*Unlimited* Disposable Email Aliases
(to vote for unlimited alias, visit https://protonmail.uservoice.com/forums/284483/suggestions/45394132)
Startmail explains it perfectly. They offer unlimited disposable aliases, which expire within a given amount of time. They also offer custom aliases which can be saved and used indefinitely.
It is the disposable alias which will help protect privacy, when submiting an email to an untrusted recipient. After all, how much privacy do we have if our fixed emails become the foundation for building and selling our marketing profiles, just as is done by gmail. We limit personal activity virtual trails by disposing of aliases for casual uses. But, unlike custom aliases, which build on our identifiable original email address, disposable aliases divert from our true email identity by utilizing a sub-domain created for this specific purpose, such as: xxx@tda.protonmail.com (tda = temporary disposable alias)
You avoid abuse by limiting disposable alias creation on a daily basis. Perhaps 5 max per day.
Here is Startmail's explanation:
https://support.startmail.com/index.php?/Knowledgebase/Article/View/3/0/aliases
The Blur service (by Abine) also offers a "masked mail" free service. But their service is not encrypted:
-
BD commented
I would like to strengthen Justin's comment: vote the other one up some more, if you only have votes on this one.
-
Security Enthusiast commented
I so agree with this and would pay extra for it.
The way yahoo! has implemented this is actually perfect because:
1) Not only can you reply from the disposable email but you can start an email chain from a disposable email as well.
So if I need to initiate contact through email to support@example.com I never need to reveal my real email address.
When the example company gets hacked and my email address gets sold to spammers on the dark web I just turn off that disposable email address, create a new one and update my details with that 1 compromised company if I still need them.2) It really does mask your real email:
e.g.
Real email = name@yahoo.com
You choose the first part of the alias "e.g."mask" and this can only be chosen once and never be changed.
All disposable emails use this mask as the first part so appear as mask-1234@yahoo.com
There is no way to determine from the stolen info (mask-1234@yahoo.com) that your real email is name@yahoo.com.
The Gmail and ProtonMail way of using the "+" alias doesn't really protect you at all as it contains your real email address.
It is not difficult to post process the stolen database and just filter out the + alias.
e.g.
Real email = name@pm.me
Alias = name+1234@pm.me
Process the data to remove everything between "+" and "@" to convert the stolen email back to name@pm.meUsing the yahoo! way can completely eliminate SPAM forever! The issues with yahoo! are:
1) They have a poor security track record and were themselves hacked twice in short succession
2) They don't support 2FA apps (they use SMS codes which can be circumvented using SIM swapping)
3) You can't turn off their SPAM filter. Relevant because you'll never receive SPAM so will only ever result in false positives.If you combine the yahoo! way of disposable emails with a password manager and strong unique passwords your online security is seriously beefed up and you'll never receive SPAM.
-
Security Enthusiast commented
I so agree with this and would pay extra for it.
The way yahoo! has implemented this is actually perfect because:
1) Not only can you reply from the disposable email but you can start an email chain from a disposable email as well.
So if I need to initiate contact through email to support@example.com I never need to reveal my real email address.
When the example company gets hacked and my email address gets sold to spammers on the dark web I just turn off that disposable email address, create a new one and update my details with that 1 compromised company if I still need them.2) It really does mask your real email:
e.g.
Real email = name@yahoo.com
You choose the first part of the alias "e.g."mask" and this can only be chosen once and never be changed.
All disposable emails use this mask as the first part so appear as mask-1234@yahoo.com
There is no way to determine from the stolen info (mask-1234@yahoo.com) that your real email is name@yahoo.com.
The Gmail and ProtonMail way of using the "+" alias doesn't really protect you at all as it contains your real email address.
It is not difficult to post process the stolen database and just filter out the + alias.
e.g.
Real email = name@pm.me
Alias = name+1234@pm.me
Process the data to remove everything between "+" and "@" to convert the stolen email back to name@pm.meUsing the yahoo! way can completely eliminate SPAM forever! The issues with yahoo! are:
1) They have a poor security track record and were themselves hacked twice in short succession
2) They don't support 2FA apps (they use SMS codes which can be circumvented using SIM swapping)
3) You can't turn off their SPAM filter. Relevant because you'll never receive SPAM so will only ever result in false positives.If you combine the yahoo! way of disposable emails with a password manager and strong unique passwords your online security is seriously beefed up and you'll never receive SPAM.
-
Anonymous commented
I agree with this, something like 10minutemail.com but with the possibility to control the time until the address disappear.
If you want to temporarily use a website and may need some information about products, you may need to wait a reply from an help desk... once you are done you make your temporary address disappear.. so that your email address does not end up in plenty of databases for spam and mkting purposes
tnx -
Anonymous commented
simplelogin.co +1
-
Justin Flores commented
This seems to be the same request with more votes, can we consolidate votes to push it up?: https://protonmail.uservoice.com/forums/284483-feedback/suggestions/34619938-shared-access-to-a-single-email-address-by-multipl
-
Anonymous commented
I use simplelogin.co for this. If PM does do this, please draw some inspiration from that.
-
John commented
Catch-All is NOT a good idea.
