An Ode to Apple’s Hide My Email
empty.coffeeI have a unique email address for every single service that I sign up for, similar to this, though selfhosted. I've been doing this for years and it works wonderfully. If someone misuses my email address, or gets annoying, I can simply turn off the address. Bam!
It's the easiest Postfix config in the universe, essentially just:
virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
phil.equifax@domain1.com firstname.lastname@gmail.com
phil.experian@domain1.com firstname.lastname@gmail.com
... (hundreds of these)
Gmail seems to be fine with this, emails do not usually end up in spam. Every full moon maybe, but usually it's alright.
It's not as shiny as Apple's thing, but it's 100% selfhosted and I own the domain.
I do a simplified version of this. I just use a catchall account with Fastmail and then pick email addresses in the domain randomly. If someone abuses the address, I block it. I specifically do not use addresses that make it obvious what my strategy is. I end up just using a name and number that would look right at home on gmail.
I'm also not trying to stop tracking, so much as I'm trying to have my own semi-permanent equivalent to mailinator that nobody will recognize as such, that I can use to cut back on the amount of spam I get.
I've been happily using fastmail for years and I think I'm going to be forced to stop. My outbound emails are constantly getting caught in spam and it recently cost me a job offer.
if you're having this issue I would reach out to Fastmail support. A real human will dig through the smtp logs and find out what the issue is. Based on my experience... Fastmail is very on top of spam, blacklists and other deliverability issues.
Oh hey, I'm not alone!
In my case, it costed me two offers. One from Google and one from GitHub. Come to think of it, yeah I will begin migrating everything away from FastMail and stop using it completely.
One event that pissed me off with them: Instead of forwarding an email to SPAM, they simply throw it away instead. Turns out the email was not SPAM (2FA) and I had to go through weeks of support to find out what happened (thank god that you get a human for support but still).
Also I think they are still based in Australia? Would be happy to hear about alternatives.
I really really want to like Fastmail too, but it’s also cost me a job interview when the RSVP didn’t go through.
Are your domains set up correctly? That sounds suspiciously like something isn't set up correctly and their client's thought it was spam.
I use an @fastmail domain. The issue was how they handle RSVPs when your default calendar is an external one. RSVPing from within Fastmail attempted to Accept as my old Gmail address, who wasn't invited to the interview. On the interviewers end it looked like I didn't respond.
In some contexts, fastmail is viewed as a "throwaway" email provider. I ran into this when I was trying to provision a couple of VMs at a hosting provider. My fastmail email address was rejected. After contacting their support, they said they did not accept "throwaway" email addresses. I had to use a gmail acccount. The irony did not seem apparent to them.
My only scare with not using gmail and outlook calendars. However I moved to Zoho for mails and nextcloud self hosted for calendars. For mail delivery I make sure to verify again n again my SPF DKIM is valid or not but it’s a scare still :(
Isn’t it so bad that it’s overly hard to move away :(
With your own domain? Make sure you’ve got an the SPF, DKIM set up correctly, and register your domain with gmail’s postmaster tools. I moved my domain recently, and had completely forgotten about all that stuff I’d set up years ago. Started losing mails, redid the setup
Any references about spf, dkim, Gmail postmaster ?
I wonder if you can provide more context. I've only had issues when I tried to use external domains, e.g. gmail, as my reply-to when sending in fastmail.
I've been thinking of a new way to use my email...
- Only use one email address: hi@example.com
- Always add a filter: hi+hn@example.com
- Send all emails without a filter to SPAM
Since it's not a common strategy, it is much more likely that spammers remove the +hn before sending an email than add one.
I have tried this approach. Unfortunately, some services will not accept plus sign in the username no matter what RFC says. On top of that, some services seem to not like seeing the service name in the username. I.e. foo.tld will refuse sending email to mailbox+foo@mydomain.tld.
Shopify also flags orders (even if they are fully paid) when the customer's email contains the shop's name. I'm sure their logic is that it helps cut down on fraud.
I prefer the system of using a basic abbreviation in the email address to avoid these types of filters but still make the email easily traceable later. Say your name is joe smith and you're buying from Sports Online. Something like Joe_spo_smith@yourdomain.com works well for later confirming whom you gave the address to.
I like this approach because one doesn't have to track all of the catch-all emails made on the fly, since finding out who you originally gave that email to is just a matter of searching your past email and noticing that "spo" looks more like those old Sports Online emails and not the new spam from discounted wholesale fancy rugs.
Apart from seeing who a company has on-sold your information to (or more rarely had a staff member steal their database), it's also an easy way to see who has been hacked.
One other reason not to use something like SportsOnline@yourdomain.com is that some websites exist merely as credential honeypots and those types are usually aware of this approach and will then typically exploit the catch-all for spamming. The shady All on MP3 service was known for doing this. (I'm pretty sure that site existed solely to exploit the fact that most people used the same password for everthing.)
> I.e. foo.tld will refuse sending email to mailbox+foo@mydomain.tld.
While I never had that issue, I had Foo’s legal service contact me about using their trademarked name in my email (a short explanation cleared it up)
It is better to use this scheme with an underscore or hyphen as they won't be rejected by incompetents like plus is.
name_nospam@blah
I actually use tag@example.org.
Some mail providers support receiving mail on arbitrary hostnames, so you can set up a wildcard MX record and then use mailbox@foo.example.com instead. This avoids email validation issues with plus addresses, spammers don’t try removing any parts of the hostname, and I think in the many years I have been using it I’ve only run into a problem with including the service name once or possibly twice.
AFAIK the only provider that supports that is Fastmail and it kinda defeats the purpose of using your own domain because if you are forced to migrate you are toast.
Which mail providers support this? I'd like to set up something like this. Thanks!
StartMail supports a form of this called as "aliases" with the StartMail domain.
(Disclosure: I work at StartMail.)
I do this with ProtonMail. I have it set on a subdomain, though: my regular email is email@example.com, while my account email is hackernews@email.example.com. This avoids the spam sent to asdf@everydomain.
Fastmail, can't recall if assuming you want to achieve something like name+tag@domain it would be name@tag.domain or tag@name.domain (IIRC the latter)
You can do this with Fastmail by going to Settings => Domains => Edit => Routing.
Thanks a lot! I'll give it a try.
Some MTAs (Postfix at least) allows other characters. I use an underscore, which seems universally accepted. For the second problem, there's usually some alternative mangling that would still be unique-enough, or just flee because they seem too aggressive on the data harvesting.
would not recommend
not only can you not sign up to many services, customer support can often get confused when you need to email reply to them and you cannot email from your aliased email. they see you as a separate user not in their system, or the wrong person replied to the support ticket, etc.
On Fastmail, at least, this isn't a big issue. For a catchall account, if I reply to an email[0] it automatically addresses the reply as from the alias. It is editable in place, too, in case I want to give it some other name.
[0] In their webmail client, of course
But why would you not be able to reply with the aliased email? I do this regularly. Of course your mail client needs to support this, but using Mutt this is absolutely no problem (just change the FROM header) and I have heard from other users who use Thunderbird that they can also create new identities (just not as easy on the fly). In fact I wrote a small script for Mutt that would automatically set the correct sender if I reply to an email that contained a wildcard. Works pretty well.
