yes, but service is too guessable, so append a randomly generated nonce as well, eg [email protected]. It doesn't need to be cryptographically random, just non trivially guessable to prove the service is leaking email addresses.