My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.

haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.

Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.

  • Onno (VK6FLAB)
    21·
    2 days ago

    I am not sure what you are talking about.

    I have a domain registered and can see exactly which addresses have been compromised by what, without payment.

        • Deebster@infosec.pubOPEnglish
          31·
          2 days ago

          Perhaps that message only shows up if some of the results are from the paid lists. For me, I don’t see anything listed beneath, even though 34 addresses match, so I guess nothing’s in the free lists.

          edit: Looks like it’s triggered on number of results:

          Most domain searches are free. Once a domain has more than 10 breached email addresses on it, searching the domain requires a subscription. There are several ways to either reduce or entirely remove the need to have a subscription:

          • Onno (VK6FLAB)
            2·
            2 days ago

            That’s interesting, since my list of addresses contains numerous ones that don’t exist and nobody here has ever used.