Can you not reply from a user+foo@example.com alias? I use the catchall approach (so just foo@example.com when signing up for foo), but if I need to email customer support I'll just send the email from foo@example.com. I've never tried that with a + in the account though to see if my client supports it.
Gmail also ignores the dot. If you choose a 17-character mailbox name, you can use any one of 2^16 different patterns of placing dots between them.
Capitalisation could also be used for such a purpose, but may be more likeely to accidentally get stripped.
Dots are useful to create new accounts on the same site, but you can’t use it to just tell websites apart (because there’s no label)
I used to do it this way too, but got overwhelmed by dictionary attacks.
Fastmail seems to be based in Australia unfortunately, so it is not secure
There is nothing secure about email. It's less secure than Telnet.
You can email anyone on the internet as anyone and it will be delivered with NO validation. Clients may/may not validate any DKIM signature and the may/may not validate that it actually came from the domain. It's literally the easiest thing on earth to spoof.
Email is sent over cleartext, it is not encrypted. Anyone can read email if they can inspect packets.
>Email is sent over cleartext, it is not encrypted. Anyone can read email if they can inspect packets.
That's obviously false if you bothered to do a bit of searching: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#...
>You can email anyone on the internet as anyone and it will be delivered with NO validation. Clients may/may not validate any DKIM signature and the may/may not validate that it actually came from the domain. It's literally the easiest thing on earth to spoof.
That might be true for some systems, but for most services out there, having missing/invalid anti-spoofing measures will result in your mail ending up in spam or not delivered at all.
> but for most services out there, having missing/invalid anti-spoofing measures will result in your mail ending up in spam or not delivered at all.
You would think so.. but its remarkable how easy it still is to forge email.
My mum was recently the target of such a campaign. She's in the executive team at an international NGO. An attacker found her email address and a bunch of her contacts via the NGO's webpage. Then they forged emails from her email address, with a gmail address set up in the reply-to field. The emails all said it was an emergency, and asked for her colleages to transfer money.
As far as we can tell, most of the emails were delivered and lots of people were fooled - at least for awhile.
Her email address has DKIM and SPF set up, but (like most email providers) it has a lax DMARC policy. It turns out thats all it takes to be vulnerable to this sort of attack.
The NGO could also force people to sign their emails. Refuse it from the SMTP if it’s not.
Are you being serious right now? You understand that that'll never happen in our current technology landscape, right?
Outside of a few niche hardcore technologists, nobody knows what PGP is or how to use it. It would be hard enough getting my mum set up to PGP sign her own emails in Outlook, on the desktop and from her phone. (Is that even possible?). Let alone require anyone emailing her PGP sign their email too? Thats never going to happen for so many reasons, both technical and social.
I'm a software engineer and I tried setting up PGP years ago in thunderbird and it only worked for a few weeks, then it somehow broke. And then later I lost my PGP key. Oh, and then I started using webmail and PGP didn't work there at all.
And then later still I realised my public PGP key (signed by my web of trust) leaked details on the identity of my social network; which bothers me a lot more than any problems I've personally ever had with a forged identity.
PGP is dead. Let it go.
This is just incorrect. Amazon for instance does this.
> That's obviously false if you bothered to do a bit of searching
Technically correct, best kind of correct.
Sure, it is not plaintext, but anyone with the access to the wire could MITM the connections. Maaaaybe something changed in the last ten years, but I never seen someone not accepting a connection with a self-issued certificate and any warnings (to the end user) if the receiver uses self-issued cert. Which makes the whole point quite moot.
>but anyone with the access to the wire could MITM the connections. Maaaaybe something changed in the last ten years
The section on MTA-STS describes how that attack is mitigated.
> mitigated
For this attack to be mitigated everyone should implement it. Gmail and Live.com has MTA-STS records, Fastmail doesn't, one regional provider with millions of accounts doesn't have it too.
And finally your MTA should support it and be configured to deny the delivery if MTA-STS validation fails (and adversary, who is happily MITMing your traffic, shouldn't fiddle with DNS and HTTPS and of course blocking HTTP/S from the MX would be considered cheating!).
All in all, SMTP traffic is encrypted, but it is not secured.
Email is not secure full stop. Don't do any kind of sensitive conversation over it regardless of where it is hosted.
Email using most large providers is transmitted using TLS
TLS is unaffected by any government laws. What I assume OP is referencing is a law that makes end to end encryption problematic in Australia but Fastmail has never offered end to end encryption. Neither do most email providers so it doesn't matter.
If you get a PGP browser extension they all do. It’s pretty inconvenient to use though, sending encrypted attachments and giving the password offline is probably the only thing most people are up to.
The location of the fastmail office has zero impacts on this. If the complaint was that the PGP extension was developed in Australia then that would be a valid complaint. But email hosts themselves are not private against government requests.
I’m not the one complaining and I’m not sure what their complaint means either.
Nice! I do something similar, but using an automatic aliasing scheme so that I don't have to manually configure an email address for each service and other users can use this without me knowing their aliases. In my setup, aliases can contain wildcards, represented as percent signs. If an alias phil.%@domain1.com is set up, all your examples will be sent to the respective aliased address. I use Postfix Admin with a MySQL database. Hence the Postfix setup looks like this:
The first file is just regular aliases, and is basically a simpler version of the second file (no SQL selections/filters) and could also be merged into a single query with the second file:virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_maps_wildcard.cf, hash:/etc/postfix/virtual
This works, because the percent sign in the alias is picked up by the LIKE keyword. A setup like this allows me to configure many aliases through Postfix Admin's web admin page, including optional wildcard aliases (depending on which users wants that). It has been working very well for me over the past 15+ years. Also, I haven't looked at that SQL query since then and would likely write it in a nicer way today.user = mail password = <password> hosts = 127.0.0.1 dbname = maildb_postfix query = SELECT a1.goto FROM alias a1 LEFT JOIN alias a2 on (a2.address = '%s') WHERE '%s' LIKE a1.address AND a1.active = '1' AND a2.address IS NULLNote: with the above code SQL injection could be possible through an alias name, but given that in this setup I am the only one managing the mail accounts, I was willing to take this risk. :-) Postfix Admin might do some cleaning/validation, but I haven't checked on it.
Why not just use phil+craigslist@gmail.com or phil+kmart@gmail.com? same effect and lands in the same phil@gmail.com address
Because it's not as effective if the goal is to catch spam. Spammers are already wise to the meaning of + and will strip it automatically when selling data in bulk. Plus, some services block creating accounts with the + or with their name in the address.
Block any email to the address missing the +
Then you end up with spammers simply putting gibberish after the plus sign.
How do you mean? This is exactly what I can do with my setup. If you are referring to the use of Gmail: I prefer to run my own infrastructure as long as this is possible.
> It's not as shiny as Apple's thing, but it's 100% selfhosted and I own the domain.
Apple's system is "shiny" because it provides near total anonymity, whereas your setup has all the deliverabilty issues of a self-hosted domain and rather uniquely identifies you...at the domain level?
