How to Protect Your Email From Spam and Data Breaches

This one simple trick will make your email 100% safer than it was!
Odin Odin (181)
0

One of the most dangerous aspects of how the Internet has grown and developed is due to the use of antique systems still being used to serve people's needs. Email is just one such example. The email protocol is great because it's designed to be interoperable - in that email from one service can be sent to emails from any other service (unlike walled gardens like Facebook Messenger/WhatsApp which can't be sent outside of that system). But email is also inherently insecure - despite improvements, data sent via email can become visible to outside viewers far more easily than most of us would like. And, worse, emails themselves have become a point of security failure! When you use your email as your username to log into a website, you're automatically making yourself less secure.

Think about it: how many websites do you know of that ask you to use your email address as a security measure when you're signing in? And yes, your username on a website is a security measure. We've seen major data leaks from popular websites continue to rise, and that means that all your data on that website might be compromised. As soon as that happens, your email is out there, floating around the Internet... and it's a gold mine. How many different services do you use that single email to sign in to? Once a bad actor has it, poof, they've got part of the key that they need to log into every other service that uses the same email.

And, even if you're just sick of getting spam emails, wouldn't it be nice if there were a foolproof way to keep your true email accounts hidden from those spammy sites and email lists you don't actually want to sign up for?

Email forwarding systems allow you to keep your real email safe, while offering massive flexibility in terms of how to interact with the World Wide Web. Read on to get a look at my top picks for this type of service, including those that can be self-hosted for maximum security.

A note on security

Best practices say: don't use these services for vital information! Remember, email is inherently insecure. For important things, like letters to loved ones, bank accounts, etc., use an email service that specializes in privacy -- and, even then, don't expect absolute privacy and safety! Extremely sensitive information (your location, your credit card number) should only be sent using a service such as Signal Messenger.

As a final note for advanced users, if you're interested in which of these services utilize PGP (Pretty Good Protection), I leave a comment about that following each section.

Posted in these interests:
h/privacy9 guides
h/internet81 guides
h/security45 guides
AnonAddy
AnonAddy

One of the most commonly discovered offerings, AnonAddy provides a good service for a reasonable $12/year fee, with a more limited free version that will cover casual use.

Create a username like johndoe. You can now use @johndoe.anonaddy.com (or .me) as your email. AnonAddy will now be able to automatically generate emails like "ksjdbfksd8w887@johndoe.anonaddy.com" for your email needs.

Once you've created your alias, you can then use that to sign up for "OnceInALifeTimeDeal.Com" without actually handing them your real email.

AnonAddy takes any incoming messages and forwards them to your real email address, easy as pie!

Plans

AnonAddy offers three different plans: free, light, and pro. If you want to have more than 10mb per month of bandwidth (which is basically just how many emails can be sent through the service, depending on how large those emails are), you'll need to upgrade to their higher tiers. The "Lite" plan offers 50mb/month, while their "Pro" plan is unlimited.

Honestly, their service is reasonable, and if you just need a few one-off emails for random sites, this service is a great deal. Even at the Lite plan, I can recommend its use.

Erine.Email
Erine.Email

Erine is a really exciting service for a number of reasons: it's open-source software (which means anyone can look at the building blocks, the code, of the software, and this is good for security), it's completely free, and it has an option to install it on your own server.

Why might you want to install Erine on your own server? Well, when you use a service like AnonAddy (or Erine's own Software-as-a-Service hosted version), that company is being trusted to handle your email. Email is an inherently insecure form of communication, when you send an email through a service like AnonAddy, Erine, or Google, those services have access to the content of your email (as well as a whole host of metadata about you).

However, if you have a home server sitting around (perhaps the same one you run Plex on), you have a powerful way to ensure that you are the only person handling your forwarded emails. Erine.Email can be installed on your server (it takes a wee bit of tech skill to do so, however), offering you total control over your spammy email.

Either way, this service is totally free. If you're planning on just using these disposable email addresses to sign up for newsletters and whatnot, added security isn't such a big deal.

