of owning your own domain: you're not locked into any email provider.

If you use yourname@gmail.com and Google decides to shut down your account (it happens—people get locked out of Google accounts all the time for reasons they never fully understand), you lose that address. Permanently.

If you use yourname@yourdomain.com and you don't like your current email host, you just move your email hosting somewhere else. The address stays the same. Your contacts don't change. Nothing breaks.

I've switched email providers twice in seven years. Each time took about an hour to set up. My email address never changed. No one I correspond with ever noticed.

That's not possible with Gmail, Outlook, Yahoo, or any provider-specific address.

The Privacy Angle

This isn't just about breaches. It's about control.

When you use Gmail, Google has access to every email you send and receive. They scan it for ad targeting. They use it to build your profile. They know who you talk to, what you buy, where you travel, what services you use.

When you use your own domain with a privacy-focused host (like Fastmail, ProtonMail, or Tutanota), that stops.

Your email provider can't read your mail (or in the case of ProtonMail, it's encrypted end-to-end so even they can't). They're not building an ad profile on you. They're not selling your data to third parties.

You're paying for the service, so you're the customer, not the product.

And because you're using unique aliases for every service, no single company can build a complete profile of your digital life just by tracking your email address across different platforms.

The Downsides (There Are a Few)

This isn't all upside. There are tradeoffs.

It costs money. Fastmail is $5/month for the basic plan, $9/month for the plan I use. That's $60-$108/year. Not expensive, but not free.

You have to manage it. You need to remember (or document) which alias goes with which service. I keep a password manager (Bitwarden) that stores this alongside my passwords, so it's not a big deal, but it's an extra step.

Some services reject "plus addressing." Gmail has a built-in alias feature where you can do yourname+amazon@gmail.com, and it forwards to yourname@gmail.com. Some websites have figured this out and block email addresses with + signs in them. With a custom domain, this doesn't happen—amazon@yourdomain.com looks like a completely normal email address.

You need to own a domain. Domains cost about $12-$15/year. Not a lot, but it's another thing to manage and renew.

Who Should Do This?

Not everyone needs this level of email compartmentalization.

If you're just using email for personal correspondence and don't sign up for a lot of services, it's probably overkill.

But if you:

Then yeah. This is worth doing.

How to Set It Up

If you want to do this, here's the high-level process:

  1. Buy a domain. Use Namecheap, Google Domains, or any registrar. Pick something simple. yourname.com works