I have a custom domain for my emails with catch all. When I create an account somewhere I just use <name of the service>@my-domain.com
Can I find out if any of my emails are in leaks with a service somewhere?
I have a custom domain for my emails with catch all. When I create an account somewhere I just use <name of the service>@my-domain.com
Can I find out if any of my emails are in leaks with a service somewhere?
While others pointed out that Have I Been Pwned is (kind of) for this specific purpose, there is a limit of like 10 email addresses. Beyond that, you will have to have a paid subscription. You'll still get "alerts" without the subscription, but have no way of seeing which email addresses have made it into a leak somewhere. And the pricing cliff was pretty steep if I recall correctly.
Minimum ~$50 / year for 1 domain and up to 25 breached email addresses. https://haveibeenpwned.com/Subscription
I'm just one guy, but I have a lot of project domains. If I wanted to monitor 5 domains, it would cost me $443 / year.
That's literally what Have I Been Pwned is for.
https://haveibeenpwned.com/
Yes, but note that you have to pay for that, see the pricing here:
https://haveibeenpwned.com/Subscription#corePlans
For me, with a similar wildcard setup, it became something I wasn't willing to spend money on. I work on the basis that accounts are compromised and if the company is large enough I'll see it in the news. Strong passwords, and a password-database is the best I can manage.
You don't, you can register a whole domain and it'll work.
Can confirm it's free. I tried it based on the GP comment. There are various ways to prove it is your domain: token sent to one of a small number of email addresses like {admin,security,webmaster}@, DNS TXT record, place a small file in the root of the website, etc.
The only extra bits I saw for the other emails on my domain was a plus address I'd used for last.fm which had been leaked. None of the other emails (wife, kid, family, etc) appear in any breach.
I'm slowly moving away from using my own personal domain as it's becoming an ever increasing burden. I'm also concerned that my wife/kid will be left with something they may not have access to, or would stop working at some point, if I suddenly dropped dead.
I had a domain registered and I got notices for about five email addresses - but after a while I was told I'd had too many localparts appear in breaches and I had to pay to upgrade.
It might have changed again now, but that was the point I deleted my account. The pricing list seems to imply a limit on the local-parts for a domain, though ..
One by one, but I think the question is about the entire domain name
You can have haveibeenpwned.com check for the custom domain itself. For instance, I get notified if any email of our family domain get leaked (not just mine).
If you sign in that's an option on your dashboard. You need an account because you need to verify the domain is yours