I'm not sure why you are maintaining a hundreds-of-lines virtual table and a web UI, instead of just using a regex or two to capture phil.*@domain2.com or something along those lines (maybe you want to do one including a year or something to cut down on spam), or blacklisting as needed by having postfix reject during the SMTP session so the email is marked as invalid and is removed from the spammer's database.
Or, I dunno, just use VERP? I don't think I've yet run across anyone smart enough to drop VERP from email addresses.
Apple's system will only work until they decide to shut you out or shut down this service for whatever reason. Anonymity is not really a concern for most uses, privacy, longetivity and reliability of reception is though.
I still want to use random unique addresses even for important and trusted services, not just for throwaway uses. So third party domain is not an option.
I use self-hosted unique addresses mostly for registering to services, so forwarding those messages in both directions through Apple's service would expose all those services to a silent takeover via password reset by Apple's employees in control of this service. So this service is exactly as useful as those random throwaway email inboxes available on the web. More polished maybe.
I imagine Apple would come down on them pretty hard in the App Store if they did that so for most applications it's enough of a deterrent that most places would not do it. I also think that because Apple can mostly control which addresses and how many of them there are it can control the spam issues enough to avoid that problem. If not... then yea that's gonna happen in a few years. Would be short sighted for Apple to not do it though.
I'm maintaining hundreds of lines because I started with one. And i was too lazy to change it. Your approach it probably better ;-)
I'm doing the exact same thing. Built a small web app that lets me manage all my email aliases for the domain. Unfortunately there are a couple of websites that do only allow a select list of whitelisted domains meaning I cannot use my own, but for the other 99% it works wonders. I wish I had had this idea ten years ago, it would have saved me so many headaches.
Who whitelists email domains? Do they explain why?
I think Aliexpress does it, at least I wasn’t able to use my domain and had to use my old gmail account.
All I got was "not a valid email" or something like that.
The most recent incident I remember was with a debrid service. I opened a ticket with their support and was told that the point of the policy was to combat abuse of their service. Not entirely sure why a paid service that accepts cryptocurrencies would care about email addresses.
I think yandex does. Or at least they didn't allow one person send emails to me. "invalid address".
Is your app available?
Not as of right now, but I could put it on GitHub. It's essentially just a front end for the Gandi.net email management API. Manually editing the alias list gets cumbersome really quickly.
Also interested. Please put it on GH.
I use 33mail.com (33m.co) which does the same thing (it has a link on the email to disable the address). You can use a subdomain or custom domain. It has a generous free tier, and ridiculously cheap paid tier. (Paid is required if you want to be able to reply to inbound emails though.)
The problem with self hosted email is that your domain becomes a unique (or near-unique with a few domains) tracking reference.
Only if the entity on the other end understands this though, right? Which they probably don’t.
Otherwise everyone @example.com is the same person.
It's worth a lot of money for the ad-tech (consumer tracking) industry to understand.
If a domain only occurs once in a user database, it's likely to be a personal domain. A data broker that sees the same domain in a few different datasets (once in each) can be quite confident that the domain is an individual's.
They cannot know if it’s a small domain like a business, or a personal catchall. It works fine.
I used to do this too, but it's a considerable amount of effort, and doesn't really prevent much: many domain hoarders/resellers know the trick, so they'll try to match other data they get from you, and sometimes build a fuller "profile" on you than they would if you only had gmail/other generic domain (eg if they have your name, which often leaks along email, they'll try your first name, first name + last name, initial + last name, first name + last initial, etc).
I'm doing it the other way around, which is slightly less work because you don't have to create new email addresses explicitly: Catch-all by default, with a recipient blocklist as part of smtpd_relay_restrictions that I update whenever some service gets breached.
For those who do not wish to interact with their webserver config (or can't) there is AnonAddy, which can be self-hosted (https://github.com/anonaddy/anonaddy) or paid for (https://anonaddy.com/). It's really convenient, with the added benefit (for the paid version) of having a domain, that is used by many people, which makes it easier to hide behind an email address.
I've just started doing this and it's so nice. "Gee who signed me up for a newsletter... why, it's that hotel chain I stayed at 3 months ago! Naughty, naughty." Makes the management much nicer, and I can maintain my fun username for silly projects and a slightly more professional one for business inquiries and such. Highly recommended! Domains are cheap and Fastmail makes the process absolutely painless.
If you use gmail you can attach + to your mail address. https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-mo... This ignores the rest, you can program, cancel, block your emails based on that pattern. Works well enough.
I wrote a simple script[0] which generates a new address for each site I register. Then a simple script to look up what the generated address was later. It is written for OpenBSD, but should be easy to adapt.
I've set up a catch-all SMTP server for my domain and now I make up unique addresses on the fly. It simply forwards everything to gmail. Was too lazy to set up sending.
Thanks to this setup, I've already encountered one instance of a company either leaking or selling their customer information.
I did this too for many years. I recently reversed the filter logic from whitelist to blacklist since spam filters nowadays seem efficient enough that passing through `name*@domain.tld` by default and only blocking those few addresses that leak and start sending spam is less work.
I do the same thing, but instead of rolling my own UI, I use ViMbAdmin [1] (listening on my VPN). It's a great tool for managing aliases.
I did this with my own domain. Then sold the domain, and it was an absolute nightmare to go change my email registration everywhere because asking the buyer to forward a bajillion emails to me was overbearing. Never again!
And, if the email service is also self-hosted, it prevents Apple from collecting more data about your interests and purchases through your email, which it uses to profile you (to determine how to extract more money from you).
Is Phil a pseudonym first name as well? That’s a smart new technique if so.
Hehe, it seems I'm not that smart. It's my actualy name :-D
Same. Although gmail is not fine with this. If I want to talk to a gmailian, they must send me an email first. Sometimes my reply gets spammed too.
Bonus: a ghetto alias generator:
dd if=/dev/urandom bs=1 count=10 | base64
I tried to do this but my dentist’s receptionist got confused and cancelled an appointment because “I used their email address”.
Square also makes this incredibly difficult because if you enter a merchant specific email they permanently tie it to your card. So now any time I ask for an email receipt I get an email to my hairdrstylist’s “unique” email.
> I tried to do this but my dentist’s receptionist got confused and cancelled an appointment because “I used their email address”.
Never had it go that far but I definitely had some odd reactions e.g. a support agent thinking I was a colleague.
On the other hand, if you have a relatively common name it avoids people giving your email address then behaving aggressively when you tell them to stop. I’ve had a few friends hit this issue.
> On the other hand, if you have a relatively common name it avoids people giving your email address then behaving aggressively when you tell them to stop. I’ve had a few friends hit this issue.
I’m sorry, I can’t parse this. Can you try again?
I used <dentistbusinessname>@<mydomain>. My name was never involved in the address.
> I used <dentistbusinessname>@<mydomain>. My name was never involved in the address.
That's the point, if you don't use your name in your address, you can't be <genericname>@<genericdomain>, which third parties will provide as their email,
Because I use the same scheme you do I've never had that issue, but several friends with common names have hit the issue having registered to more "normal" hosts, often as somewhat early adopters and thus having gotten their pick.
