To top off the security of Proton Mail it great to be able to generate email aliases.
This would allow Proton Mail users to log in to each website/service online with a different email address.
This would increase online anonymity and reduce the chance of a Proton Mail user getting hacked.
When a user wants a new alias they click 'new alias' and a new email is generated that always forwards to the user's main email.
Then a user can label that email so they can keep track of what it is used for.
Then when they sign up to Facebook, they use that email address, but they receive the message in their normal inbox. If they reply to that sender, it replies using the alias.
When you compose a new message you can select which alias to send from.
If you send to an address where an alias was previously used, it defaults to that alias.
From an outsiders perspective they only interact with the alias.
Protonmail now has the ability to add aliases through the use of “+” in your main ProtonMail account, as well as through creating new email aliases under one account. https://protonmail.com/support/knowledge-base/aliases-within-protonmail/
how to create protonmail alias? Did not find any hint or way to do it!
Real Alias commented
FWIW, you can now reply to a received yourname+alias@protonmail as that same yourname+alias@protonmail. It's a step in the right direction, but doesn't support anonymity or ability to cut off spammers...
Another suggestion for implementing aliases is to use the format:
The use of the '+' character is a limitation for many vendors to accept special characters.
This feature is not completed. It was stillborn on delivery.
I direct forum users to this feature request:
I just got a spoofed email from a friend with a Protonmail address. Problem is she doesn't use proton mail
Joe Toomey commented
Will continue with HushMail Premium for Aliases. Had hoped to save money by using one provider, can't happen if ProtonMail don't see the requirement to use Aliases for subscription forms etc.
I TOTALLY agree with the request for custom aliases in the Countermail & Yahoo style. (Using "+" is garbage.)
Also, 5 is just not enough.
I've found Yahoo's 100 custom aliases incredibly useful in the following way:
* I buy something and I DO want to be on that vendor's mailing list (perhaps to receive product updates -- I have, over the years, bought a lot of software, for example). Nevertheless, I want to shield my "base" address and be able to unsubscribe easily and then not worry about receiving random spam -- because unsubscribing from a mailing list doesn't actually "remove" your email address from that database; it just places a "do not send to" value against that cell. The vendor can still export that list in a csv file and on-sell it to whoever he or she wants to.
* Sometimes, unfortunately, one of these vendors -- whose list I WANT to be on for whatever reason -- will either (a) start sending me all kinds of ridiculous marketing emails for unrelated guff and/or (b) sell or rent their list to another vendor, who starts sending their hard-sell marketing emails.
In the first example, it's clear who is sending the emails so I can unsubscribe and send an email to say "Hey, listen prick... I signed up to a Product Update Notification list... not a general marketing list. I've now unsubscribed from that list and will destroy this alias in 7 days. Do you actually have a GENUINE Product Update Notification list? If so, please send me the link to the page where I can sign up for that one because I don't need any more marketing emails; if I want to buy any of your other products I already know where to get the info and how to find the Buy button. Thanks."
In the second case, however (i.e. where marketing emails just appear "out of nowhere"), an alias will tell me EXACTLY which vendor has breached their "Oh yes I solemnly swear on big stacks of holy books never to share your personal details*..." bottom of page, size 7 font: "...* except in cases where I can profit from doing so, suckers!" I can then take the appropriate action to deal with this.
But ONLY 5 ALIASES simply does not make this practice feasible. What should I do? Group all software purchases (for which I'd like to be on the Updates List) as "email@example.com"? What good is that to me if just ONE of those (dozens of) vendors sells my email address to some spammer? If I deactivate that alias, I then have to create another and change my details with ALL THE OTHER vendors -- rather than simply "cutting off" the ONE scumbag!
As I said, I've never needed more than 100 with Yahoo -- and I've been using aliases like this for MANY years.
Once a year I go through my custom aliases and delete any that I know (based on the passage of time) I no longer want or need. I let the others stand. Sometimes they stay active for several years (quite a few for over a decade). If I haven't heard anything from a vendor/publisher for more than two years, it's unlikely I am going to hear from them again -- and unlikely I want to -- and I delete that one to create space.
* The other problem I see with "switch ON; switch OFF" aliases lies in the basic functionality of autoresponder programs/services. Let's say I want to sign up for someone's email newsletter (or that I'm happy to be on the mailing list of a vendor with whom I've just transacted), BUT... I want to use an alias to shield my "base" address (which is ALWAYS best practice in my opinion). Well, what happens when I reach my 5 alias limit?
If I want to sign up to another newsletter, I have to switch OFF one of the 5 active custom aliases, right? The huge problem this causes for me is that emails sent TO the one I switched off will "bounce" and two or three "hard bounces" will trigger that autoresponder to deactivate that particular sendto: email address, which means I will NO LONGER receive a newsletter I want to read!
I've had this very same discussion with StartMail -- who don't seem very interested in increasing their limit from 10 custom aliases. I'd LOVE to sign up to ProtonMail over StartMail (because of the extra layer of security), but 5 custom aliases is even WORSE!
Even with the current aliases using the + sign, they are useless if we can't reply from them nor compose emails from them!
Also, some vendors do not allow for emails with the + character in them to register. So perhaps this other alias method would work better.
The address could end with something else than protonmail.com. When I wanted to create a Facebook account with a "spamgourmet.com" address Facebook didn't accept it. Apparently Facebook wants a real address to send me a million messages per hour by default (I'm exaggerating a little). I wouldn't want that Facebook blocks protonmail.com users.
I definitely need more votes for this one... ;-)
I've been looking for such a feature for a long time. Third party services just add another privacy problem to email in my opinion. Here's another one: throttlehq.com
Frustrated with the lack of an email service matching my requirements, I've actually thought up an email service quite similar to protonmail. Luckily I've found protonmail before I started programming. Anyway, I'm happy to share my thoughts on this here...
