My personal domain has hundreds of aliases - one for each site I deal with. This is great for identifying the source of spam, and I retire any aliases that get spam.

haveibeenpwned.com lets me add a domain, but wants 3912 USD a year to actually tell me which addresses leaked. This is obviously an insane price for a nice-to-have.

Is there an alternative for free or very cheap? A self-hosted tool that would pull down lists would be great, but I suppose those lists aren’t public.

    • Deebster@infosec.pubOPEnglish
      31·
      6 days ago

      Perhaps that message only shows up if some of the results are from the paid lists. For me, I don’t see anything listed beneath, even though 34 addresses match, so I guess nothing’s in the free lists.

      edit: Looks like it’s triggered on number of results:

      Most domain searches are free. Once a domain has more than 10 breached email addresses on it, searching the domain requires a subscription. There are several ways to either reduce or entirely remove the need to have a subscription:

      • Onno (VK6FLAB)@lemmy.radio
        2·
        6 days ago

        That’s interesting, since my list of addresses contains numerous ones that don’t exist and nobody here has ever used.