I have a very uncommon name (though not unique) and I've had people mistakenly signing up for services with my firstname.lastname@gmail.com (which I don't usually sign up to services with).
The annoying thing is the number of services these days that don't seem to require you to verify your email. Examples of the above included eBay and Spotify. On both occasions I had to contact support to ask them to delete the account.
> That's the point, if you don't use your name in your address, you can't be <genericname>@<genericdomain>, which third parties will provide as their email,
I’m still not following. Who is this third party and what does it have to do with a confused receptionist?
Aside from being self-hosted how does this differ from +suffix Gmail addresses?
Also, not as granular, but instead of the + suffix, add a dot in a weird place. So
n.ame@gmail.com or nam.e@gmail.com . Many SMTP servers respect periods as differentiating emails, so services can't delete them. It doesn't help you stop spam, but you can add a gmail filter that n.ame@gmail.com is put in a separate label. And it's very fast to type, easy for non tech-y people
It’s trivial to figure out main gmail address?
It’s almost as trivial with this format too, at least to guess what address is used for other services, though it has a strong advantage over using ‘+’ in GMail in that nothing will try this automatically. It’s hard to believe anyone would intentionally try to guess a different service’s email to spam to it, but even so in my setup I prefer to eliminate this possibility completely by adding a random number to the service name: experian12322@example.com, and so on, with no catchall for invalid addresses.
So far the most spam I’ve gotten has been to the address I used for Amazon (probably leaked by a third‐party seller there).
> It’s almost as trivial with this format too
I mean you can pick any format you want before the "@", but yeah my format is trivial. Nobody has tried to do it automatically yet though, as far as I can tell.
I remember Starzplay didn’t accept the + in my email when I tried it (technically I signed up but couldn’t login anymore )
Plus addressing is not unique to gmail nor it was invented by google.
For example, to enable plus addressing in postfix is only a matter of defining:
recipient_delimiter = +
Honestly, probably not a whole lot.
Though I had originally made this because with the "+" approach, you can easily get the original address by simply removing everything after the "+", while with mine you cannot. On top of that, sometimes "+" does not work in services that do "strict email validation".
Some services do not accept email with a "+" in it.
Some services even accept it to create an account, but not to log in.
One never let me change my email or password when I used the +.
Postfix allows defining any character as a VERP separator.
OP also could have just used a regex in the virtual file.
I just wish it was this easy to do with physical mail as well...
I signed up for Comcast Xfinity using a brand new “hide my email” address and three months later I started receiving phishing emails at that address. (I’ve gotten over half a dozen so far). Made me realize that either Comcast was hacked (without disclosing it) or they’re selling people’s emails.
I’ve experienced the same with comcast and have contacted their support. They claim there was no data breach or they aren’t selling emails, but that obviously isn’t the case.
Well, it could also be the case that everything is working as designed, and that they gave your address to someone else who did have a data breach or is themselves sending the phishing emails.
Surely some attorneys would be interested in a class-action.
According to https://www.xfinity.com/Corporate/Customers/Policies/Subscri... you have to give up your rights to a class action and a jury trial to get Comcast service.
Additionally, they spend a ton of money lobbying and otherwise unfairly impeding competition, so in many places in the US, they are the only option, so it's give up your civil rights to lawsuits, or stay offline (or pay a wireless carrier who does the same anticompetitive scumbag shit a heinous price per gigabyte).
The state of both wireless and wireline broadband in the US is totally broken, and it's not getting fixed because it's broken by design, as part of the general attitude by large corporate interests and cooperative legislatures and regulatory bodies to treat the US population as a sort of natural resource like a flock of sheep to be fleeced rather than as legitimate customers to be serviced (or a legitimate market to be participated in on merits).
They do this by ensuring that there is no meaningful competition, and ensuring that if you do "willingly" engage in service with them, you have no meaningful legal recourse if they abuse you.
"We're the phone company. We don't have to care."
You have no real power against them because the people who control the system have decided that you should not have any real power against them.
I’m no lawyer, but I wonder if this is more of a “go away” clause and if it would survive a real courtroom. Your lawyer would undoubtedly say “don’t waste your time and money”, but I question how many of our rights we can really, actually give up in a contract.
> but I question how many of our rights we can really, actually give up in a contract.
Theoretically, probably none. Otherwise, you'd be able to hire a hitman on yourself, have slaves, or restrict a person's free speech because they're an employee.
Arbitration costs companies far more than lawsuits do. There was a guy that used to make tons of money off Arbitration clauses. Basically, the company is on the hook for hotel stays, transportation, food, etc. for the arbiter as well as anyone else that may not be local to the venue in question.
The reason companies went with this approach was to stop class action lawsuits from happening, which is where the real damage happens. One enterprising law firm started doing pooled Arbitrations (filing for hundreds or thousands at a time), which costs the company more than a class action would. Some companies have removed such clauses because of this.
Knowing how they're hijacking my bandwidth for their Xfinity hotspot service, the dark patterns to enable it, and the hiddenness of disabling it - it doesn't seem implausible.
"If you use our service, you can not sue us." Would that even hold up in court...?
I do that the old fashioned way with a catchall mail address and forward them. If they start smelling weird, I filter the address and change the mail address with the service provider.
I wouldn’t rule out both.
Isn't it entirely possible that they are guessing your email address?
Probably both!
The most popular open-source alternatives are SimpleLogin[1] and AnonAddy[2]. The former one was just acquired by ProtonMail[3].
[1] https://github.com/simple-login/app/
[2] https://github.com/anonaddy/anonaddy
[3] https://protonmail.com/blog/proton-and-simplelogin-join-forc...
Mozilla also has Firefox Relay: https://relay.firefox.com/
(Disclosure: I'm on the Relay team.)
If relay gets popular, won’t some services simply start to block relay subdomain for registration to make it ineffective? Just like 10minutesemail etc are blocked in many places.
You can flag them to the Relay team and AFAIK they'll reach out to the domain that blacklisted them with the hope to make them change their mind.
A service that doesn't accept an email proxy during registration is not going to respect my privacy, so IMO not worth of using.
For an example of that, see here: https://github.com/wesbos/burner-email-providers/pull/339
But yes, definitely a concern that is constantly on our radar.
Sites already have started blocking the mozmail.com domain name. I'm considering moving over to fastmail given that their domain is already established for email purposes. I would imagine the same is true for icloud emails
I don't know how much I can trust Mozilla with my privacy. I know it's not Mozilla's fault, but 90% of my millions of DNS requests that leave my house go to Mozilla tracking services. It's kind of scary how much information Mozilla has on people, just based on what leaves my house (and no one uses Firefox). I have no idea if Mozilla does any aggregation on that data, but it's a bit worrying IMHO.
Any thoughts on improving the situation on self-hosting? I've written about the situation for Firefox Accounts (FXA, a dependency of Relay if you don't want to use third-party hosted services) here before[0][1] and Relay looks kind of similar.
