Skip to main content

Posts

Showing posts from October, 2018

Separate Addresses and Have I Been Pwned

Many years ago, I started giving out a different email address to every places that asked for one. To do this, I had to own a domain and set up email hosting. When I first set this up, I accepted email addressed to any address at my domain. Since then, email security has improved a lot. To use security features like DMARC , I had to stop accepting all addresses and had to only accept mail from a list of valid addresses. A few years ago, a guy by the name of Troy Hunt started collecting the lists of compromised databases and passwords that were floating around the internet. He put together a site called Have I Been Pwned  (HIBP) and after proving your ownership of a domain, you can request a list of all of the accounts at that domain that have been compromised. You can also do the same thing for a single email address if you don't own a domain. It's important to remember that this isn't a list of ALL compromised accounts -- only the ones that have made their way to