My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.
haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.
Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.
You must log in or # to comment.
If I recall, the founder had some workaround for situations like you describe. I am in the same situation but I didn’t have the effort to care enough to do all that hassle.
It’s entirely possible that my best fix is just to delete my haveibeenpwned account and react when I get spam, but where’s the fun in that?
The founder was asked to provide a subscription level for individual domains and he said no and pointed people at the suggestion to search manually or occasionally pay for a month instead.
HIBP subscriptions can be taken out monthly and cancelled at any time. If the appearance of your domain in a breach is infrequent, you can take out a one month subscription then immediately cancel it after performing the search (the subscription will remain active until the entire month period has elapsed).
$4000 USD a year he better be delivering caviar to your doorstep (that shit is cheap now)
It’s because of Enterprise contracts, for the things you can check off with HIBP… 4 grand is not a lot for them. But, then also if you offer a separate plan and just say ‘no enterprise, we trust you’, many businesses will just ignore the enterprise plan.
Maybe not an exact fit for your situation and would take work but I use addy.io. solid and have had no issues with it for 4+ years.
If it takes me on average 5 minutes to login and change an email address, it would take me about 1 days, 18 hours to change them all! It definitely looks worth it for others who want to start using aliases.
I am not sure what you are talking about.
I have a domain registered and can see exactly which addresses have been compromised by what, without payment.
I see this:
Interesting.
I see a list of email addresses.
Perhaps that message only shows up if some of the results are from the paid lists. For me, I don’t see anything listed beneath, even though 34 addresses match, so I guess nothing’s in the free lists.edit: Looks like it’s triggered on number of results:
Most domain searches are free. Once a domain has more than 10 breached email addresses on it, searching the domain requires a subscription. There are several ways to either reduce or entirely remove the need to have a subscription:
That’s interesting, since my list of addresses contains numerous ones that don’t exist and nobody here has ever used.
Just register a new domain and route that mail to your old domain.