When comparing Relay with the other two, I get the impression that SimpleLogin/AnonAddy actually interact with the community and understand that self-hosting is something people want to do and provide approachable documentation and support for that, whereas Firefox Relay seems built only with a single global prod deployment in mind and is more like "well theoretically you could but you're on your own and who would do that anyway?". Even if it's public and under an open license, the intended audience is Mozilla internal, e.g. [2]
Like, if a user signs up for Relay today and in 2 years Mozilla sunsets it, the way things looks today I think it wouldn't be viable even for most seasoned self-hosters to migrate to their own deployment.
I do appreciate the work you guys are doing and I think the engineers seem to have good intentions, so don't want to be overly critical. But mentioning it as open source alongside SimpleLogin and AnonAddy comes with some major caveats IMO, and I'd wish that some more priority is put on keeping docs complete and up to date and making the stack realistically approachable for outsiders.
[0]: https://news.ycombinator.com/item?id=30727935
[1]: https://news.ycombinator.com/item?id=30315816
[2]: https://github.com/mozilla/fx-private-relay#optional-enable-...
I can only speak for myself, but my honest answer would be that indeed, self-hosting probably won't be easy to do any time soon. We're trying to get a less technical audience to benefit from privacy protections too, and I don't think there's a good approach to get them to self-host as well, so focusing our limited time on other things is probably more effective. But who knows, actual use and user research do influence our roadmap, so nothing's set in stone.
But you're absolutely right, the caveat is indeed that the reason you care about open source does matter. If you want to self-host, you're probably better off with another product. If you want to be able to see what code is running, or even be in control of the running code yourself (even if it's running on someone else's servers), then Relay might be interesting too.
>be able to see what code is running
Is there any way to verify what code is actually running on your servers?
No 100% certain way, I think, but you can see that there are deployment scripts in place and are actively being touched. Combine that with what the cost of doing that while instead using an alternative method would be, and the way Mozilla is organised, and you can be pretty confident that it is, IMHO. But here, too, it still holds that that does not give the same level of assurances as self-hosting.
I use mozmail and on the fly emails are great but so easy to exploit and spam.
For example, my custom domain is foo.mozmail.com. I enter my on the fly email address bar@foo.mozmail.com on attackers website. Voila. Now they know my custom domain name "foo" and can use it to send email to all possible on the fly addresses. e.g. 1@foo.mozmail.com 2@foo.mozmail.com so on and so forth.
Now my custom domain name as a whole is compromised but I can not change it anymore and lost all benefits of Firefox relay.
You don't have to use the custom @domain.mozmail.com address with Firefox Relay—you can use @mozmail.com with one of the auto-generated random aliases.
Your complaint is similar to using RFC 822 "me+site.com@domain.com" style emails and then worrying that sites are going to learn that your real email is "me@domain.com" by stripping off the part after the plus sign. Call me optimistic or naive, but I don't think that sites are doing that...
https://people.cs.rutgers.edu/~watrous/plus-signs-in-email-a...
Yes, it is recommended to use a completely random email by default, and only use your custom domain as a fallback when you can't use the random one (e.g. when you have to give up your email somewhere in-person). We're looking into ways to make that clearer, because people's intuition tells them to use their custom subdomains by default.
That's right. Thanks for correction. I have been doing exactly that. Using custom domain email everywhere I needed. Will use generated emails from now.
I love Relay! Thank you!
That's always great to hear!
Huh, hadn't heard about Proton buying Simple Login. I'm not sure how to feel about that. I really like SimpleLogin, but Proton always felt kind of "icky" for lack of a better word. Guess we'll see.
I'm a big fan of SpamGourmet, but I've noticed a few websites have started to blacklist it
Another advantage not mentioned is that '@icloud.com' is a generic domain that has been (and still is) used for a lot of real e-mail addresses for years. That means that most registration forms cannot just simply block '@icloud.com' because that would lock out a lot of real '@icloud.com' addresses.
Hide My Email is very good and I'm using it a lot.
Hang on, though: doesn't this essentially hand Apple a big list of which domains you communicate with and how frequently? There's also nothing stopping them reading the emails on the way through. I know a lot of people trust Apple more than Google, but you're essentially signing up for a vendor-locked product that you're hoping Apple will continue to support, with no guarantee they won't collect - even at an aggregate level - your communication preferences.
They're even slightly pre-filtered for Apple's convenience, as the times you're likely to use Hide My Email are for shopping and social media - nice, ripe marketing targets.
If you use Gmail, there's also nothing stopping them reading the emails on the way through. If you use Outlook, there's also nothing stopping them reading the emails on the way through. If you use Yahoo, there's also nothing stopping them reading the emails on the way through.
If you use virtually any email provider this is true.
Oh, absolutely that's true; even with privacy-focused, hosted systems like Proton or FastMail there's always that tiny shadow of doubt that they're doing what they're saying they do.
Before, one entity could read your mails, and after, two entities can read your mails.
There is no lock in - you can login to "whatever app" and update your email to a new one anytime you like. It's just an email address in the end.
Also, unless you're encrypting your emails, can't everyone read your emails "on the way though" anyway?
With google, even if you’re encrypting. Gmail, even in the shiny incarnation, only supports server-hosted private keys. A private key that you must give to your service provider is about as useful as a chocolate teapot, imho.
If you are already on an @icloud.com address and/or using Apple Mail, what’s the difference?
The only thing really holding me back from wanting to use iCloud mailing services is the current implementation of MFA on Apple services.
It would be fine if you were allowed to use normal MFA options, but no, that is not possible. Instead, you MUST confirm your logins via already signed in Apple-devices only. There is no other way. Cannot use phone number (for good reason, but that is besides the point), cannot have a secret key based TOTP.
Actually, Apple allows SMS and recovery keys as a fallback and there is an account recovery option if none of these work.
https://support.apple.com/en-us/HT204915
Google on the other hand… I’ve seen two people lose their Gmail accounts even they knew the password because google required verification from a mobile device that no longer existed. :|
I think Google also has recovery keys. I have a slip of paper with ten long strings on them that Google told me could be used to regain access to my account.
Google seems to have changed their MFA stragagry recently where normal TOTP apps are a backup measure while the already signed in device is the primary. It wouldn't shock me if they don't prompt you to set up the app or recovery keys anymore.
I don’t think that they do [prompt you] anymore. I recently had to setup gmail with google Authenticator and there was no mention of recovery keys. Not sure if I could go in after the fact and generate any.
https://support.google.com/accounts/answer/1187538
It looks like they still have recovery codes. I think it’s a good idea to have a set stored in a safe place.
Said accounts did not have two-factor enabled.
Google supports MFA apps. I use Microsoft's and I've been able to recover after switching to a brand-new phone without moving data over because Microsoft syncs with cloud services. (iCloud on iPhone)
SMS is available as a fallback 2FA method for Apple ID.
I only wish they'd support standard TOTP as well, like everyone else.
I wish they'd let users decide what they want to use as additional factors. I would like to ban phone calls, emails, SMS, and TOTP entirely from all my accounts, especially those that hold credentials for other services, and use only WebAuthn.
I'd love to use Apple's keychain for credentials for convenience but it can quickly become the weakest link, when it should be the strongest.
