*Unlimited* Disposable Email Aliases
Startmail explains it perfectly. They offer unlimited disposable aliases, which expire within a given amount of time. They also offer custom aliases which can be saved and used indefinitely.
It is the disposable alias which will help protect privacy, when submiting an email to an untrusted recipient. After all, how much privacy do we have if our fixed emails become the foundation for building and selling our marketing profiles, just as is done by gmail. We limit personal activity virtual trails by disposing of aliases for casual uses. But, unlike custom aliases, which build on our identifiable original email address, disposable aliases divert from our true email identity by utilizing a sub-domain created for this specific purpose, such as: email@example.com (tda = temporary disposable alias)
You avoid abuse by limiting disposable alias creation on a daily basis. Perhaps 5 max per day.
Here is Startmail's explanation:
The Blur service (by Abine) also offers a "masked mail" free service. But their service is not encrypted:
Security Enthusiast commented
I so agree with this and would pay extra for it.
The way yahoo! has implemented this is actually perfect because:
1) Not only can you reply from the disposable email but you can start an email chain from a disposable email as well.
So if I need to initiate contact through email to firstname.lastname@example.org I never need to reveal my real email address.
When the example company gets hacked and my email address gets sold to spammers on the dark web I just turn off that disposable email address, create a new one and update my details with that 1 compromised company if I still need them.
2) It really does mask your real email:
Real email = email@example.com
You choose the first part of the alias "e.g."mask" and this can only be chosen once and never be changed.
All disposable emails use this mask as the first part so appear as firstname.lastname@example.org
There is no way to determine from the stolen info (email@example.com) that your real email is firstname.lastname@example.org.
The Gmail and ProtonMail way of using the "+" alias doesn't really protect you at all as it contains your real email address.
It is not difficult to post process the stolen database and just filter out the + alias.
Real email = email@example.com
Alias = firstname.lastname@example.org
Process the data to remove everything between "+" and "@" to convert the stolen email back to email@example.com
Using the yahoo! way can completely eliminate SPAM forever! The issues with yahoo! are:
1) They have a poor security track record and were themselves hacked twice in short succession
2) They don't support 2FA apps (they use SMS codes which can be circumvented using SIM swapping)
3) You can't turn off their SPAM filter. Relevant because you'll never receive SPAM so will only ever result in false positives.
If you combine the yahoo! way of disposable emails with a password manager and strong unique passwords your online security is seriously beefed up and you'll never receive SPAM.
I use simplelogin.co for this. If PM does do this, please draw some inspiration from that.
Catch-All is NOT a good idea.
Catch-all email addresses were created to ensure that no email to the domain would be rejected and lost. Catch-all domains accept all email without rejection. Though useful for those concerned about potentially missing important messages due to typos in the mailbox, spammers soon took advantage of the opportunity before them. All they need is the domain name. They do not need to hunt for usernames, guess usernames, or scrape email addresses. They simply put whatever they want in front of the domain and send their messages — and those messages arrive as intended. As a result, catch-all boxes tend to get flooded with spam and become unusable.
I use Protonmail with SimpleLogin to create email alias. I prefer this service over Albine as it’s open source and offers unlimited forwards/sends.
Personally I think having a third party for creating email aliases is better than have this built-in in Protonmail as I also use other email services.
This would be great, something like "Hide My Email for Sign in with Apple" (https://support.apple.com/en-us/HT210425)
Not disposable aliases, but aliases kept indefinitely until we don't need anymore the service we subscribed to with that alias.
imo doling out fictitious internet handles draws shady business. this is a community ... at the end of the day, do we want our community to enable a feature that will draw shady internet figures with possibly criminal intents to join us on board this ship and destroy the credibility of what were hoping to make a case for, the right to request an avenging agent of the law or otherwise to cease their pursuit of our personal information? Regardless of if others concede or not, I don't have this service because it hides my face ... I have it because it hides my ass ... those of you requesting this feature should think on that for a minute ... instead of running from our pursuers, lets run at them and transform the web into a safer place where having to hand out real contact info is no longer a fear we have to live under. Again, just my opinion, but that's what I'm standing by
ProtonMail should at least provide this feature for paying users.
