> It keeps phishing attacks from being able to cross services (since if you get a citibank email to your coinbase email that would be a big flag) and it reduces the attack surface on other sites.
Or, more importantly, it lets you authenticate the sender in some way. Citibank has to send you email to you.citibankiscool1253stuffonlyIknow@example.net and it is unlikely for a spammer to guess that exact wording (without also trying hundreds of others, which would give it away by filling your inbox).
Or, more importantly, it lets you authenticate the sender in some way. Citibank has to send you email to you.citibankiscool1253stuffonlyIknow@example.net and it is unlikely for a spammer to guess that exact wording (without also trying hundreds of others, which would give it away by filling your inbox).