Tell HN: Stop using Apple's Hide My Email, its a one-way street
This post is a shocking realisation of a simple bug in Apple's Hide My Email(HME) feature. You simply cannot send an email.
Since Apple has done the marketing as such that with a click of a button, it will create a unique email address for any business you want to sign up with, I doubt many would think twice because its all so simple and Apple way of a solution, sure, why not, let's use HME everywhere to protect your privacy and if you feel the business is not respecting your preferences, you settle out any bills with them and deactivate the email address given to them.
But what if you are working with a business with strict email policy and no other way to contact them, how do you file a ticket with them? How do you email them?
Let me point you to this support article where Apple still doesn't point out the glaring truth of HME that you simply cannot send an email with a previously generated email address
https://support.apple.com/en-in/guide/icloud/mm9d9012c9e8/icloud
When you use HME on a website (for e.g. business.com), you can check on your Mac that the HME generated for the website, on the top it will say Safari and in the label will be the domain name of the business(business.com). Let's call the email generated by HME as hme-1@icloud.com.
Now if you were to use the Mac app or iCloud Mail to compose a message to support@business.com and choose HME as the sender, it will not populate hme-1@icloud.com, it will be just another random address like hme-99@icloud.com. It does not take into account that since hme-1@icloud.com has been assigned/mapped to business.com, the Apple user should technically be able to send email to any email address of business.com like admin@business.com or techsupport@business.com or sales@business.com.
It would have made sense for Apple to say, if the Apple user was trying to send an email to sales@sales.business.com, of course we won't let you send that email because the sales user belongs to sales.business.com domain, not business.com domain for which we have assigned hme-1@icloud.com to you.
I tried to explain this fundamental thing to Apple's customer support that emails are a two-way street. Just as how I am able to receive emails from any@business.com, I should also be able to send email to any@business.com.
But according to Apple, this design is as-intended. I came across this post while searching for something else. This behavior is to mitigate the risk of abuse, plain and simple. Apple does not want ephemeral iCloud addresses sending out malicious content. Yes, you can still theoretically do this with a regular iCloud email. However, it is rate-limited by the sign up process, which requires the threat actor to burn another email address or phone number (and a device ID, probably). Use something like SimpleLogin instead. Even still, I find Hide My Email useful for Apple Pay, where I only receive transactional emails anyway. You post this like there's no use case for an address that just forwards to an address or reply to emails sent to you. Apple is in fact clear that is what it does in the description. https://support.apple.com/en-us/105078 > Hide My Email generates unique, random email addresses that automatically forward to your personal inbox. Each address is unique to you. You can read and respond directly to emails sent to these addresses and your personal email address is kept private. Nothing there suggests you can generate new email threads from an address, just "respond directly". While that may not meet your needs, it does meet the needs of other use cases for which it was designed (e.g. signing up for a service you don't want to provide your true email address for). That's absolutely no reason to call for a blanket "stop using it". Have I not made my case with sufficient explanation? No, because you didn't invalidate the cases for which it is used. People should continue using the feature if it meets their needs. You also didn't address spam and security issues if someone is able to endlessly produce anonymous email addresses and send unprompted emails. This is almost certainly why Apple wouldn't implement this feature as you want. Ignoring all your distractions and deflections aside, you don't call a car a car if it refuses to let you drive it. You try to find the clutch, its not there, there is not gear box, no accelerator, no brakes and you are on the seat and yell how the hell do I drive this thing? And the thing talks back to you, hello Bob, please tell me where do you want to go? Now you are not mad at it. You will happily tell it to take you to the nearest AMC to catch your film. Because its a robotic, self driving car. No car salesman is selling you a futuristic self driving car by calling it a car. Apple clearly sold this feature by saying its creating a unique email addresses for every use. Email addresses allow you to send and receive emails. You can't do that, you don't call it that, you call it something else. Simple. I would say yes you have. Seeing as most transactional email from businesses is sent from a no-reply address, it would seem this is a huge oversight to not allow someway for you to email the business using that email alias. One question though - does it allow you to respond to a previous email and add a new email address in the "to" field? Also, I don't understand why people would disagree with you pointing this out... Are they the Apple developer who developed it and are butt-hurt that someone is pointing out a flaw? Are they an Apple investor and can't stand the idea of any negative Apple press hurting Apple's share price? Surely it is better if any flaws in software are pointed out so that they can be addressed. So if I understand you correctly, say sales@business.com has sent me an email at hme-1@icloud.com, can I reply to this chain by adding another email in the To address, say, another@domain.com There are limitations to sending email itself when using HME. You need to be using an iCloud Mail account only (i.e. email with @icloud.com). This is like saying if you want to be using HME, abandon your current mail provider and come into the Apple ecosystem. Even after doing that, if you try to add another recipient, it complains that HME can be used only with 1 recipient. I tested this out on icloud.com/mail Another case is lets say if we don't have forwarding email set to an @icloud.com email, which is the normal usecase everybody probably uses this feature. Their primary email address is either Gmail or Hotmail or whatever. In this, if i set another recipient, the mail contents will probably reach another@domain.com
but I am not sure if it will reach sales@business.com because the iCloud MAILER would probably complain the same 1 recipient thing and cause email failure. Just look at all this complexity & for what? I assume you asked this like a hack to get it working. Even if the email worked, now I have to convince business.com that I am the same user that you have registered as hme-1@icloud.com. What business out there is going to entertain such kind of thing? I was just wondering about the following scenario:
1. I signup with example.com using 'hme-1@icloud.com'
2. I get an activation email sent to this alias from 'noreply@example.com'
3. Sometime later I need to contact them so I create a reply to (2) and remove the address 'noreply' addresss and add 'support@example.com' which I know is a valid support email. Would example.com get that email? No idea. The disagreement is this post is calling for people to stop using it entirely, even if it serves a specific purpose and works for that purpose. The author claims because it does not cover their particular needs people should stop using it. Apple are pretty clear this is for one way communication. It’s not an email replacement, it’s a privacy tool. There is always a trade off when it comes to privacy, and in this case it is that you can’t send email. There are plenty of great tools out there which allow you to create multiple addresses with the ability to send. Maybe you should consider the trade offs that are acceptable to your specific use case and invest/use/setup/buy into them? You could buy a random domain and set up a catch all address if you want to keep it simple. Before Relay was a thing I wanted to learn about SMTP and make a service which could do something very similar to what Relay ended up being but for mobile. I’m still running it ~4 years later (https://inboxesapp.com) and it’s a great learning experience. If you don’t have what you want - build it! No, it's not clear, thats my fundamental point. It's actually misinformation. They call it a feature to create unique, random email addresses.... Email Addresses are for two-way communication. If I tell you here is a device you use for instant messages. And you ask me, hey how do I send someone a message using this device? I tell you, you can't. That's because you are holding a PAGER. i will give my 2 cents. i use mailinabox and it works good enough for me. I can generate aliases at any limit and without any burden.
Now, what you are describing is the same in mailinabox. the alias is merely a "receiving" alias. you cannot send from that. what i found out was, how i can bypass this is by deleting the alias, then creating a new user with that email. a new email inbox is created. then you send that email whatever you want to send. then you can delete the user and create alias once again and you are back to square one. i know, its tedious process but it works for me. since apple probably wont let you create accounts with those disposable emails, then they should allow sending from aliases.