Articles

Why I Use a Different Email for Every Service

By Wade Ashley · · 9 min read

In Short

  • Your email is a tracking device — it's the only thing that uniquely identifies you across every platform, and companies exploit that relentlessly
  • Standard email is inherently insecure — most messages travel unencrypted and can be intercepted or read by your provider
  • Owning your domain changes everything — create unlimited addresses, prevent cross-referencing, and isolate spam to individual services
  • The catchall strategy is the key — configure one catchall and invent new addresses on the fly, no setup required
  • Per-service addresses expose phishing instantly — if an email claims to be from PayPal but arrives at your Amazon address, you know it's fake

Your Email Address Is a Tracking Device

Every website wants it. Registration forms demand it. "Login with Facebook" buttons offer convenient shortcuts to hand it over. But have you actually stopped to consider why your email address is so universally requested?

Simple. It's the only piece of information that uniquely identifies you across the entire digital world. Not your name — too many duplicates. Not your birthdate — shared by thousands. Your email? That's yours alone.

Once a company captures that address, they're not just filing it away for customer service. They're cross-referencing it. Sharing it. Selling it. Specialist data aggregation companies build detailed profiles about who you are, what you buy, where you go, and what you're likely to do next — all anchored to that single email address you've been using since 2007.

That "Login with Facebook" button? It's not there for your convenience. It allows Facebook to cross-reference data from every site you use it with, linking it all back to the email associated with your Facebook profile. If privacy matters to you at all — and it should — never use social login options.

Your email address has become a valuable commodity. There's a reason registration forms ask for far more information than they actually need to provide their service. That email is the master key enabling everything to be cross-referenced, packaged, and monetised.

Email Security Is Fundamentally Broken

Nearly all email is unencrypted. Just sitting there, readable by anyone who intercepts it.

Why? The answer is frustratingly straightforward. If you encrypt an email before sending it to someone you've never contacted before, how would they decrypt it? They don't have your encryption key. The whole system breaks down.

Modern messaging platforms like WhatsApp use end-to-end encryption with sophisticated public and private key systems. They can do this because they control both the sending and receiving software. Closed ecosystem. Complete control. Email doesn't work that way.

You can configure your email client to transmit messages securely to your provider using SSL/TLS — and you absolutely should — but once it arrives at your provider's server, it's no longer encrypted. You have zero control over how it's then transferred to the recipient, who might be using completely different software, different providers, or no security protocols at all.

There's also the question of who can read your stored messages. ISPs and web hosts may be able to access email sitting in accounts hosted with them. Third-party providers like Gmail and Outlook encrypt your stored messages using your password, which prevents the provider from reading them — but if you're sending email using unencrypted protocols, that data can still be intercepted in transit.

The Australian Cyber Security Centre recommends enabling encryption wherever possible, but the reality is that email was never designed with privacy in mind. The best defence isn't trying to encrypt every message — it's controlling how your address gets used in the first place.

The Email Address Trap

Remember when changing your ISP meant changing your email address? Bigpond, iiNet, Westnet — they all locked you in. Moving to a new provider meant updating your email everywhere, notifying everyone, losing access to old accounts. The hassle was so significant it kept people trapped with substandard service.

Then Gmail, Hotmail, and Yahoo arrived with free accounts that weren't tied to any ISP. You could switch internet providers without changing your email. Liberation!

Except this made the privacy problem catastrophically worse. Now that you never change your email address, it's used everywhere — every online account, every newsletter, every registration form. And inevitably, the services storing those details get hacked.

The longer you use the same address, the more spam accumulates. Filters help, but eventually the volume becomes overwhelming. Real messages drown in a sea of rubbish. Once a site with your details gets breached, spam can explode overnight.

This happened to me when Adobe's systems were hacked. The email address I'd used for registration was suddenly swamped. You can check whether your own email has been compromised at Have I Been Pwned — the results are often sobering.

Fortunately, I already had a strategy in place.

Own Your Domain, Own Your Email

For businesses, owning a domain is obvious. But why would you want one for personal use?

Because when you own a domain name, you own every possible email address that can be sent to it. You can literally make up any address you like and control where it's delivered.

Let's say you own jonesfamily.com.au. You could create these addresses:

  • facebook1@jonesfamily.com.au
  • paypal@jonesfamily.com.au
  • amazon@jonesfamily.com.au
  • anz@jonesfamily.com.au
  • woolworths@jonesfamily.com.au

Each address gets used to register with a different company. Because they're all different, those companies cannot cross-reference your data to build a unified profile. If one address starts attracting too much spam, you simply change it. Your paypal@jonesfamily.com.au becomes paypal2@jonesfamily.com.au.

