Skip to content
On this page

$ email blame

By Matt Hamilton
June 20, 2022

A recent Hacker News post made me realize that something I've been doing for many years isn't as uncommon as I had thought.

I have a catch-all email address for one of my domains. *@mydomain.example all goes to one folder.

This approach has a few benefits as opposed to handing out the same email address everywhere:

  • When a company sells my email address, I know who to blame.
  • DB leaks (and of course unique and random passwords) nullify credential stuffing.
  • I can easily null-route email for any particular email address if they become annoying.

A few people in the HN comments pointed out a weaknesses with this approach:

If you know my email for [email protected], you know my email for [email protected]. The naive approach does not mitigate the targeted phishing/spam risk.

You could use a random email address, but then it becomes difficult to share your email address (customer support, friends on service, etc.) or you may lose track of them.

Problem solved

The one-liner solution:

$ globalsalt='abc'; domain='mydomain.example'; echo -n $(echo -n$globalsalt | md5sum | cut -c1-8)@${domain}

[email protected]

This generates an email address through a simple one-way function. I can produce and reproduce these email addresses easily while others can't.

Here's the same thing but as a more convenient shell function:

email() {
  echo -n $(echo -n ${1}+${globalsalt} | md5sum | cut -c1-8)@${domain}
$ email

[email protected]

If you want to try this out in your browser head on over to


BuT PrECoMPuTaTiON! If you're worried about this, check out the example below of juicing up this function:

emailaes() {
  echo -n $(echo -n ${1}+${globalsalt} | openssl enc -e -pbkdf2 -aes-256-cbc -a -nosalt | md5sum | cut -d' ' -f1)@${domain}

If you want to save your email address mappings:

emailsave() {
  email=$(echo -n $(echo -n ${1}+${globalsalt} | md5sum | cut -c1-8)@${domain})
  echo “${1} - ${email}” >> ~/emails.txt