*Unlimited* Disposable Email Aliases
Startmail explains it perfectly. They offer unlimited disposable aliases, which expire within a given amount of time. They also offer custom aliases which can be saved and used indefinitely.
It is the disposable alias which will help protect privacy, when submiting an email to an untrusted recipient. After all, how much privacy do we have if our fixed emails become the foundation for building and selling our marketing profiles, just as is done by gmail. We limit personal activity virtual trails by disposing of aliases for casual uses. But, unlike custom aliases, which build on our identifiable original email address, disposable aliases divert from our true email identity by utilizing a sub-domain created for this specific purpose, such as: firstname.lastname@example.org (tda = temporary disposable alias)
You avoid abuse by limiting disposable alias creation on a daily basis. Perhaps 5 max per day.
Here is Startmail's explanation:
The Blur service (by Abine) also offers a "masked mail" free service. But their service is not encrypted:
Tyler Simonds commented
This is an interesting topic. What's the purpose of a disposable alias? I'm genuinely curious. I get that you may not want to give out your address to another entity/account, but what is the actual risk of doing that? How does one build trust when using a disposable alias? If someone emailed me using one then I'd probably ignore it
Judging by the lack of progress, it does not seem like they care enough for this. It has been 4+ years from the day this was suggested. The "Under Review" tag was only there to lead us on.
[Deleted User] commented
I've tried the Catch-All feature from ProtonMail and the general alias approach (username+alias@....) so I could have aliases like facebook@mydomain which would point to my ProntonMail address so I can track and manage that alias.
Why the Catch-All doesn't work for what I want to achieve?
I want to provide an alias to each service that requires an email to register or contact like a Service which can be done with the Catch-All feature but once enabled, it can be used by spammers to send emails to the service@mydomain that I setup but also to everything else to *@mydomain and ProtonMail doesn't provide a way to track those addresses and reject/deactivate them which makes the life of spammers really easy as they only need to know my @mydomain and then send emails to me as they want like spammer1@mydomain spammer2@mydomain, etc which makes it impossible to block it with filters unless you set a list of whitelisted email addresses which is not easy because everytime I create an account in a service I need to update the list.
Why the general alias approach (eg. username+alias@mydomain) doesn't work for what I want to achieve?
Much of the same as the Catch-All feature but here the spammers need to know my username name and domain which is really easier. Lets say I have username+service@mydomain and ther service shares that address, with a bit of a regex that can remove everything between + and @ which will give them my username@mydomain email address and them start to send spam emails and you can't track which was the original email address that was sold or who sold it, not to say that if the spammers start to send emails to username+whatever@mydomain, I would have to deactivate the whole address username@mydomain to reject all emails which is not optimal as I would have to change all services where I used username+*@mydomain.
In both cases, if you plan to use those features to track who sells your email address, it will not workout as shown by the examples if the spammers do a bit of automation.
I think the idea of disposable email aliases with proper management feature like create, randomize, disabling/expiring it so the server rejects all messages for those will definitely give my ProtonMail email addresses full privacy.
The most voted feature, more voted on than ProtonDrive
I currently use SimpleLogin and love it. However, it would be better if it was a built-in function in ProtonMail.
Would like to not have to use anonaddy anymore
Similar to the links provided in the original post, fastmail's catch all Aliasing works well for this https://www.fastmail.com/help/receive/aliases.html and https://www.fastmail.com/help/receive/alias-catchall.html . I understand the concerns around catch-alls, but the ability to set specific aliases with regex in the them would be excellent.
Example: alias*@<customdomain>.com as a redirect to a primary address.
Also having normal aliases: <name>@<domain> and having <alias>@<domain> seems like it really should exist without having to set up one of a very limited number of addresses.
Similarly, an NYM like service would also solve the problem much of the time.
this is something I can only dream of. No need to use anonaddy ever again
I will pay for this feature. get some new domain names for disposable generated emails and that way protonmail.com, protonmail.ch and pm.me can still be official email usernames while another domain names can be used for an disposable email
I don’t understand where is the problem with e.g. having one slot for changeable, randomly generated address for paid accounts, that can only receive email.
Would be great to be able more securely exchange contact information with friends via chat or pm on social network sites and forums that mishandle data as well as to sign up on such sites.