I agree with the proposer of this idea. These are additional concerns:
Having to add aliases before registering is also rather tedious. Third party apps that need to authenticate to protonmail are also risky and expose the user's account when switching devices etc. I prefer being able to hand out addresses of the form...
<account-alias> is a special alias that the user creates from their protonmail account. They may be counted towards the alias limit. I advocate for many such aliases to further limit leaking context (see example above).
<label> can be anything identifying that the counterparty, e.g. facebook, yahoo, google, etc. In a work setting these could be project names to automatically classify related chatter.
<signature> is a truncated keyed hash (hmac?) of <alias>, <label>, and the users main email. Asking for a password would tempt people to reuse their login or encryption passwords. For spam prevention and keeping out the uninitiated this should be enough as long as the alias doesn't equal the main address.
These addresses would be generated by bookmarklet or on a public, static page on protonmail's website, as well as browser plugins.
Additionally I would allow addresses temporary without signature and with or without label for more or less single use:
E-Mail would get through inside a 72h window (the specified date +/- 24h). This avoids protonmail having to keep lists of active/expired temporary addresses. The user would be prompted to accept/deny incoming emails. With the next reply the remote party is updated with a signed address (reply-to/from). This also helps with the cases where neither the plugin nor the bookmarklet have been set up.
I use Blur for this capability and it is extremely usefu, but the threshold of having yet another account somewhere is probably enough to keep a lot of people from using it. Having the feature integrated into Protonmail would make it very easy to use, adding very convenient streamlining for people like me, and it would also cause a lot more people to use this very valuable practice who currently do not - like my spouse, whose email address is all over the place, yikes!
In my case, I use Yahoo mail since the late 90's and I make extensive use of email aliases (have 100's of them, one for each merchand/website). I much prefer the Yahoo email aliases than Gmail, which looks like protonmail is using. You use a root keyword that is linked to your main email address, but your main identity is not known... So JamesBond@protonmail.com could be linked to the alias spectre- . He could then create the firstname.lastname@example.org to handle the dealings for his car. However, since he did not create email@example.com, if he gets spammed by using that email address, that email will bounce as it doesn't exist (unlike the gmail + type of alias). Also, if someone ripped off the mailing list of AstonMartin and he now gets spam from BMW on that address, he can just delete the address and create firstname.lastname@example.org and update his record at AstonMartin and indicate to them that their email list got ripped off.
I need such feature with 100's of alias to migrate. I just started checking out ProtonMail
and that is the first thing I noticed. I wished Yahoo encrypted the data and I put that request a long time ago. I'm a paying Yahoo member, and I don't mind paying for encryption and the features that Yahoo offer.
I also need to download the mails to my local storage once in a while. But mostly
it would reside in the cloud and encrypted.
I second the need for a catch-all email address for custom domains. I'm in the same boat as Laurens, I've been using the same methodology for my domain through Google Apps. There are a couple of other improvements I would also like to see, but this is the only thing from keeping me from transitioning to Protonmail right now.
So since that is a Security risk then why not allow emails to be mapped to current Protonmail accounts that already exist. This way the Company can decide and simply map it so that user can either user Protonmail or theirdomain. This tears the security issue apart as this way we have personally verified the mapped to accounts.. Then they are already active and verified by us.. Not to mention it's a HOLE lot easier..
I would like it if I can also have a catch-all email address for the custom domains, so that we can do this feature but then with nice addresses, like email@example.com for amazon, firstname.lastname@example.org for paypal, etc.
I've had my own domain for many years, with a catch-all email address, and I have had no problem with spam being sent to random addresses, so I would REALLY like to have that. Otherwise, transitioning to ProtonMail will be a big problem, as I can't possibly find out which aliases I've used over the years.
Yes, please offer email aliases, like the Countermail email service.
Basically you create alias email names in the settings. You then can use these alias email addresses on webforms and places requesting your email address online. Any mail to these aliases go to your main inbox. If the alias starts to get spammed, you just delete the alias and the incoming email gets bounced.
If you receive an email to this alias and reply to it, it automatically responds with the alias as the sending email address so your real email address does not get compromised.
When composing an email, the FROM line should have a drop down, allowing you select one of your aliases as your email address which you would like the email to be from.
Problem is that if you don't store login/password in your browser like I do, you will never ever remember that kind of address (and typing it whenever you want to connect is a pain in the a**):
Using the + type alias in protonmail is good for filtering but it doesn't make anything more anonymous if your protonmail account shows your identity. James.Bond+whatever still tells people you're James Bond.
Spamgourmet provides (as many different) email addresses (as you want) completely anonymous as regards the sites you're subscribing to and that you can easily remember. I agree about the tracking problem (although I don't believe spamgourmet have the means to store and compute all the emails they reroute). The key is not to use it for unencrypted sensible communications or any activity that is not recorded elsewhere. I mean, why buying data from spamgourmet about someone's activity on Facebook ? Just ask Mark Zuckerberg.
I think all methods have pros and cons. All we have to do is to select the appropriate one when needed.
The best option will be to have protonmail let us have like 5 or 10 aliases and decide what the final addresses look like, such as:
But this would consume lots of disposable addresses.
But this proposal goes further and in terms of connecting dots, it has better security. Using spamgourmet (or similar) is an option only if you don't care that spamgourmet (or similar) reads (or sell/forward to Snowden) your e-mails.
So the option to have something internal to ProtonMail would be better in terms of (lack of) traceability.
Maybe this comment will be removed because it might be an advertising for another online service but spamgourmet.com does exactly what you want. And it does it even better as you can control who can send you emails.
I use it together with my protonmail address and it's just perfect.