A Review of Anonymous Mailbox Services - Putting a Mask on Your Mailbox

Preface

As security and privacy awareness grows, more and more people have become more cautious about giving out their mobile phone and bank card numbers, and are aware of the need to try to use different random strong passwords for each service. In contrast, the security of email addresses has previously received insufficient attention. In fact, email addresses are part of personal information and deserve more care before handing them over. Imagine being able to use a different random anonymous email address for every registration, wouldn't that be cool too?

In fact, such anonymous email services are becoming mainstream. On iOS 15 launched in September, Apple updated the "iCloud+" feature, which includes an anonymous mailbox service called "Hide My Email"; on 16 November, Firefox browser also launched a similar Firefox Relay feature. Together with Fastmail and DuckDuckGo, there are more choices of anonymous mailboxes than ever before. In this article, we will make a comparison of these mainstream anonymous mailbox services to help you choose.

Mailbox Alias - Simple Mailbox Anonymity Solution

Before we get into the formal comparison, it's important to briefly mention the "mailbox alias" (alias) feature. This feature has been supported by many email services for a long time, and can be regarded as a simple version of anonymous email solution. Specifically, an alias is a "nickname" for an email address, and emails sent to the alias will share the inbox with the main email address.

Plus address

The simplest and most common way to create an alias is to add a plus sign ("+") and any string after the domain part of the email address (i.e., the username as the saying goes), and this technique is supported by commonly used email services such as Gmail, Outlook, iCloud, and so on. (The plus address is defined by the RFC5233 standard, which does not restrict what symbols can be used as alias separators, but in practice the vast majority of mail services use the plus sign.)

For example, if you have an email address of [email protected], then emails to sspai+aaa@gmail.com, sspai+bbb@gmail.com are sent to the address [email protected].

Convenient is convenient, but if this is done for privacy reasons, there are two problems:

1. it's easy to find out the original email name - just remove the "+" and you're done!
2. you can't use "+" alias to send and reply, once you reply, it will reveal your main email address.

Therefore, "+" mailbox alias is more suitable for setting email filtering rules, but not the best option for privacy protection.

Customising mailbox aliases

Besides the plus address, some mailbox services provide customised alias function, such as Outlook, which allows you to set up an alias that is not related to the main mailbox. And Outlook aliases can be used not only for sending and receiving mail, but also for signing in to your Microsoft account, which is equivalent to having multiple mailboxes associated with one account.

You can manage aliases in [Microsoft Account - Your Info - Account Info - Edit Account Info] Outlook supports adding up to 10 aliases, each of which can be set as a primary alias or deleted at any time. This is very useful if you add an alias with more random characters, it can be used as a "half" anonymous mailbox.

But it has limitations. Firstly, the maximum number of aliases you can add is 10, so you can't add unlimited aliases. Secondly, adding aliases has a frequency limit, usually after adding 3 or 4 aliases, you can't add any more for a while (even deleting existing aliases won't restore them), so it's not suitable for mass-use scenarios.

There is a limit to how often aliases can be added.

In general,** mailbox aliases are still more suitable for distinguishing different types of communications, such as private, work, school with address**. You can set up some relatively memorable prefixes consisting of names, nicknames, organisation names, etc., which can also make it easier to distinguish yourself from the recipients of your communications. (After all, an anonymous mailbox consisting of a bunch of random characters printed on business cards and application letters doesn't look too good either.)

However, for the purpose of privacy protection, the protection provided by mailbox alias is still insufficient, which leads us back to the topic of this article - anonymous mailbox service.

Introduction and Evaluation Criteria of Anonymous Email Service Players

At present, in the market of anonymous mailbox service, there are veteran powerhouses and new faces rubbing their hands. In this article, we will choose five representative services - Firefox Relay, SimpleLogin, iCloud+ Hide My Email, Fastmail (in co-operation with 1Password), DuckDuckGo Email Protection for comparison.

In my opinion, the main evaluation criteria for anonymous email services should include the following dimensions:

Most Important - affecting usability features:

• Cost options: Free or paid, and the feature gap between the two. This is chosen according to one's budget. However, in general, anonymous email services are paid to use to have better functionality, and free plans are mostly just enough for a simple experience.

• The number of aliases supported to be created: Generally paid services support unlimited aliases, also try to choose the service that supports unlimited aliases, so as not to hit the upper limit in the process of using.

• Upper limit of forwarding mail size: The principle of anonymous mailbox service is to forward the mail sent to alias to your real mailbox to achieve the effect of privacy protection. If it only supports smaller email forwarding, then it is not applicable to occasions where you need to receive a large number of pictures and files, and is only applicable to scenarios such as ordinary registration to receive CAPTCHA.

• Whether alias reply is supported: i.e. when replying to an email forwarded to an anonymous email address, whether the anonymous email address can be used as the sender without revealing the real email address.

• Second most important - features that affect ease of use:

• Connect with existing accounts: If you are originally an old user of the account system of iCloud, 1Password, etc., then you can give priority to the anonymous mailbox service launched by them, which is more convenient.

• With or without mobile application: Consider whether the background management interface (dashboard) only provides desktop web version, or provides mobile application version together? If you often need to operate on mobile phones, then it is recommended to choose a service that provides mobile applications.

• **Browser extension support: **It is recommended to choose a service that supports a wide range of browsers, in case you need to switch, it is more convenient to migrate.

Relatively unimportant features:

• Whether custom domain name is supported: The main usage scenario of anonymous email is to register an account, which may not necessarily require a custom domain name to show personality. However, most paid services support custom domain names.
• Whether alias sending is supported: Although it is more important to reply emails with an alias, using it to send emails directly is a relatively rare requirement.
• Other features: e.g., encryption, removal of email trackers, etc.; many of these features can be implemented through an email client or are not as directly relevant to privacy protection.

Based on the above criteria, we first give a table of for the reader to review:

(2022-08-25 Editor's note: DuckDuckGo's privacy mailbox was opened for registration in August 2022.)

Accordingly, the advice is:

• If you're an Apple Full Bucket user, need iCloud space, and don't want to compromise: choose iCloud+ Hide My Email.
• If you are a Fastmail or 1Password user and want to upgrade your experience: choose Fastmail + 1Password.
• If you need more power and want more privacy: SimpleLogin
• If you just want to try anonymous mailboxes, or if you like Firefox: choose Firefox Relay.

If you are interested in the specific performance of each player in the above comparison dimensions, as well as the specific reasons for the above recommendations, follow along below to continue exploring.

How to differentiate the use of email addresses - advice from personal experience

Before concluding, I would like to make a few suggestions on how to differentiate the use of email addresses based on my personal experience for the reader's reference:

1. for formal communication and application (e.g. resume, joining Workspace): use the main mailbox prefixed with your name and English name.
2. for device logins (Apple ID, Microsoft Account, game console accounts, etc.): use an alias prefixed with a nickname, because it's too much of a hassle to enter a random email address, especially on a PlayStation where you have to use a joystick to enter it 🥲.
3. credit card statements and other finance related: use a separate alias and don't provide it to anyone but your bank.
4. other account signups: use an anonymous email address, forward to the main email address
5. newsletter subscription: my habit is not to subscribe by email, but to use a service like Kill the Newsletter, generate a subscription link and then subscribe directly to the newsletter using a news reader.