I understand they do not want unlimited aliases to retain some good addresses for new users. But they should at least allow us to trash aliases on some disposable domain!
Thank you so much for the great idea to get unlimited disposable email addresses. I will use them to take a kroger survey to get some exciting cashbacks and points on https://www.krogerfeedback.red/ official website.
@Protonmail staff, 95% of the sites where I attempted to use the + rejected it as an invalid email address. While we may not need totally unlimited aliases, you need to remove the cap on 5. What really kills the service is forcing paid customers to be stuck with the 5 they choose - not allowing them to ever replace them. How can that be helpful when you know that at some point those 5 aliases will need to be replaced due to spam? At the VERY LEAST, allow the 5 alias spots to be replaceable. You need to recognize that while the 5 permanent aliases were a well-intentioned idea, it is impractical in the real world. Meaning, your failure to modify this feature to make it useful is holding back your customers from fully utilizing your service, including almost all paid customers. A feature that was designed to offer some much needed privacy by not allowing data brokers to build profiles based on our Protonmail usage. This is clearly an issue that deserves attention - there is overwhelming support for a better solution. At the very least, update us as to where you are headed with this feature, so we know whether to recommend this service to others.
Are there any updates on this?
I read somewhere (Reddit I think) that there could be a seperation between protonmail addresses and custom domain addresses so we could have unlimited addresses on our own custom domains. That feature would be really needed!
"+" is USELESS!!! do something proton! please!
I need this to move to Proton paid plan, until they don't release this I stay on Hushmail or Fastmail.
Spamgourmet is shutting down. Please add a solution for this soon, so I don't have to transition to, and then trust, some other burner forwarding service. Thanks!
Is this actually actively reviewed? Current limit for plus 5 is too low. And price for visionary for 50 aliases is too high. This need not be truly unlimited and daily new limits is okay too. But the limit needs to be higher. + alias is just usable for filtering and does not always work. Even lowish one time fee for new alias would be acceptable for me.
What are actual reasons why this is not implemented? They are not spelled out as far as I could see in comments.
Many websites don't accept email adresses with the + sign. Even Apple has announced a nym server like service. Please save us, Proton Mail Team!
This is how I maintain a spam-free inbox in Hushmail, and the only feature they have that keeps me there. I maintain a paid Protonmail account, but don't use it because I don't feel confident I can keep spam at bay. I have no interest in searching through a spam folder for something valuable that made it in there, it sort of defeats the purpose of that automated spam control... I still have to check it. With Hushmail's "@nym.hushmail.com" alias feature, I give many new services a unique email address. If I ever get spam, I can see which it was sent to, change my email with that provider(s) and make a new alias for them. No more spam. Hushmail is not as private or secure as Protonmail, but I find this system so valuable, I'm not willing to make Protonmail my new permanent email home yet. I sincerely hope this changes.
Casper Jonquil Mad as Hell commented
The use of the "+" plus sign kills it for protonmail alias' on so many email systems. Show your support here:
I post this feature/change request as a fork from this discourse. It's related but deserves the same attention and support.
Please consider passing some of your votes in its direction.
This is a must have feature
Please add it
Trust; Protonmail is not listening. The book is closed on this one. Same as the stuffed-up alias using the "+" plus-sign instead of a "." or "-"
Zero intent to fix it.
I second that suggestion.
I'd love to create e-mail addresses such as firstname.lastname@example.org for a registrations at random websites. They don't have to be pretty or short, they just need to be unique for each website.
It would make things way easier and more secure than having something like three e-mail addresses, one private, one semi-anonymous and one anonymous. If you want to prevent spammers, add a limit such as 3 addresses per day.