Catch-all email addresses were created to ensure that no email to the domain would be rejected and lost. Catch-all domains accept all email without rejection. Though useful for those concerned about potentially missing important messages due to typos in the mailbox, spammers soon took advantage of the opportunity before them. All they need is the domain name. They do not need to hunt for usernames, guess usernames, or scrape email addresses. They simply put whatever they want in front of the domain and send their messages — and those messages arrive as intended. As a result, catch-all boxes tend to get flooded with spam and become unusable.
-
John commented
SimpleLogin and Anonaddy can READ your emails, yeah yeah they say that don't read anything but THEY can if they want, even they say:
"No service can be 100% secure at all times so please do not use this service to forward emails containing highly sensitive information such as bank or cryptocurrency information"
So, I don't want any of those services, I prefer everything under protonmail, so we need UNLIMITED addresses!!!
-
Anonymous commented
I use Protonmail with SimpleLogin to create email alias. I prefer this service over Albine as it’s open source and offers unlimited forwards/sends.
Personally I think having a third party for creating email aliases is better than have this built-in in Protonmail as I also use other email services.
-
Andre commented
This would be great, something like "Hide My Email for Sign in with Apple" (https://support.apple.com/en-us/HT210425)
Not disposable aliases, but aliases kept indefinitely until we don't need anymore the service we subscribed to with that alias. -
Alex commented
+1
-
Lionel commented
Aliases are very practical for security. In case of compromise of the address, it is enough to change alias instead of changing the whole mailbox.
But it would be better than when creating an alias, as soon as a person contacts this alias, that it is replaced by a series of letters and numbers. Thus, it is impossible to compromise the original address. Thus, no risk of spam. Never. I explain my idea...
Example: I can register on Amazon with:
my-email@protonmail.com
But instead I put an alias:
my-email+amazon-1@protonmail.com
And as soon as Amazon contacts me, the email displayed in the inbox becomes:
76Hjf0Jdl682jdf@protonmail.com
This sequence of numbers and letters is unique and assigned only with this unique alias. If I change the alias, the code changes.
Thus, the base address "my-email" will never appear in other people's mailbox, making it impossible to compromise the root email. The alias may be compromised, in which case it is changed.
Because right now, if Amazon sends me an email and I respond, the contact displayed is no longer my-email+amazon-1@protonmail.com but my-email@protonmail.com.
Thus, the "naked" email is found filled. The alias then loses all its meaning.
I hope I have been clear in my explanations.
Thank you for reading, thank you for voting ;-) -
Edmund Laugasson commented
The problem still persists and prevents fully adopting ProtonMail for people who cannot move current email domain to ProtonMail. Obviously we realize, that gmail.com, yahoo.com, any university or other institution domain is impossible to move to ProtonMail. Therefore it is very ambitious if ProtonMail thinking that this is possible. Sounds like people are tired of convincing ProtonMail in external aliases and it's encryption importance...
Besides - same applies to used GPG encryption key pair as well as we need to encrypt, decrypt also our emails together with these external aliases. Currently outside ProtonMail created key pair with multiple emails is possible to import into ProtonMail. Would be nice to generate, edit ECC (Elliptic Curve Cryptography) key (e.g. Ed25519) directly in ProtonMail and change everything needed to be changed (emails, photo, expire date, etc). -
Kennedy commented
Because an email address is a personally identifying piece of information that is shared across the internet, it'd be nice if we could make an address per online account.
I've considered buying a random online domain and marking an address on that domain as "catch all", but that solution seems like a hack. Also, since I'm the only one who would be using that domain, there's no privacy through obscurity.
I'm aware that the corporate internet community probably wouldn't like something like this, and because of that there might be trust issues and domain blacklisting on various services such as Gmail. Still, I'd like some kind of solution like this.
-
jens commented
Plus accounts provide five email addresses, but regardless one option
maybe to use part of email users name with the addition of maps.
This may be a default method for Disposable emails as (corny as it sounds) maps is spelt backwards is SPAM . The user could then
add a time line after the insertion of maps example : keileymaps7@protonmail.com. The maps inclusion of 7 would mean after
7 days the email would be deleted automatically. I am adjusting to the many features of Protonmail so excuse any ignorance !but any number entered after maps would allow protonmail users how many day , or days a user to needed the email to exist before automatically deleting.
In addition to keep track of Disposable email then keiley1maps7@protonmail.com ,keiley2maps5@protonmail.com .etc -
Aaron commented
imo doling out fictitious internet handles draws shady business. this is a community ... at the end of the day, do we want our community to enable a feature that will draw shady internet figures with possibly criminal intents to join us on board this ship and destroy the credibility of what were hoping to make a case for, the right to request an avenging agent of the law or otherwise to cease their pursuit of our personal information? Regardless of if others concede or not, I don't have this service because it hides my face ... I have it because it hides my ass ... those of you requesting this feature should think on that for a minute ... instead of running from our pursuers, lets run at them and transform the web into a safer place where having to hand out real contact info is no longer a fear we have to live under. Again, just my opinion, but that's what I'm standing by
-
Potato commented
ProtonMail should at least provide this feature for paying users.
I understand they do not want unlimited aliases to retain some good addresses for new users. But they should at least allow us to trash aliases on some disposable domain! -
Filippo commented
please support this idea!!!
-
kroger commented
Thank you so much for the great idea to get unlimited disposable email addresses. I will use them to take a kroger survey to get some exciting cashbacks and points on https://www.krogerfeedback.red/ official website.