Ask HN: Why hasn't x86 caught up with Apple M series?

> Per-service email addresses are fine when I’m typing the address into a web form, but if I tell Jane the dogwalker that my email address is jane.the.dogwalker@shinytable.com, she gets confused or weirded out. In those cases, I’ll say Michael but add a semi-random suffix like michael.dw5@shinytable.com, where “dw” is for dogwalker and the 5 is in case I’ve used “dw” as a suffix before.

So many times I've spoken to customer support at [company], told them my email is [company]@[myfirstname].com, and they've thought I was an employee of [company] or similar.

But actually I find most people are fine with it and it's a mild ice-breaker to explain why you've got such an unusual email address. Especially if it's literally just *@[firstname].com

I've considered moving away from this pattern for security though. If someone targets me, they can easily work out my email address for any service.

mtlynch · 4h ago

Thanks for reading!

>I've considered moving away from this pattern for security though. If someone targets me, they can easily work out my email address for any service.

Yeah, I do [servicename]-[4-6 random characters]@mydomain.com to avoid this. That way, I can recognize which service the email is associated with on quick inspection, but it's not predictable.

The downside is that if I'm talking to a customer service agent in person (e.g., at an airport or hotel) and they ask my email, they're confused about why I don't know it, and I have to look it up on my phone. Also a problem if I don't have network connectivity when they ask.

0x3f · 4h ago

I did try out random characters as well, but if it's too long it becomes a pain to read out over the phone. Not unlike masked iCloud emails, which are horrific. Plus the lookup issue you mentioned.

I've also considered some kind of word-based approach. Similar to the old XKCD correct-horse-battery-staple passphrase idea, since words tend to be less ambiguous when read aloud.

I also wondered if it was possible to do this (a) deterministically from the company name/domain, (b) with an algorithm I can do in my head [to solve your lookup issue], and (c) with some kind of 'salt' that prevents easy enumeration.

One other interesting aspect of doing a per-company email is that you find companies you might never suspect of selling your data spamming you, or otherwise subject to data breaches that they never announce.

mtlynch · 3h ago

>One other interesting aspect of doing a per-company email is that you find companies you might never suspect of selling your data spamming you, or otherwise subject to data breaches that they never announce.

Yeah, definitely. I find this a lot with point of sale terminals. I think it's Square where if you choose an email receipt, they automatically share your email address with any vendor where you use the same credit card.

>I did try out random characters as well, but if it's too long it becomes a pain to read out over the phone.

Yeah, I don't think you actually need that much entropy though unless you're an especially attractive target. For 99.99% of the population, they have just one email address, so they're an easy target for account enumeration. There'd have to be something unusual about me for an attacker to take such an interest that they special-case my email to recognize my scheme, and even less likely for them to even try to brute force just two random characters (assuming I'm using a secure, random password everywhere).

Also, if you haven't signed up, Have I Been Pwned lets you register for notifications at the email domain level with a free account.

0x3f · 3h ago

Yeah of course, it's probably total overkill for the average person.

I have some startups/projects though where the accounts are kind of valuable and I just end up getting people to use plus-addressing in the form of [employee name]+[random string]@company.com. That way nobody is going to guess our e.g. checking account/DNS admin/whatever email address, and everyone keeps/manages their own named inbox without extra setup.

In the pointless pursuit of neatness though, I still think about the one true email address generation strategy from time to time.

pavel_lishin · 2h ago

I've had very similar experiences - most often at hotels, weirdly.

0x3f · 2h ago

I've had a few have straight up ask if I'm a mystery shopper after seeing the email address, so maybe it's something they're more acutely aware of in contexts where they expect to be evaluated in some way.

hollasch · 1h ago

This seems oddly complex to me. We have a family domain that hosts our personal email addresses. In addition, we have a "family@" address that just forwards to my wife and me. Usage is obvious to everyone, no need to explain anything. Joint emails are obvious, replies work as expected, individual emails have obvious recipients.

beardyw · 3h ago

I had this setup for a while. How do you manage replies from your own account? Ideally they should be bcc to the other person. Also I found 'reply to' (I forget the format) is not always honoured by email clients.

mtlynch · 3h ago

Thanks for reading!

>How do you manage replies from your own account? Ideally they should be bcc to the other person.

Usually, my wife is cc'ed, and the other person does reply-all, so I don't need to do anything. If they accidentally forget to reply-all, I just re-add my wife to cc like normal. But even if I forget, she still gets any emails that I get, but she misses my reply.

>Also I found 'reply to' (I forget the format) is not always honoured by email clients.

It's not sending from whatever@gmail.com with a custom reply to. My custom domain is the From: address, so it works even if the email client doesn't respect "reply-to".