What’s wrong with TOTP? Isn’t it exactly as secure as WebAuthN?
TOTP is not as secure as WebAuthn, because if you enter the TOTP code into a phishing site, the phisher can now successfully authenticate as you. WebAuthn was specifically designed to be immune to this case: if you were to use your WebAuthn key in a phishing website, the phisher would not then be able to authenticate as you on the real site.
You have to have the generator somewhere to get the code. If it's in software, you must have access to that software, and it must be secure. With WebAuthN, it can be a hardware token and usually multiple of them stored in various locations that only you can access (safe deposit box, physical safe, etc).
Unfortunately, only one phone number is allowed per Apple ID. And I do not have multiple phone numbers to expend for an SMS only 2fa option here.
You can have multiple accounts on one "trusted phone number". Trusted phone number is where Apple sends the SMS 2FA code. I have several Apple ID's on 1 phone number.
This is different than "Reachable at" phone number which must be unique and is used for iMessage and Facetime, and if it's blank other people can only reach you via iCloud account email.
(It makes sense if you think about it, parents setting up iCloud accounts for their children's iPads who might not have their own phone).
This is not correct. Go to https://appleid.apple.com/account/manage and you will see that you can add multiple trusted phone numbers under Account Security.
As long as you add a trusted phone number you can do Mfa over sms. Not ideal but it is an option.
Huge fan of this, started using it for practically every signup. I've already had the opportunity to shitcan an alias because it obviously got dumped to some advertisement list.
Now I just need to work on untangling 15 years of other services from my main account.
A useful feature the article doesn't mention:
In macOS Mail and iOS Mail, when you reply to an email or send a new one, you can choose the "From" address: The options are the usual accounts you have set up, plus, now, a "Hide my Email" proxy generated on-the-fly. I've found it very handy on several occasions.
Great, I didn’t realize this was an option. It feels less useful for replies but new emails I could definitely see myself using this.
Cases where I've used it for replies:
* accidental semi-spam (people sending emails to someone at one of the domains I own, mistakenly) where I wish to notify them that they got the wrong email, but don't want to divulge my main email (and name).
* support emails from services that I signed up with using "Hide my email". When replying, the "From" defaults to my main email, but again, I can switch to "Hide my email".
Thanks for sharing! I totally missed this.
I don't use Safari but I still use this feature a lot even though I have to do a few extra steps because it does not integrate with anything other than Safari, its that useful for me.
Some sites have never worked properly with the email+tag@gmail.com thing and some have even become wise to it and wont accept addresses like that (car dealers are the worst).
I hope someday apple allows 3rd party integration with this feature.
I don't get the email+tag. Spammers can just drop the plus tag and get your real email address?
They could, but they don't. Spammers cast a wide net and usually aren't concerned about the crumbs that fall through. Not to mention the people that do the plus or dot tricks are going to be extremely low value spam targets.
Yup, but assuming these spammers want to keep their lists of leaked emails fresh, it’s kind of silly that they’re so unconcerned about it: they’re very much helping to expose their suppliers. I feel that they must realize that can’t be good, but maybe I overestimate them.
If it makes it into a leak database, you know who to blame.
Agreed. You can get to it through Settings > Apple ID > iCloud > Hide My Email, but it’s a pain to navigate.
I tend to use it when signing up for something IRL that wants an email address. I wish there was a way to use Shortcuts to generate a new email in one tap.
I’ve been keeping an eye out for a settings URI that will take you there directly https://github.com/FifiTheBulldog/ios-settings-urls/issues/1...
One workaround is that gmail ignores dots in the local part too: so you can use unusual punctuation for marketing: e.mail@gmail.com
I've been using yopmail for years to avoid spam, but the problem is that a lot of services have blocked yopmail and other disposable email addresses.
The nice thing with "hide my email" and Fastmails "masked addresses" is that the two services use a popular domain, so sites can't easily block it.
Yep, I used to use Mailinator, sometimes others, but they eventually end up blocked in Marketing-hungry websites.
Even myname+random@gmail.com and similar can get blocked from registration on some websites now.
The difference here is the power of iCloud. Services can't afford to block it.
This is similar to Domain Fronting [1]. Maybe we should call this email fronting?
The "+" symbol is easy to detect.
The other benefit for apple is that if a generated email address for Home Depot has non Home Depot content, it's easy to block, since it's clear it got sold to a email marketing company.
And then Apple can then threaten the corporations to not sell their mailing lists or risk being cut off from sending to icloud, or worse, having a header in the email from Apple saying that "Home Depot doesn't respect your privacy and sells your email address to 3rd party marketing companies. Here's a telephone number where you can complain."
This raised a bigger question for me- How did the system get to a point where only big players can set up a service like this?
Email marketing ruined communication for everyone.
I once ran my own email server for several years off a domain from no-ip.org running from a local server in my home. Most places accepted email from it just fine, occasionally though some places had their mail server reject my IP because it was in a DNS black hole.
Then you had the spoofers pretend to be att.com/verizon.com so they had to implement SPF and DKIM.
Then you had to uphold your reputation and the security of your servers otherwise your address would get put on one of the DNS black hole blocks.
Worse was if your IP address was already used to send spam -- you somehow had to get the black hole lists to remove your IP.
At some point about 15 years ago, I gave up and moved to gmail, and I never really looked back on it again.
It's not really big players per se, but "domains with a lot of users that I can't block". Which of course means "big players" for regular people.
I agree with sibling that the problem is with Email marketing, but for different reasons.
Companies are so addicted to spamming users and selling user data that it becomes unacceptable that users might not want to give away their email.
Another problem is emails being required for signing up to accounts.
Honestly IMHO we gotta get rid of email for signups. I don't know what to replace it with. Hardware keys, maybe?
I still get sites from time to time that reject custom domains and want an address on yahoo.com, gmail.com etc, which is infuriating.
The worst thing is that so many sites have stupid email validation rules. Even cameo.com, which is a mid-size ecommerce site, doesn't accept a lot of TLDs created in the last 8 years, including mine.
Love the service but nervous on the lock-in. Any guides for how to migrate off Apple after using lots of emails?
I’ve been happy with the Fastmail+1Password integration as that “feels” less painful to migrate off the in the future.
This is the million dollar question that Apple hasn't answered. What happens to these forwarding addressses if you cancel iCloud+?
The result is bad either way. It's either A or B. (A) Canceling iCloud+ doesn't remove existing Hide My Email addresses - which makes it possible to abuse by creating tons of extra addresses before canceling. Or: (B) Canceling iCloud+ deletes all of your Hide My Email addresses, locking you out of dozens of services (e.g. anything that sends an email as a MFA).
I suspect that it is actually (A). Someone just needs to test this and report out.
Currently I forward all my iCloud mail to my protonmail. Not sure if the aliases will stick around after cancelling a subscription however.
I see SimpleLogin mentioned in the replies several times, but I haven't seen anyone mention that you can use your own domain name with them to prevent vendor lock-in.
