A different address for every company, all landing in your real inbox. The second mail arrives from a sender you never handed it to, we name who leaked you.
Receive-only. No OAuth, no inbox access. Bodies never stored. Your domain, your exit.
adtech-partners.io mailed an address that was only ever given to netflix.com. So Netflix shared it, used a third party, or was breached. Now you know.
You gave that address to one company. So why are forty others emailing it?
When spam shows up, you never know who leaked you. A purpose-bound alias turns that guess into a name, with the receipt to prove it.
Signing up for Netflix? Make netflix.k3x9@whosold.me and tell us you gave it to netflix.com. That becomes the expected sender.
Every message relays over standard SMTP to the inbox you already use. ARC-sealed, DKIM-signed, spam-checked.
Anything from a sender you didn't expect trips the alarm. One click kills the alias for good.
This may mean netflix.com shared your address, uses a third-party sender, or was breached.
The alert, exactly as it lands in your inbox.
The price is printed on day one so "if it's free, you're the product" never applies. Nothing you rely on gets taken away.
| Free | Pro ~$5/mo or $48/yr | |
|---|---|---|
| Aliases | 25 | Unlimited |
| Domain | shared whosold.me | your own (BYOD) |
| Leak alerts + expected senders | included | included |
| Activity logs | 90 days | 1 year |
No. The price is printed above from day one, and we never keep your email bodies, so there is nothing to sell. The invite waitlist, not a paywall, keeps abuse out while we are small.
We can't build a profile from what we don't keep. Mail lives in memory only long enough to forward. Sender, subject, time. Never the body.
Use your own domain. Your aliases live on your name, so you repoint the MX and walk away with everything. That is the whole point.
It hides your address. It doesn't tell you who leaked it, doesn't do expected-sender detection, and doesn't run on your own domain.