How a job-seeker tracked 47 applications and caught a recruiter selling addresses
Job search is the canonical use case for compromised email reputation
Hana's last job search before her layoff had been in 2017. The first thing she noticed when she restarted in 2025 was how much faster the noise built up. By the end of her first week of applications, her LinkedIn inbox was full of cold outreach from companies she'd never engaged with, her Gmail was getting bootcamp ads and "recruiter-tool" pitches, and the volume was going to be unmanageable across a 4-month search.
She wanted three things she didn't have a clean way to get: an audit trail showing which applications had gone where; a way to tell which recruiter or job board was responsible when spam started arriving; and a way to terminate communication with any company she didn't want to hear from anymore (rejected, ghosted, or just no-longer-interested) without manually unsubscribing from each downstream marketing list. We've covered this exact pattern before in our email alias for job search guide — it's the highest-leverage privacy tool a candidate has.
Per-employer aliases on a custom domain solved all three. She used them as the structured backbone of the whole search.
The setup: alias per application, tagged with company name
- Bought a personal-brand domain she'd been wanting anyway (
hanaw.dev). Pointed MX at EmailAlias.io Premium. - For every application, generated an alias following the pattern
<company-slug>-2025@hanaw.dev. Used the alias as the contact email on the application form, resume PDF, and follow-up email signature for that specific employer. - Built a simple spreadsheet alongside the alias list: company, role, date applied, status, alias. The alias is the join key.
- Configured exposure-detection alerts so any alias receiving spam pings her email. If an employer's alias starts getting cold outreach from third parties, that's a signal the employer (or their applicant-tracking system, or their external recruiter) sold the contact list.
What changed — and the recruiter who got caught
Three weeks into the search, one of Hana's aliases — the one she'd used for an application via an external recruiter handling a Series C startup's hiring — started receiving cold outreach from a marketing-tools vendor and two unrelated recruiters. The recruiter (or their ATS provider) had sold the candidate list.
Hana muted that alias within minutes, emailed the company directly with what happened (using a fresh alias for that company), and the company quietly switched recruiters within two weeks. Her primary identity stayed clean.
Of the 47 applications she submitted over four months, 3 aliases started receiving spam, indicating either ATS-side leaks or recruiter-side leaks. All three got muted on first detection. The remaining 44 stayed quiet — and she ended up with an offer from one of those quiet ones, which she accepted. Six months after starting the new role, her primary inbox still has no recruiter spam in it.
What this would have cost without aliases
The visible cost is the inbox noise itself, which for an active job-seeker easily compounds into 30–50 cold-outreach messages per day by month two. That's enough volume to bury legitimate recruiter responses, miss interview invitations, or just exhaust the candidate emotionally during what's already a stressful period. Aliases reduce that to zero.
The invisible cost is decision-making. Without per-application attribution, every spam message creates a small "who leaked me?" anxiety — a productivity drain on top of the search itself. With aliases, that question has a deterministic answer in the dashboard, and the answer drives a clean response (mute alias, contact company, move on). Several hours of weekly mental overhead disappear.
What she tried first
Hana's initial approach was a dedicated job-search Gmail account separate from her personal one. That worked for the first dozen applications, then she realized the same Gmail was now in 12 ATSes, 5 recruiter databases, and 3 job-board accounts — and every leak from any of those would put it back in spam circulation. The dedicated-Gmail pattern just relocates the problem; it doesn't solve it. This is exactly the email alias vs multiple accounts tradeoff most candidates only realize after they've tried both.
She considered Gmail's +tag addressing — hana+google@gmail.com, hana+stripe@gmail.com, etc. The fatal issue: many ATSes (especially the older enterprise ones) silently strip the +tag before storing the email, so the alias becomes invisible to her own filter rules. EmailAlias.io's per-employer aliases on her own domain are unstrippable and unambiguous.
The day-2 operational reality
Her workflow during the search was tight: apply to a role, generate the alias (10 seconds), paste it into the application, log the alias in her spreadsheet (5 seconds). Total overhead per application: under a minute. Across 47 applications, that's about 45 minutes of alias setup across the entire search — vastly outweighed by the time saved on spam triage and the value of catching the recruiter leak early.
Post-search, the operational rhythm changed but the system stayed useful. Aliases for employers she didn't end up taking offers from get disabled six months after rejection. Aliases for the employer she now works for stay live (some payroll and benefits providers still email her at it). The aliases that started receiving spam are now permanently dead — their job was to act as canaries, and they did.
Lessons for setting this up yourself
- Use your personal-brand domain. Aliases on
hanaw.devfeel personal and professional in a wayhana@somealiasservice.comdoesn't. - Generate the alias when you apply, not when you get a response. The alias is what's on your application — make it the contact email from the start.
- Keep a spreadsheet (or Notion, or Airtable) of application → alias mapping. The alias dashboard alone isn't enough; you need the application context attached.
- Treat any spam to an application-specific alias as a confirmed signal the employer's pipeline leaked. Notify the employer; mute the alias.
- Don't reuse aliases across applications. Two roles at the same company → two aliases (one per role) for unambiguous attribution.
“Every application gets its own alias. If the company isn't a fit, I disable the alias and never hear from anyone downstream of that application again. It's the closest thing to a clean exit a job search has ever offered me.
Frequently asked questions
Will employers think it's weird that my application email is on a custom domain?
Aliases on a personal-brand custom domain (yourname.dev, yourname.com) read as professional. Hana had zero employers question her custom-domain email; several actively complimented the personal-domain setup as a positive signal of technical seriousness.
What if I get an offer and want to use a different email for the actual employment relationship?
Just generate a new alias once you accept the offer — <company>-work@<domain> — and use it for the formal employment contact. Disable the application-specific alias 30 days after the offer is accepted. The flow is identical to what you did during the application.
Can I detect which job boards are selling my email?
Yes — that's actually one of the highest-value use cases of an email alias for job search. Apply through a specific job board using an alias that includes that board's name (company-via-linkedin@yourdomain) and watch which alias starts attracting unrelated recruiter spam. The pattern that emerges within a few months will tell you which job boards are leakier than others.
Run a structured job search on per-employer aliases
EmailAlias.io's free tier covers 10 aliases — enough for a first round. Premium adds custom domains for serious search.