Feedback on email setup including sub addressing and alinsing

Email is one of the biggest, most important part of anyone’s tech ecosystem and is the core of creating online accounts. I know that one can use OAuth, but the main downside is that one is trusting the OAuth with info or if the service goes down, then one can’t log in. How to Create Internet Accounts Privately - Privacy Guides

I have stuck with the email creation as it is much easier to see what services one uses in a password manager. But the main issue is knowing when to use a main email, company email, alias email or alias email forwarding service or even sub addressing and thus been looking all through this forum, watching videos and reading up on other setups and reading up more on the differences and pros and cons between sub address and aliasing.

So I think I may have a strategy to compartmentalise online accounts without going too overtly complex and making things more complex and thus likely to have issues. Maybe it could be worked into a guide for the website in the future to give those new a basic setup idea. So here are my thoughts. Everyone is different, but the idea is to provide a basic setup that could be moulded where needed. The biggest challenge is that an online account, may fit into multiple areas, for example a Facebook account may be used for both personal and business public use. But another user may use a different service such as nextdoor or the same service for a different purpose. So here is a basic setup that could work well for me and maybe help others.

1. Web login email, never give out and is only used to log in to the email website. If this email gets leaked, then malicious users may try and brute force.

2. Personal email address use only for real essential things such as bank and medical as per reason here. This may be used for correspondence.

3. Any online service that is useful or frequently used on a daily basis could get a dedicated email or maybe sub addressed (not sure which is better here) with the personal email address. But if any services get hacked, then your email is exposed. May be worth using an alias forwarding service for these accounts. Each account could be sub addressed, but sub addressing doesn’t always work.

4. Any online shopping websites or rewards accounts would use a temp alias forwarding email, simply because this is likely to be brought and sold.

5. If one runs a business or owns a website for the business, then create a dedicated email for signing up to services that are for your business. Don’t use the same email address, customers contact you on for signing up, unless correspondence may take place from signed up accounts.

6. keep your current email provider, say Gmail or such, as for anything such as job applications or such. Should be simple to say over the phone. Could use a forwarding alias that will keep the same alias when replying.

7. Online forums use a randomly generated forwarding alias. However, some forums do not accept such email addresses, so it may be worth creating a different email alias address or a dedicated email account just for those.

8. online entertainment such as music or film/TV streaming sites may get a forwarding alias as a way to differentiate from general shopping or rewards sites.

9. Use a temp email for business needs where having a public identity is not needed and need to keep for basic reasons. Or for services one has to use, e.g. Facebook, for business needs but would not touch with a barge pole.

This is my setup idea and I hope that this helps others as it’s great recommending tools and services, but the biggest challenge is getting online services and accounts sorted in a way that is simple and private as there is a very fine balance between simplicity and convenience vs security and privacy. But before trying to sort, it is best deleting online accounts and anything you don’t use so that one knows what they have to work with. What are peoples thoughts on this setup? Maybe there is something that has not been thought of that I have missed, and it could be worked into an article guide that would give a very basic setup idea.

If by subaddressing you meant the username+whatever@ ala gmail then its not as effective as it used to be. Your real address is still visible, plus spammers has wisen up and would just scrubbed the +whatever part so if your reason of using it is to know which services leak or sold your data then it’ll now moot since the spammers would just spam username@ directly without the +whatever part.

Yes, this was what I was meaning with the + whatever. I believe it was similar to adding . or - in the email from what I remember to create another account and still receive the sign-up link. But as you have rightly said,

But It’s not just spammers, but other large big tech services have stopped accepting these and would display account already in use or something similar. Sub addressing may be useful for cataloguing services based on service signed up for rather than actual spam prevention.

But I think forwarding alias or differnet email address with a different sub domain would be a better way to go.

Why would OAuth go down? It’s server side authentication. If your email service can’t keep up an OAuth server, you might want to shop around for a professional email service.

Not sure what you mean. Say one uses Google for oauth. If Google login goes down then one can’t sign into a service using oauth or if something happens to your Google account. You won’t be able to login. Sorry if I was not clear enough.

I’ve never heard of an OAuth server going down that imperils logins. If one did go down, I’d just wait a bit.

I’d imagine the big players have load balancing in front of their login services and distributed servers, as well as health monitoring in place to reboot the server or move it out of commission. They do need to ensure DDOS attacks don’t block their users from logging in.