If you are concerned about privacy concerns with respect to having multiple addresses all under the same domain. My thought is that most scripts for handling any automation of email address exploitation likely treat each address separately until they can link two or more identities together. If you wrote some general logic to handle parsing millions of email addresses how would it know that jimbob@mydomain.com is also apple_account@mydomain.com. Sure a human could look and probably make the relation that yes those could be the same person if mydomain.com was something like myname.com but what would that rule or logic look like? How do we discern mydomain.com from myname.com from somerandomname.org in any automated fashion so that we can then say with some degree of certainty that all the addresses under that domain are the same person. At best I would expect you to have them all just linked to that domain/organization. You could do further logic to attempt to link domains to people but thats still going to be complicated. When it comes to security its all about gauging the threat and taking sufficient action to negate that threat.