$ email blame

By Matt Hamilton

A recent Hacker News post made me realize that something I've been doing for many years isn't as uncommon as I had thought.

I have a catch-all email address for one of my domains. *@mydomain.example all goes to one folder.

This approach has a few benefits as opposed to handing out the same email address everywhere:

A few people in the HN comments pointed out a weaknesses with this approach:

If you know my email for amazon@mydomain.example, you know my email for google@mydomain.example. The naive approach does not mitigate the targeted phishing/spam risk.

You could use a random email address, but then it becomes difficult to share your email address (customer support, friends on service, etc.) or you may lose track of them.

Problem solved

The one-liner solution:

$ globalsalt='abc'; domain='mydomain.example'; echo -n $(echo -n amazon.com+$globalsalt | md5sum | cut -c1-8)@${domain}


This generates an email address through a simple one-way function. I can produce and reproduce these email addresses easily while others can't.

Here's the same thing but as a more convenient shell function:

email() {
  echo -n $(echo -n ${1}+${globalsalt} | md5sum | cut -c1-8)@${domain}
$ email amazon.com


If you want to try this out in your browser head on over to blame.email.


BuT PrECoMPuTaTiON! If you're worried about this, check out the example below of juicing up this function:

emailaes() {
  echo -n $(echo -n ${1}+${globalsalt} | openssl enc -e -pbkdf2 -aes-256-cbc -a -nosalt | md5sum | cut -d' ' -f1)@${domain}

If you want to save your email address mappings:

emailsave() {
  email=$(echo -n $(echo -n ${1}+${globalsalt} | md5sum | cut -c1-8)@${domain})
  echo “${1} - ${email}” >> ~/emails.txt

Forces Unseen is a specialized cybersecurity consulting firm helping companies with application and infrastructure security.

Check out our other blog posts as well.