The New Oil

The New Oil logo
Data Breach Defense: Email Aliasing

Data Breach Defense: Email Aliasing

What is Email Aliasing?

Email aliasing services allow you to create unique, random email address for each situation where you would need a functional email address - signing up for a website, subscribing to a newsletter, etc - and have them forward to your true inbox.

Why do I Need Email Aliasing?

Consider the following: a random online account of yours gets caught up in a data breach. When you registered for this account, you registered with your main email, yourname@gmail.com. There are now a variety of ways that I can search for this email address to see where else you have accounts, such as Twitter, Facebook, even bank accounts. Furthermore, I can see from your email address that you use Gmail and I already have one half of your login. Now I just need to guess your password. If I take over your primary email, I can easily take over all your other accounts by abusing the password reset option. Of course, even without taking over the primary account, it’s pretty common for people to reuse the same username (which in many cases is your email address) across several accounts, so now I already have half of your login on many websites (this is known as credential stuffing.) Another peripheral benefit is the ability to control spam. If one of your email addresses gets sold or breached (or the service you gave it to just sucks) and you start getting spam, you can simply disable it and no longer receive that spam. Finally, if you ever switch email providers, these services offer a simple way to change the recipient email inbox without having to log in to dozens (or hundreds) of services and change the email address.

Below I have listed two services that offer email aliasing. Both services offer a free tier that should work just fine for most users, but offer additional useful features for paid users. I have signed up for both and found them both to be functionally the same. The only real difference between the two services is their user interface and their pricing, both of which are affordable and reasonable. I encourage you to try both out and go with whichever one you find most appealing.

There is one small difference: SimpleLogin recently joined Proton, likely in some sort of “subsidiary” capacity. They continue to operate independently, but they will have access to Proton’s infrastructure, resources, and will be integrated into ProtonMail’s service in time. If you like and use Proton, this may be the best solution for you. If you dislike or distrust Proton (or simply don’t want all your eggs in one basket), you may prefer AnonAddy. If you don’t care either way, then this shouldn’t affect your decision-making.

Aliases

Bandwidth

Reply/Send

Mailboxes

Custom domains

PGP Encryption

Free

Unlimited

10MB

0

1

0

Yes

Lite

Unlimited

100MB

20/day

5

1

Yes

Pro

Unlimited

Unlimited

100/day

30

20

Yes

Free

10

Unlimited

Unlimited

1

0

No

Premium ($30/yr)

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Yes

Getting Started + Tips & Tricks

Like the other tools I have suggested on this site, I encourage you to make the changes one by one. Every time you use a website, take a moment to change your email address to an alias email address. I then encourage you to use your alias email addresses going forward.

The biggest tip I have for using these services is to not use them for critically important accounts such as banking, medical, or other accounts you cannot afford to lose access to (unless you are using the custom domian feature). Email aliasing services are constantly getting blocklisted by companies, or they may go out of business. Have a separate encrypted email account directly with an established provider for use with important services (or, again, preferrably use a custom domain).

With both AnonAddy and SimpleLogin, you can use a custom domain and a “wildcard” (or “create on the fly”) addresses. This can be a great tool for protecting your inbox and compartmentalizing, while still maintaining control of those email addresses. For example, you can add “mydomain.com” to your forwarding (email alias) provider’s account and then create “example1@mydomain.com” and “example2@mydomain.com,” etc. So if you’re ever unable to use your alias email provider’s service for any reason, you can just simply redirect that domain to a different provider. Some commonly-recommended domain registrars in the privacy community include 1984hosting, NameCheap, and OrangeWebsite.