*Unlimited* Disposable Email Aliases
(to vote for unlimited alias, visit https://protonmail.uservoice.com/forums/284483/suggestions/45394132)
Startmail explains it perfectly. They offer unlimited disposable aliases, which expire within a given amount of time. They also offer custom aliases which can be saved and used indefinitely.
It is the disposable alias which will help protect privacy, when submiting an email to an untrusted recipient. After all, how much privacy do we have if our fixed emails become the foundation for building and selling our marketing profiles, just as is done by gmail. We limit personal activity virtual trails by disposing of aliases for casual uses. But, unlike custom aliases, which build on our identifiable original email address, disposable aliases divert from our true email identity by utilizing a sub-domain created for this specific purpose, such as: xxx@tda.protonmail.com (tda = temporary disposable alias)
You avoid abuse by limiting disposable alias creation on a daily basis. Perhaps 5 max per day.
Here is Startmail's explanation:
https://support.startmail.com/index.php?/Knowledgebase/Article/View/3/0/aliases
The Blur service (by Abine) also offers a "masked mail" free service. But their service is not encrypted:
-
Anonymous commented
How I could use a feature like this.
-
Matt commented
I'm using simplelogin which is great but it has it's flaws that could be addressed if PM integrated a similar function.
The reverse -alias address that comes from simplelogin is long and meaningless. If Pm integrated this function than the send address could still be the original sender address rather than a masked alias. -
Rick commented
I am not sure why protonmail hasn't implemented features like masked mail similar to Blur service by Albine. I checked out Blur services, and the concept is great. Just why should we have to search for these additional mail features from other companies when it would be great if protonmail had these features or as least a roadmap on upcoming requests.
By the way has anyone checked out Sekur? They are a Swiss-based company that offer secured email and chat. They also offer cloud solutions. Would be great if protonmail comes out with a secured mobile chat. If it wasn't for the cost I would drop signal app. They were saying how signal app goes through your contacts and initial setup you have to provide your phone number so overall your privacy isn't so private whereas Sekur doesn't ask for your phone number. You are given a random id.
-
Anonymous commented
I'm moving all my emails to proton once this disposable aliases feature and the search tool are ready, otherwise the purpose of trying to keep my online activity private and practical is defeated-
-
Publicarray commented
Idealy a user could choose between these options:
* Accept mail to anything@user.domain.com and deliver it to user+anything@domain.com
* Accept mail to user@anything.domain.com and deliver it to user@domain.com
* Reject mail to anything@anything.domain.comAll a user needs to do is add one more MX record for subdomains: *.domain.com 10 mail.protonmail.ch
-
No one commented
Even Apple mail now supports burner e-mails, where you can create unique addresses for each service. ProtonMail is starting to lag behind with features unfortunately.
-
Anonymous commented
It is annoying how so many web sites require you to create an account with them even if you only ever have a single interaction. I don't like giving out my email address in scenarios like this because I have no desire to establish a relationship with the site and might not trust that they will keep my personal information safe. It would be nice to have the ability to create an unlimited number of temporary, throwaway email address that could be used for these types of signups. You would generate an email address, use it once, then it would be deleted after a short period of time (1 day, 1 week, etc).
-
Ines commented
From the number of Alias change requests it's evident protonmail never got this right, and yet they're happy it walk away from it; we've done it, just use '+'
EXCEPT 1 out 2 sites or services fail using a plus sign.
Sh1ts me to tears.
The fact that I have to toy with the idea of using 'simplelogin.io' says my precious dollars paid for your service are not good value.
-
Friedrich commented
If someone want to give votes to this idea, I strongly suggest to vote for this idea: https://protonmail.uservoice.com/forums/284483-protonmail/suggestions/31264327-send-as. It is the same, but has already more votes. So it would be more likely to get implemented.
Also it would be nice, if someone from ProtonMail could clarify, why this isn't possible although requested since nearly 6 years.
-
John Smith commented
I find the "+" sign functionality to be an acceptable replacement to the disposable email aliases. However can you please change the "+" sign to something else? So many services on the Internet do not accept a plus sign in your email address. A dot or a period would be acceptable.