Firefox Relay
Firefox Relay

⁨Firefox Relay⁩ email masks protect your true email address from public view, automatically forwarding messages to your true inbox. Now you can receive only the messages you want in your inbox. Sign up with your ⁨Firefox account to get started.

I've always been a huge fan of the Mozilla Foundation, Firefox, and their associated software, so I naturally had to include this here. However, just as with my article about choosing the best secure Internet browser, I'm afraid Firefox Relay comes up short. Not because their service isn't good, mind: this is a super service. But, unfortunately, their pricing scheme leaves something to be desired.

You get five anonymous email "masks" for free, after which you have to pay. The price currently is great for such a trusted name: $0.99/month, putting it solidly in the same range as other similar software. But that pricing is marked as "limited time only" so they clearly intend to raise the price in the near future. Given how many different services we end up having, let alone how many we need to pay for just to keep our privacy somewhat intact, adding on more than $12/year for some email masks just isn't worth it, especially not when there are free options available.

BitWarden
BitWarden

BitWarden is one of the best password managers around, offering top-notch security for free (and extremely helpful advanced features for a nominal fee). But, did you know, BitWarden also allows you to use the "sub-addressing" capability that is already baked in to many email providers? If you use Gmail, for instance, BitWarden can generate special addresses from that which blend your email to a string of random letters and numbers, allowing you to use it with a bit more confidence on the Internet.

Use your email provider's sub-addressing (aka "plus addressing" or "aliasing") capabilities. This will generate a plus addressed (named for the + and random string of characters) username based on your specified Email Address.

On the Add/Edit Item screen of browser extensions and desktop apps, you can select between generating username with a Random (e.g. alice+gsd4aqqe@bitwarden.com) string or one based on the item's Website Name (e.g. alice+github.com@bitwarden.com). Website Name is limited to the Add/Edit screen on browser and desktop as it requires knowledge of the login's URI, in other locations the username generator will default to Random.

It's not quite the same as using one of the dedicated services, but it's a great tool to have if you just want to be able to easily generate a new email mask on the fly!

SimpleLogin
SimpleLogin

Absolutely the best service out there if you want to pay, SimpleLogin has it all: a dedicated free tier that's extremely generous with unlimited bandwidth for ten different aliases, a $30/year plan with all the bells and whistles, and an enterprise plan for your whole group's needs.

SimpleLogin is open-source, can be self-hosted and is 100% funded by the community. We do not use your data, track you or show you ads. SimpleLogin depends on your support to keep the service running and develop new features.

Unlike AnonAddy, SimpleLogin offers handy apps for iOS and Android, as well as simple browser extensions for Firefox, Chrome (and Brave), and Safari. This is extremely useful, as the easier it is to generate these alias emails, the more likely you are to actually use them!

SimpleLogin also allows you to self-host which is an absolute game-changer. Not only do you get a trusted platform, but you can take complete control for yourself and keep everything on your own system. While this might be overkill for most users, there's no doubt that those who are highly privacy-conscious will love having the choice.

Which email alias service to choose?
Which email alias service to choose?

This is the big question, and the answer is complex: if you've never used a service like this before and just want to try it out, AnonAddy or SimpleLogin are great options on their free tiers. If you already use the fantastic BitWarden password manager, and don't mind sticking with your normal email service as part of the semi-randomized email that you use, then it already does everything you need (for free). Erine.Email is a nifty service, but it's smaller and will likely appeal more to those who really want to self-host. And then there's poor Firefox Relay, offering nothing but a brand name and the promise of a higher price.

It ultimately comes down to price:

The best free option is through SimpleLogin. Ten email address aliases offered with unlimited bandwidth. But the best option for average users is AnonAddy at the $12/year plan, as long as you don't need more than 50mb/month of bandwidth.

Get great stuff. Make something great.
Zach Zach (249)
0

Welcome to the first annual Howchoo Holiday Giveaway! We're giving out some great prizes to random Howchooers. :) Each winner will receive one prize, chosen at random, from the list below!