Fix the @#$!Ng "+" sign to a dot or dash for cripes sake. We've only been asking for it, like +4years.
This is what SimpleLogin offers which is a email alias service that protect users from email spam from databreaches. I would like to see protonmail offer this even if it is for paid users only. Even if this means protonmail gets a few new domain names such as pmalias.com, protonmailalias.com, pmalias.me, etc and users cannot make accounts using these domain names but can make as many alias accounts as they want with these domain names.
I understand you can already have "aliases" such as 5 email addresses for a paid account or use the "+" but this does not protect protonmail users for email spam if their online accounts get hacked.
So if your protonmail username is email@example.com you can create aliases such as...
And these aliases does not reveal the true owner of these email addresses if the website they have an account on has a databreach.
The sole reason why I'm not a paying customer, yet.
You should be able to disable and re-enable them.
Security Enthusiast commented
I so agree with this and would pay extra for it.
The way yahoo! has implemented this is actually perfect because:
1) Not only can you reply from the disposable email but you can start an email chain from a disposable email as well.
So if I need to initiate contact through email to firstname.lastname@example.org I never need to reveal my real email address.
When the example company gets hacked and my email address gets sold to spammers on the dark web I just turn off that disposable email address, create a new one and update my details with that 1 compromised company if I still need them.
2) It really does mask your real email:
Real email = email@example.com
You choose the first part of the alias "e.g."mask" and this can only be chosen once and never be changed.
All disposable emails use this mask as the first part so appear as firstname.lastname@example.org
There is no way to determine from the stolen info (email@example.com) that your real email is firstname.lastname@example.org.
The Gmail and ProtonMail way of using the "+" alias doesn't really protect you at all as it contains your real email address.
It is not difficult to post process the stolen database and just filter out the + alias.
Real email = email@example.com
Alias = firstname.lastname@example.org
Process the data to remove everything between "+" and "@" to convert the stolen email back to email@example.com
Using the yahoo! way can completely eliminate SPAM forever! The issues with yahoo! are:
1) They have a poor security track record and were themselves hacked twice in short succession
2) They don't support 2FA apps (they use SMS codes which can be circumvented using SIM swapping)
3) You can't turn off their SPAM filter. Relevant because you'll never receive SPAM so will only ever result in false positives.
If you combine the yahoo! way of disposable emails with a password manager and strong unique passwords your online security is seriously beefed up and you'll never receive SPAM.
I use simplelogin.co for this. If PM does do this, please draw some inspiration from that.
Catch-All is NOT a good idea.
Catch-all email addresses were created to ensure that no email to the domain would be rejected and lost. Catch-all domains accept all email without rejection. Though useful for those concerned about potentially missing important messages due to typos in the mailbox, spammers soon took advantage of the opportunity before them. All they need is the domain name. They do not need to hunt for usernames, guess usernames, or scrape email addresses. They simply put whatever they want in front of the domain and send their messages — and those messages arrive as intended. As a result, catch-all boxes tend to get flooded with spam and become unusable.
I use Protonmail with SimpleLogin to create email alias. I prefer this service over Albine as it’s open source and offers unlimited forwards/sends.
Personally I think having a third party for creating email aliases is better than have this built-in in Protonmail as I also use other email services.
This would be great, something like "Hide My Email for Sign in with Apple" (https://support.apple.com/en-us/HT210425)
Not disposable aliases, but aliases kept indefinitely until we don't need anymore the service we subscribed to with that alias.
imo doling out fictitious internet handles draws shady business. this is a community ... at the end of the day, do we want our community to enable a feature that will draw shady internet figures with possibly criminal intents to join us on board this ship and destroy the credibility of what were hoping to make a case for, the right to request an avenging agent of the law or otherwise to cease their pursuit of our personal information? Regardless of if others concede or not, I don't have this service because it hides my face ... I have it because it hides my ass ... those of you requesting this feature should think on that for a minute ... instead of running from our pursuers, lets run at them and transform the web into a safer place where having to hand out real contact info is no longer a fear we have to live under. Again, just my opinion, but that's what I'm standing by
ProtonMail should at least provide this feature for paying users.
I understand they do not want unlimited aliases to retain some good addresses for new users. But they should at least allow us to trash aliases on some disposable domain!