I use a catch-all (*@mydomain.tld), and forward everything to the same place. Really simple and I can just make up email addresses on the fly when I need to, no config necessary, and harder to reverse than the +addresses trick.
But not every website out there allows you to enter this as a valid email address.
My earlier hypothesis was that this was on purpose, to make sure you don't use a filter on any email they might send. But these days I'm tending to think it's just a bad regexp on their side.
Even worse, some sites let you enter a plus address initially but that address will not work in some account management pages. I had an instance where I signed up to a pizza place with such an address and I could not unsubscribe or edit my mail preferences because of it.
If you are just starting to do this...it's very easy to forget you did it for a particular site.
"I can't log in and to boot your site says there is no account matching first.last@gmail.com. What kind of Mickey Mouse operation are you running here?"
That's a solid point. I've generally avoided password managers because not knowing my (unique-per-service, strong) passwords makes me nervous in exactly the same way as not actually knowing the phone numbers of the most important N people in my life.
You'll get over that little hurdle once you realize that you can dump the anxiety of remembering a hundred password variants for different sites. And realistically speaking, you're probably not even using a hundred variants...or possibly even 10. If you're memorizing passwords, chances are your re-use frequency is nonzero.
What's important is to keep a backup of your password database in a few places. I use KeePass because I have no desire to keep passwords, encrypted or not, in a cloud service. I also don't find value in browser integration (possible attack vector?). I'm generally very DIY-inclined anyway. Your preferences may vary.
I guess you aren't familiar with KeePass. If your KeePass database is pwnd, that means your box has been pwnd since the database is stored locally and not any cloud provider (unless YOU put it there). This means you have much bigger problems and is not a shortcoming of KeePass, itself.
As a full disclaimer, there are some issues with KeePass [1], but known issues are detailed in full by the project and are available for review.
It's often called plus addressing. Quite a common feature in mail servers and mail services. MyName+<any-random-text> at gmail.com ends up in MyName's mailbox.
Doesn't that defeat the purpose? Surely anyone savvy enough to be dealing in black-market e-mail address lists is savvy enough to just remove everything after the + sign?
Probably yes. The software I'm using supports configuring the character per domain, so I can use say . instead of +, so I could use myname.service@example.com which I assume would solve that.
I use Fastmail, which provides very nice wildcard aliasing under a domain. *@mydomain goes to a single inbox. I can also create specific aliases such as foo@mydomain.
I have a wildcard redirect so that <anything>@mydomain.com is forwarded to me. That way whenever I sign up for a service I just use, e.g., dropbox@mydomain.com.
I used that practice, and ended up selling the domain. Updating everything was an absolute nightmare as a result, and I couldn't make a simple request like, "please forward my one primary email address to me for the next few years." YMMV :)
Personally, I worry much more about ad-hoc stalkers or angry people doing semi-manual digging. Such a scheme wouldn't help much. Does anyone know a convenient pipeline for managing (receiving, creating, disposing of etc) 3-rd party email accounts?