You're probably thinking this sounds like a nightmare to manage — setting up and checking dozens of email accounts. Good news: you don't have to.

The Catchall Strategy

When you configure email for a domain, you can set up individual email accounts and catchalls.

An email account is a standard mailbox — one address, messages stored until you retrieve them. Continuing the Jones family example: Kevin creates kevin@jonesfamily.com.au. This is his private address, used only with family and friends. He never gives it to any website he registers with. Instead, he invents new addresses as needed.

But what happens to email sent to an address at jonesfamily.com.au that doesn't have a corresponding account? By default, the mail server bounces it back with an "undeliverable" error. Unless you configure a catchall.

A catchall tells the mail server to collect all unmatched email for the domain and deliver it to a specific account. Kevin sends everything to kevin@jonesfamily.com.au.

Now Kevin can invent any email address he wants — paypal@jonesfamily.com.au, amazon@jonesfamily.com.au, anything — and the catchall captures it. When messages arrive, they still show the original address they were sent to. Kevin doesn't configure anything. He just makes up an address on the spot, and the catchall handles the rest.

The security benefit cannot be overstated. If Kevin receives email at paypal@jonesfamily.com.au, he knows it should only come from PayPal. If he receives an email claiming to be from PayPal but it wasn't sent to his PayPal address, he immediately knows it's a phishing attempt and should be ignored.

He'll also discover — as I frequently do — when companies sell or lose his details, because unrelated emails arrive at addresses that should only be used by one organisation. If an address gets overrun with spam, he can block it either in his email client or at the server level.

POP, IMAP, and Webmail

You've probably encountered these terms when setting up email on your device. They're not different types of email accounts — they're different methods of retrieving email from the same account.

POP (Post Office Protocol) downloads copies of your messages to your device. If the email account is deleted or becomes inaccessible, you still have the local copy. You can configure POP to delete server messages after a period — typically 14 days — which prevents accounts from filling up. If multiple devices access the same account, each downloads its own copy as long as the first device hasn't deleted the message yet. It's the most reliable option for maintaining a permanent local archive.

IMAP (Internet Message Access Protocol) reads messages directly on the server without downloading them. Every device sees identical content, which is convenient — it works like cloud storage. IMAP can store sent messages back into your account's Sent folder and lets you create subfolders for organisation. The downside is that IMAP never automatically deletes email from the server, so accounts constantly fill up and exceed storage quotas. When you delete a message, it's gone from every device. I generally advise small businesses to be cautious with IMAP unless they're actively managing their storage.

Webmail is essentially IMAP accessed through a browser. Same advantages, same limitations, except you can't download messages to your device. It works well as a companion to POP — check email from any browser when you're travelling, then your regular device downloads everything later.

Choosing an Email Host

ISP-provided email (Bigpond, iiNet) offers limited quotas, minimal features, and you lose the address if you change providers. I don't recommend it.

Free providers (Gmail, Outlook, Yahoo) have better quotas and stronger security. But you can't use your own domain name, and managing multiple accounts for the catchall strategy isn't practical.

Web-hosted email (cPanel-based) comes bundled with website hosting. This is what I set up for most of my web design clients, and it's included with our hosting and support plans. You get full control over multiple domains, email accounts, catchalls, and forwards. You don't need a website to use domain-hosted email, though it does require some technical knowledge to configure.

Microsoft 365 Exchange is the enterprise option, now accessible to businesses of any size. Exchange encrypts your mailbox using your password as the key — not even Microsoft can read your stored messages. You get 50GB per account and licences bundle with Office software. The limitation is one address per licence with no catchall support, though you can combine Exchange with web hosting to get the best of both worlds.

Taking Control

My advice? Buy a domain and set up web-hosted email with a catchall. Even if you don't have a business website, the privacy and security benefits are genuine and immediate.

Start by using a unique address for every new service you register with. You don't need to migrate everything overnight — just begin with new registrations and gradually update the important ones like banking, government services, and shopping accounts. Within a few months, you'll have a much clearer picture of who has your data and how they're using it.

If you'd like help setting this up — whether it's part of a new website project or standalone email hosting — get in touch.

Wade Ashley

Wade Ashley

Creative Director, Dygiphy

Wade has been designing user interfaces for 30+ years — from mainframe terminals to modern responsive websites. He founded Dygiphy in 2009 to bring enterprise-level UX expertise to Australian small businesses.

More about Wade

More articles

Need help with your website?

Whether you need a new website, want to improve an existing one, or just have a question — we're here to help.

Get in Touch