Whenever I sign up to some website or service, I always register with the email address [myname]-[service]@[mydomain].
For example, here on wordpress I am registered as “firstname.lastname@example.org”, where of course “me” and “mydomain.com” are different values.
I have done that for over 10 years, if I remember well. The nice thing about it is that you can track down the source of emails you receive, and you can verify that this is correct use of the email that was registered. The drawback of it is that many mailing list systems block your postings, because when you write to it with your real email (which is without the -wordpress for example) they say you are not a member of the list (which technically is true).
Now quite some time ago, and I could have written about this before, I started receiving proper spam emails at “email@example.com”. Now that is rather strange. So I contact Dropbox and they admitted they had had a security breach in which many email addresses had been harvested. They pointed me to a post on their site explaining about it.
My spam filters work fine, and I haven’t had too much trouble (another post some day), but today I decided to update my email address with Dropbox, so that I can set up a filter with the old address to wipe anything.
To my surprise, this worked differently than I thought it would. I updated my address to be “firstname.lastname@example.org”. Strangely enough, I received a notification at my new address that my address had changed. In my case the emails all end up in the same place, but shouldn’t I have received it at my old address? Then it can be a safety feature to ensure that an account is not being hijacked. For that to work, the old address needs to be notified of the change, not the new one.