You can also export your setup through their API so you can very easily migrate to a self-hosted instance if ever necessary:
wget --header "Authentication: YOUR_API_KEY" https://app.simplelogin.io/api/export/aliases -o simplelogin-export-$(date +%s).csv
And given the author talks about Have I Been Pwned, I feel I should mention that SimpleLogin has built-in HIBP integration (contributed by me in https://github.com/simple-login/app/pull/472)
The great thing about Apple doing stuff like that is the sheer scale they reach.
Sure, there were many services like that before, and many of us have used them. But making it an integral part of iOS can drive mass adoption. You have to credit Apple for that.
There is also a trust component. I do trust Apple to not abuse this product or shut it down in the future much more than I do some no name privacy company.
I use this feature extensively.
My only wish is that it were easier to send an outgoing email via a Hide My Email address (rather than only being about to reply once the other party has sent the first message).
In iOS and macOS mail.app, you can select the from name in the compose sheet and the option to autogenerate and random email address using “Hide My Email”.
Not totally intuitive but pretty decent.
Ah, that is helpful. Thank you.
If Apple would provide an easy and straightforward method of sending emails from that garbled and, to the layperson, "anonymous" adresses all kind of dumb shit would happen. I guess they don't want that kind of publicity, even if they can obviously trace every offender.
Gmail used to have send-as feature that verified only with your ability to click on the link that you get from google on that inbox.
Technically you can do the same with SES on AWS as well, they verify just a single email address this way (domain is with dns records), and they have SMTP gateways to connect to a mail client .
Yup, this makes is unusable for me. Try AnonAddy bro, its much better. You even get iOS app to manage your aliases on the go.
I made something similar that I've been using for several months now: https://shroud.email/
The concept is fundamentally the same as Hide My Email or DuckDuckGo's service, but it's libre software and has (IMO) a better UI to manage addresses. It also stops tracking pixels, which Hide My Email doesn't do unless you also use Mail.app. It's hosted in the EU and runs entirely on renewable energy.
Seems great, but the same question I have with most email add-on services, how do I know you aren't reading my email? Seems a risk to introduce additional 3rd parties into the email system.
I agree that this is a challenge! If you want to use the hosted version, it's impossible to avoid the need for that trust. I'm working on making self-hosting easier for this reason.
Some other services (like Firefox Relay) will use AWS' Simple Email Service for everything. I opted to go for [MailPace](https://mailpace.com/), an independent, privacy-focused provider instead, which is an improvement but still not ideal. I believe that SimpleLogin lets you self-host your email, which is best from a privacy perspective, but I'm slightly concerned about the UX of having to think about email deliverability. Still experimenting with that!
That's a good answer, appreicated.
My pal nick and I built something called Cloaked Email for our startup Gliph back in August of 2012. [1]
Apart from our early integration to send and receive Bitcoin on Coinbase, Cloaked Email was the most successful part of our privacy focused startup, not only in its ability to attract press coverage but in generating revenue as well.
We believe our work contributed to forcing criagslist to introduce their email relay service. Craigslist went so far as to block email from cloaked email users. [2]
Doing this well and to take on the responsibility of maintaining ~forever is a huge thing.
It is great Apple has recognized the importance of this matter and brought it into their platform in such a straightforward way.
One of the most engaging actions we had was people re-rolling for a different random email address. People just loved seeing what they might land on next.
[1] https://blog.gli.ph/2012/08/14/delivering-privacy-gliph-cloa...
[2] https://blog.gli.ph/2013/07/22/cloaked-email-and-craigslist-...
Where is the ode to the likes of AnonAddy that have been about for a long time now AND are provides much better service?
Services that only provide disposable addresses get blocked. iCloud is too big to block.
I havent come across service that would reject me, although I use my own domain with AnonAddy.
Bringing first-class support for it on Safari/iOS is interesting, and I'm surprised they did it. Even my mom is using it because, when it pops up, why not.
Until this, it was just a handful of privacy-conscious folks using services like AnonAddy.
Don’t forget SimpleLogin which is open source and just got bought by ProtonMail last week.
hear, hear!
Anonaddy is a godsend to me, for having an additional feature to set which alias are allowed to forward (albeit limited just enough for essential services I can use) and also recently you can reply a message from your alias email
I must be the only person who doesn't receive spam. I mean I do, but it goes into the spam folder. I've never really understood why I should use something like this. I have my email address on my website anyway, so it's not like it's private information.
Low-quality spam veeery rarely makes it to my inbox, but “opt-out newsletters after signup” are basically how every business operates nowadays. And that’s spam as far as I’m concerned.
I have been using my current domain for 3 years now and I don't receive any spam in my spam box either. Email spam seems like it was a solved problem years ago. Now its all just newsletters which go right through the spam filter..
For those using this feature for a long enough time, have you seen misfiring or emails that disappear, you couldn't retrieve ?
When using keychain as a password manager, once in a while when creating a password for a new site, it would generate it and complete the account registration, without properly saving the generated password.
I'd hunt for the site item through keychain's list and not find it, and go through the "Reset My Password" for the site, except if time passed I might not even remember which email I used to register.
It was annoying enough for passwords, but not critical. For emails there's probably situations where the account is just lost and the only option is to create a fresh new one. How good is their implementation for this ?
This situation was fixed in the latest update
There are lots of ways to do this. Postfix is nice but a little heavy. The simplest and most functional way I've found is https://github.com/0xERR0R/mailcatcher since all it does is forward the emails. You can even use a throwaway gmail SMTP so it doesn't get send to spam
Easy to set up on a rpi/cheap VPS, as long as you have a hostname. And while you're there, look for a short domain name so it's fast to type (on credit card kiosks). You can get cheap short non-standard TLD's like .li. I got a 3 character domain for $5 a year, as short as bit.ly, but just for me
I guess it's harder (although not impossble) to send email from this throwaway address, but that has never come up for me, for external accounts
Twitter is one site that I know requires you to reply to their automated email from the exact same address if you want to appeal a suspended or locked account.
It's a built-in feature of Fastmail which is how I do it
> It’s important to note that you shouldn’t use Hide My Email for everything. For example, you probably don’t want to use a random address for critical services such as online banking. If you trust the bank with your money, you can probably trust them with your email. I’d also think through those sites that may use your email to help others find you, such as social media accounts. If you’d like your contacts to find you automatically, you’ll need to use an email they know of.
Social media is high on the list of use cases for such addresses to help preserve one's privacy.
It’d be nice if there was a service like this for physical addresses and even phone numbers. Every account you sign up for could be with a made up name, email, phone, address, and single use credit card number.
Apple provides data on iCloud subscribers to the police without search warrants or probable cause over 20k times every year(!) (under FAA 702, aka PRISM), because the US federal government illegally demands it and Apple has no ability to really stop them without their staff going to jail (thanks to the government's secret interpretations of what FAA 702 really means). Much of the data in iCloud is not end-to-end encrypted (including the keys protecting all of your iMessages, as well as all your photos, and your device backups) so this is a huge amount of data on/about you they can be compelled to turn over at any time without probable cause.
This means that you shouldn't use iCloud (even if you have nothing to hide). The fact that there is no probable cause required means that the state can demand this data as part of a fishing expedition to abuse/harass even the totally innocent.
