me.com

Difference between using different email domains or different email aliases (on spam control) I've recently purchased a custom email domain for several reasons, one of them being to get rid of services from Microsoft and Google, and another because said services were flooded with spam over the past decade or longer. Included within this purchase is the option to set up 10 custom email domain addresses, however I also have the option to set up an infinite amount of aliases for the current registered main domain address. As I lack the knowledge in understanding the structure behind either setup, I was hoping some of you could help me out. My main question is which differences I should keep in mind when choosing either a separate domain or a separate alias? However what I mainly would like to have answered is: which of the two is the best option for spam and breach control, and privacy? Say my main address is “[main@me.com](mailto:main@me.com)” and I would like a different one for online orders which I will call “[shopping@me.com](mailto:shopping@me.com)” and through one of my orders I start receiving spam (because of a breach), would simply removing that alias also prevent me from still getting those spam mails, even though it was linked to the same "@me" domain? Or will that only work if I have a separate domain that I could then remove? If the former, will those emails get blocked from being sent completely because the address doesn't exist anymore? Or will they still be “received” on my domain even though I won’t see them? What’s the proces behind this? I'm curious to learn more about this and to read how others go about this.

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l

Social Engineering Escalation (The Honan case) Hi /r/SocialEngineering, Here is a TL;DR of how the attackers of Mat Honan managed to obtain enough information to SE Apple support (info from his [wired piece](http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)). Now, all of this was aimed at getting access to his @mat account on twitter, so they needed his email. * First, they grabbed, from emptypage.com, **his email**: mhonan@gmail.com * Then, they tried password recovery at Gmail. Since 2FA was turned off, they were presented with the message "We will send you an email to your secondary address: m*****n@me.com" So, they knew his address was **mhonan@me.com**, and they had to gain control of his Apple Account. **Honan fail:** Two factor auth should be turned on. * So they targeted his Amazon account instead! They grabbed **his address** from the whois info of emptypage.com, and called Amazon support to add a new (bogus) credit card to his account. **Info needed:** email address and billing address. Done. **Honan fail:** Your real address is on the whois of your domain? Seriously? How is it needed for anything? To all the followers of the SEorg podcast, [this isn't news](http://www.social-engineer.org/episode-008-the-social-engineering-zero-day-revealed/) but then again, this was they key to everything else. * Then, they called amazon again, to have his password reset. **Info needed:** email, billing address, and last 4 digits of *any* card number associated with the account. **Amazon fail:** they should require the card to have been "validated" by a successful payment/delivery. If they had done so, the card would have needed to be valid, and an unknown purchase made by a card you don't own is a big red flag. * Now they have access to the Amazon account. From it, they lift **the last four digits of his (real) credit card number.** * Finally, they call Apple support to have his password reset. **Info needed:** email, billing address, l