My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.

haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.

Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.

      • Deebster@infosec.pubOPEnglish
        31·
        2 days ago

        Perhaps that message only shows up if some of the results are from the paid lists. For me, I don’t see anything listed beneath, even though 34 addresses match, so I guess nothing’s in the free lists.

        edit: Looks like it’s triggered on number of results:

        Most domain searches are free. Once a domain has more than 10 breached email addresses on it, searching the domain requires a subscription. There are several ways to either reduce or entirely remove the need to have a subscription:

        • Onno (VK6FLAB)
          2·
          2 days ago

          That’s interesting, since my list of addresses contains numerous ones that don’t exist and nobody here has ever used.