My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.

haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.

Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.

  • Deebster@infosec.pubOPEnglish
    31·
    2 days ago

    Perhaps that message only shows up if some of the results are from the paid lists. For me, I don’t see anything listed beneath, even though 34 addresses match, so I guess nothing’s in the free lists.

    edit: Looks like it’s triggered on number of results:

    Most domain searches are free. Once a domain has more than 10 breached email addresses on it, searching the domain requires a subscription. There are several ways to either reduce or entirely remove the need to have a subscription:

    • Onno (VK6FLAB)
      2·
      2 days ago

      That’s interesting, since my list of addresses contains numerous ones that don’t exist and nobody here has ever used.