This means that features like this, which lock you in to using iCloud in the long term, should be assiduously avoided.
Get your own domain name and get your own email hosting (not from Apple) and use that. You can setup a catchall to have unlimited unique email addresses. You can use multiple domains if you like. Step by step instructions on how to do this are on my website.
Yesterday I was shopping with my wife and was thrilled with how I could use Hide My Email in an irl sales situation - mattress shopping!
Been using individual email adresses for each website I signed up for by using Fastmail.com‘s email aliasses. - Previously I had a second email address just for sign ups, but whenever a platform was hacked and user data was leaked, my email address was burned.
So yes, this feature is super useful, and kudos to Apple for introducing this to their customer base.
This feature is indeed amazing, but my biggest complaint is that it's not easier to access. Roughly speaking, the worse the website, the less I trust it with my email, the less likely their HTML is well formed and will trigger iOS to prompt me to use Hide My Email.
Way too frequently I have to dig this feature out of the settings menu, copy the address to the site, copy the site back to Hide My Email as a label, and then usually do the same hoop-jumping with my password manager.
I would welcome this feature to be more front-and-center on the keyboard somehow.
Hide My Email is an awesome product, no doubt, but why the mention of Have I Been Pwned? Security through obscurity is not worth two cents. Use a password manager and generate your passwords.
My thought process was if you search your primary email, you'll quickly see all the breaches with that email. Using a different email per service reduces the surface area (lateral movement). Security through obscurity has nominal value, but the reduction in ability to correlate has a much higher value.
Hide my email is great but I've also really been enjoying the new duck email service that does the same thing just because it's quicker to use on windows, where you have to open icloud, create a new email and paste it in.
In fact the duck email service is nearly perfect, except for the fact that the extension forces you to use duck as a search engine and so you literally have to modify the chrome extension and store it locally if you just want the email service.
How do I report Hide My Email abuse? Someone used it to send a nasty email to my company. I couldn’t figure out how to report it. My guess is there is no way to do it and there won’t be until after some reporters make it the Apple scandal of the week when there’s no other news.
Are you sure that was the actual sender? Email allows you to write whatever you want in the From field.
If your email host is half decent it will automatically move these emails to spam and plaster huge fraud warnings all over an email which does this.
Have you tried emailing abuse@icloud.com?
I will try forwarding it there. Thanks.
I'm not sure how one would do that? You cannot create Hide My Email addresses purely to send mail. Your company would have to first send mail to that address, and then the person behind it may reply
As an android user I've never seen this before -- this seems way better than email+tag@gmail.com
There is SimpleLogin[0] and Mozilla Private Relay[1] as more generic options. I've never tried them as I struggle to figure out how trustworthy they are. At the end of the day, emails are essentially proxied by these products.
Another one that's come up in the past is https://sneakemail.com/
Simplpgin have been around for much longer than Apple’s service and I believe they have been bought by ProtonMail now as well.
Abine Blur (https://www.abine.com/) was one of the first to do that however some of the domains started to get blocked. Hide My Email using iCloud negates that risk.
I built a similar service. The benefits include; 1. Custom domain , 2. unique email addresses, 3. don't have to be a Apple user.
I have been tinkering to use chrome auto filling form to sign up for random services with the email address of the current director of the CIA Bill Burns. Haven’t tried it though.
Is this different than me just programmatically adding new email addresses on my domains, which just forward to my primary? Is it just more convenient?
I ask for learning, not for skepticism.
It has the benefit of being at a general domain, icloud.com, instead of one that is (in theory) traceable to you for someone who cares enough to do so.
One thing that wasn’t included in this article but is amazing is being able to deactivate an email address. It results in a total dead end for whomever it was given to.
Check point 5 on the post.
Now that Google is insisting on kicking me out of legacy Gsuite, I may give icloud a try. It's a pity it's such a PITA to set something workable on Android.
Made a very similar thing, since before apple did it actually:-) mine's called https://ent.re
Nice domain name!
It’s been totally amazing for me! All Apple need to do is create an dev experienced like Firefox developer edition browser and I will jump very quickly!
Why not just use phil+craigslist@gmail.com or phil+kmart@gmail.com to achieve the same effect? ends up in the same phil@gmail.com inbox
how exactly is this hiding your email?
Because the spammers got smart, they automatically remove the plus sign before sending emails.
A bit of a plug, but I have written a small piece with some suggestions for services that could be used to hide and not share your main account as well as some pros and cons to them here - https://psyonik.tech/posts/keep-your-email-private/
TL;DR - Cloudflare email works great if you have your domain on Cloudflare, Firefox Relay is cheap and will work with emails up to 150KB and a number of email providers give you the ability to create aliases (Runbox allows up to 100 aliases).
Firefox Relay now works with emails up to 10MB: https://blog.mozilla.org/en/mozilla/latest-firefox-relay-inc...
(Disclosure: Relay engineer.)
I might switch back to it as I had some delivery issues with Cloudflare on some messages, but the issue was the email size, as emails with attachments wouldn't come through. +1 for the change!
I use duckduckgo email protection.
> you probably don’t want to use a random address for critical services such as online banking.
Why not?
Because it’s a potential pain.
I just used Hide my email for a non-critical but real-life situation. I had to learn my new email address and I’ll have to remember it forever. I’ll probably change it back to my regular address at some point.
This is nice and all, until your apple account get locked (for no good reason)
Or you want to send email (not a reply).
People are better off not using Apple’s HideMyEmail. There are better ways that allows this on your domain - no lock-in!
Or no lock-in with a device or browser (because without that it’s a bigger pain).
You can send! It's not restricted to replies. See here: https://support.apple.com/guide/iphone/use-hide-my-email-iph...
You can say that about any email service that isn't self-hosted.
That's true, of course. But this is adding another layer of dependency to already fragile reliability.
Edit: also with custom domain you can switch email providers.
I use my custom domain with iCloud. I use the anonymous email feature only for crap signups. Problem solved.
Good for you (seriously), that's very reasonable, but far from author's recommendation.
Using your own domain doesn’t have this problem as you can just move to another service
Unfortunately, I found that Hide My Email complicates unsubscribing. I tried unsubscribing from Jumba Juice many times unsuccessfully, only to realize that the email that I entered was my actual email, and I should enter the email that was shared to Jumba Juice instead.
If an unsubscribe link makes me re-enter my email I just report as spam. Not worth the energy
That’s true, you have to be aware of the email address you used in every service instead of blindly entering your email address.
But you can also deactivate the email address and be done with it.
This is serendipitous. I just now signed up for the 5 day overcoming overthinking challenge by Jon Acuff and when I signed up Apple checkef with me if I wanted to hide my email and this is trending on HN!
Firefox had this earlier actually
re: "It’s inventible" "inevitable", perhaps?
Thanks for using our crappy (app or web site) and Preserve Your Privacy With Apple.
Please enter your mobile number for account verification. Your number must be capable of receiving SMS messages.
We need your mobile number in order to verify that we can track you, personally identify you via data brokers, and send you SMS spam and robocalls.
To help us verify this, please log in using your password and the single-use code we will send you via SMS.