Why do you need to mask your email address?
We sign up all the time with our real email addresses. But our email addresses are precious and can be linked back to us. You want to go about your usual life, but some pesky service just wants you to sign up to their newsletter for that one 5-page pdf that you absolutely need to read. Tough day! If you register there with your real email address, you may become their next victim of phishing attacks or become a potential candidate for nigerian prince/lottery scams!
Also, if an attacker finds out your real email address somehow, you can be spammed with unwanted emails. Worst case, you get listed on Have I Been Pwned
with your real email address and potentially your password (or a hash of it)! It will stay there forever!
First off, if you are listed on Have I Been Pwned, the ideal advice would be to change your passwords. And for new services that you register, read on...
One way I can see people solve this is to use a disposable email service. But some of the websites have since then became aware that these are a thing and runs a check when you fill-up their sign up form. Although it's impossible to block all the disposable email services in the world. When I'm using it, it feels like as if it's "illegal" or "wrong". So we need something else...
Another good way to hide your real email address is to use Email cloaking services
that act like a simple proxy between your real email and the service you just registered for. On them, you create a virtual email address called an "alias" and all the emails sent to that alias email goes to your real email inbox. The benefit? You can disable an alias when you get bombarded with messages and thus ending the attack.
A side effect is that your real email address is not there on their database, so they can never email you back as much as they try. Plus, if someone uses a random fake name or an abbreviated version of their name or their pet's name*, they can be relieved from being listed in Have I Been Pwned with their real name. Good thing, right?
Most of these services have the feature to create multiple alias email addresses. So if you create aliases for each service that you register for and use a password manager
to remember it, it can solve a lot of problems for you.
If you want a good overview of what a cloaking service does or how does it work, check this video:SimpleLogin Review - How Have I Survived Without It!? https://odysee.com/@techlore:3/simplelogin-review-how-have-i-survived:3
It's on SimpleLogin (which we'll look into in a bit) but gives an idea about these services.
2 email cloaking services at the moment and thankfully they're both FOSS. You can even self host them if you like.
When I tried it, it just worked. I created an alias, and when I mailed to it, it just forwarded the email to my inbox with the email text and subject. This service is simple and straightforward.
Alias options are:
- (Random chars or UUID)@anonaddy.me
- (Random chars or UUID or custom)@username.anonaddy.com
- (Random chars or UUID or custom)@username.anonaddy.me
Some options were "subscribe to unlock", such as "Random Words". Above are without subscribing.
This service is very user friendly. I like the interface. But when I created an alias and mailed to it, it gave me the email as a .eml download. Furthermore, the .eml file was linked from an amazonaws.com url, which may not be to your liking depending on how much you read up on privacy. Downloading the .eml file and opening it seems like a lot of work. But that can be good for healthy security practices. Your choice.
Don't forget the watch the video linked above. It should give you a better idea.
Alias options are:
- (Your alias).(random word)@aleeas.com
- (Your alias).(random word)@slmail.me
- (Your alias).(random word)@simplelogin.co
- (Your alias).(random word)@simplelogin.fr
- (Your alias).(random word)@8alias.com
- (Your alias).(random word)@8shield.net
The alias you choose can contain: "Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported. Cannot be more than 40 letters."
* This is to safeguard your online presence, not to guide you to misuse any services. Do not use this to harm any service provider or anyone. This is not legal advice either, so I am not responsible for how you use this.