-
Edmund Laugasson commented
To be honest, it isn't any risk in privacy at all as long as we use enough strong GPG, preferally elliptic curve cryptography (ECC) as of today, e.g. Ed25519. In (near?) future certainly quantum cryptography. I've done it (multi-identity GPG key pair) already: created GPG key pair (ECC) in my computer with gpg2 in Linux command line. GPG supports it already quite a long time ago. I've added all my external aliases to that key pair. Then imported to ProtonMail and set it as default. Would expect, that ProtonMail web interface could allow same key management, including creation and additional email (external aliases) handling.
I would say, that not implementing external aliases feature is much, much higher security risk as we are therefore enforced NOT to use ProtonMail, no matter how much we want and how much we pay already to ProtonMail... But we cannot enforce our work, other organizations to move their domain to ProtonMail in order to use ProtonMail with other emails, that we need to keep due to work, memberships, etc. Therefore we are still using much less secure other email accounts, providers... This is real loss for ProtonMail, I would say - people just won't buy ProtonMail due to that missing crucial feature. Existing customers just cannot fully switch to ProtonMail due to that missing crucial feature of ProtonMail - external aliases.
To be honest - it is almost there: already own domain adding exist. Just some additional development still missing. I've spoken it for some years now (especially no harm at privacy level) and still the feature is missing.
E.g. Google allows such external alias already long time ago. There is just your own SMTP-server needed per alias and it is very fine (it exists). -
Artem commented
This feature is probably the deal breaker for me to start using ProtonMail. I'm able to switch between the free mail services easily while keeping the possibility to reply from the same address the message was sent to.
I know this feature could be considered as a potential privacy risk, but providing the possibility for the ProtonMail users with proper informing of potential privacy risks would be better than nothing at all. -
Anonymous commented
If I understand correctly, an alias contains your user name, for example username+alias@protonmail.com. With this it is easy to determine -- and use -- your username@protonmail.com. If you allow users to determine a set prefix (or suffix), to which they add random unique differentiators, outsiders cannot determine the base user account address. My current provider allows 100 of these, and I use them heavily.
-
Mike commented
Likely just adding a second text box below the From drop down to allow adding the portion after the '+' to an existing address would be ideal.
It should also be automatically populated when replying from an alias, and would need to be saved as part of the drafts/etc. -
Anonymous commented
-
Anonymous commented
-
Tyler Simonds commented
This is an interesting topic. What's the purpose of a disposable alias? I'm genuinely curious. I get that you may not want to give out your address to another entity/account, but what is the actual risk of doing that? How does one build trust when using a disposable alias? If someone emailed me using one then I'd probably ignore it
-
Cindy commented
Judging by the lack of progress, it does not seem like they care enough for this. It has been 4+ years from the day this was suggested. The "Under Review" tag was only there to lead us on.
-
thekimbos commented
Or at least give us an "amnesty" to reclaim a certain number of email address uses. Once a year? Once every three years?
-
[Deleted User] commented
I've tried the Catch-All feature from ProtonMail and the general alias approach (username+alias@....) so I could have aliases like facebook@mydomain which would point to my ProntonMail address so I can track and manage that alias.
Why the Catch-All doesn't work for what I want to achieve?
I want to provide an alias to each service that requires an email to register or contact like a Service which can be done with the Catch-All feature but once enabled, it can be used by spammers to send emails to the service@mydomain that I setup but also to everything else to *@mydomain and ProtonMail doesn't provide a way to track those addresses and reject/deactivate them which makes the life of spammers really easy as they only need to know my @mydomain and then send emails to me as they want like spammer1@mydomain spammer2@mydomain, etc which makes it impossible to block it with filters unless you set a list of whitelisted email addresses which is not easy because everytime I create an account in a service I need to update the list.
Why the general alias approach (eg. username+alias@mydomain) doesn't work for what I want to achieve?
Much of the same as the Catch-All feature but here the spammers need to know my username name and domain which is really easier. Lets say I have username+service@mydomain and ther service shares that address, with a bit of a regex that can remove everything between + and @ which will give them my username@mydomain email address and them start to send spam emails and you can't track which was the original email address that was sold or who sold it, not to say that if the spammers start to send emails to username+whatever@mydomain, I would have to deactivate the whole address username@mydomain to reject all emails which is not optimal as I would have to change all services where I used username+*@mydomain.
In both cases, if you plan to use those features to track who sells your email address, it will not workout as shown by the examples if the spammers do a bit of automation.
Final thoughts
I think the idea of disposable email aliases with proper management feature like create, randomize, disabling/expiring it so the server rejects all messages for those will definitely give my ProtonMail email addresses full privacy.