How it works

Since nearly 10 years I use a CatchAll-Methods to determine who send me emails and where they get my email from.

A CatchAll-Method is relatively simple:

  1. You need your own Domain for example
  2. You run your own E-Mail Server, for example, using exim4 or find an E-Mail Provider, that allow CatchAll Addresses
  3. You set a Rule, that all E-Mails going to this Domain, will be forwarded to your personal mailbox for example “”.
  4. When you now signup for any service, you use “”
  5. Did you receive an email to that did not come from the company name, you can assume that company name shares your email address with third parties or was hacked and has a data breach.

It is important to follow the following rules:

  • Did not set up Mailboxes under On the one hand, that can be a Trademark Violation
  • Did not set up Mailboxes, Aliases or anything on your Server or your Laptop, that contains In case your PC is hacked or stolen, you want to be sure that this email address is not part of your Contact List, your E-Mail Box or any other setting. The only place where the universe can know that exists is at the Date abase that is operated by company name.
  • Sometimes when you signup online with Websites, you will be asked, if your Information can be shared with Third Parties or can be used for marketing purposed. Deny that in any case.
  • When you receive an email, that is a Spam, Malware or simply not related to CompanyName, contact the Company and ask how this can be the case. Keep in mind, that some Companies keep the right in the fine print to share your information with third parties.

When you follow these guidelines, you have a good base to detect data breached before the general public. If you like to report such events, please send us here at The Emai Data Breach Report a Report with all the information and evidence you collected. Be aware, that we would need reports from several persons before we would be able to contact the Company and ask for a Statement.

When you are not able to use CatchAll-Domains by yourself, another option can be to use Gmail. When you have a GMail-Address like “”, you have already a CatchAll-Method included. You can use “”. E-Mail to this address will be shown up in your Mailbox and allow you to sort the E-Mails.