Find out
who sld
your email.

A different address for every company, all landing in your real inbox. The second mail arrives from a sender you never handed it to, we name who leaked you.

Invite-only beta. Free. No credit card.

Receive-only. No OAuth, no inbox access. Bodies never stored. Your domain, your exit.

detection log4 events · 1 leak
info@account.netflix.comexpected
receipts@spotify.comexpected
no-reply@ship.amazon.comexpected
promo@adtech-partners.ioLEAK

adtech-partners.io mailed an address that was only ever given to netflix.com. So Netflix shared it, used a third party, or was breached. Now you know.

You gave that address to one company. So why are forty others emailing it?

When spam shows up, you never know who leaked you. A purpose-bound alias turns that guess into a name, with the receipt to prove it.

How it works

  1. 1

    Mint a purpose-bound alias

    Signing up for Netflix? Make netflix.k3x9@whosold.me and tell us you gave it to netflix.com. That becomes the expected sender.

  2. 2

    Mail forwards to your real inbox

    Every message relays over standard SMTP to the inbox you already use. ARC-sealed, DKIM-signed, spam-checked.

  3. 3

    Get named the moment it leaks

    Anything from a sender you didn't expect trips the alarm. One click kills the alias for good.

What you get

Leak alerts that name names
Not a spam filter. Every alias remembers who it was issued to; when someone else shows up, you get proof built to screenshot and post.
Expected senders
Legit mail passes in silence. Strangers trip the alarm. No noise until it matters.
Instant revocation
Revoked aliases go dark. Whoever sold your address just sees a dead inbox.
Your own domain
Point your MX at us and run aliases on your name. Repoint it and walk away with everything. No lock-in.
Private by architecture
We keep the sender, the subject, the time. Never the body, never attachments. Nothing to sell, nothing to breach.
No OAuth, ever
We host the mail for our own domain, so there is no "whosold.me wants access to your Google Account." Zero Gmail API, zero inbox scopes.
whosold.me · Leak alert
adtech-partners.io mailed an address you never gave them
Aliasnetflix.k3x9@whosold.me
You gave it tonetflix.com
Mail actually came fromadtech-partners.io

This may mean netflix.com shared your address, uses a third-party sender, or was breached.

Mark expectedRevoke aliasReport leak
Detected just now · body never stored

The alert, exactly as it lands in your inbox.

$0 during the beta. About $5 after.
Beta users keep Pro free for a year.

The price is printed on day one so "if it's free, you're the product" never applies. Nothing you rely on gets taken away.

FreePro ~$5/mo or $48/yr
Aliases25Unlimited
Domainshared whosold.meyour own (BYOD)
Leak alerts + expected sendersincludedincluded
Activity logs90 days1 year

Straight answers

If it's free, am I the product?

No. The price is printed above from day one, and we never keep your email bodies, so there is nothing to sell. The invite waitlist, not a paywall, keeps abuse out while we are small.

Do you read my email?

We can't build a profile from what we don't keep. Mail lives in memory only long enough to forward. Sender, subject, time. Never the body.

What if I want to leave?

Use your own domain. Your aliases live on your name, so you repoint the MX and walk away with everything. That is the whole point.

Doesn't Google's Shielded Email do this?

It hides your address. It doesn't tell you who leaked it, doesn't do expected-sender detection, and doesn't run on your own domain.

Stop guessing who sold your address.

Invite-only beta. Free. No credit card.