A Review of Anonymous Mailbox Services - Putting a Mask on Your Mailbox

A Review of Anonymous Mailbox Services - Putting a Mask on Your Mailbox


As security and privacy awareness grows, more and more people have become more cautious about giving out their mobile phone and bank card numbers, and are aware of the need to try to use different random strong passwords for each service. In contrast, the security of email addresses has previously received insufficient attention. In fact, email addresses are part of personal information and deserve more care before handing them over. Imagine being able to use a different random anonymous email address for every registration, wouldn't that be cool too?

In fact, such anonymous email services are becoming mainstream. On iOS 15 launched in September, Apple updated the "iCloud+" feature, which includes an anonymous mailbox service called "Hide My Email"; on 16 November, Firefox browser also launched a similar Firefox Relay feature. Together with Fastmail and DuckDuckGo, there are more choices of anonymous mailboxes than ever before. In this article, we will make a comparison of these mainstream anonymous mailbox services to help you choose.

Mailbox Alias - Simple Mailbox Anonymity Solution

Before we get into the formal comparison, it's important to briefly mention the "mailbox alias" (alias) feature. This feature has been supported by many email services for a long time, and can be regarded as a simple version of anonymous email solution. Specifically, an alias is a "nickname" for an email address, and emails sent to the alias will share the inbox with the main email address.

Plus address

The simplest and most common way to create an alias is to add a plus sign ("+") and any string after the domain part of the email address (i.e., the username as the saying goes), and this technique is supported by commonly used email services such as Gmail, Outlook, iCloud, and so on. (The plus address is defined by the RFC5233 standard, which does not restrict what symbols can be used as alias separators, but in practice the vast majority of mail services use the plus sign.)

For example, if you have an email address of [email protected], then emails to sspai+aaa@gmail.com, sspai+bbb@gmail.com are sent to the address [email protected].

Convenient is convenient, but if this is done for privacy reasons, there are two problems:

  1. it's easy to find out the original email name - just remove the "+" and you're done!
  2. you can't use "+" alias to send and reply, once you reply, it will reveal your main email address.

Therefore, "+" mailbox alias is more suitable for setting email filtering rules, but not the best option for privacy protection.

Customising mailbox aliases

Besides the plus address, some mailbox services provide customised alias function, such as Outlook, which allows you to set up an alias that is not related to the main mailbox. And Outlook aliases can be used not only for sending and receiving mail, but also for signing in to your Microsoft account, which is equivalent to having multiple mailboxes associated with one account.

You can manage aliases in [Microsoft Account - Your Info - Account Info - Edit Account Info] Outlook supports adding up to 10 aliases, each of which can be set as a primary alias or deleted at any time. This is very useful if you add an alias with more random characters, it can be used as a "half" anonymous mailbox.

But it has limitations. Firstly, the maximum number of aliases you can add is 10, so you can't add unlimited aliases. Secondly, adding aliases has a frequency limit, usually after adding 3 or 4 aliases, you can't add any more for a while (even deleting existing aliases won't restore them), so it's not suitable for mass-use scenarios.

There is a limit to how often aliases can be added.

In general,** mailbox aliases are still more suitable for distinguishing different types of communications, such as private, work, school with address**. You can set up some relatively memorable prefixes consisting of names, nicknames, organisation names, etc., which can also make it easier to distinguish yourself from the recipients of your communications. (After all, an anonymous mailbox consisting of a bunch of random characters printed on business cards and application letters doesn't look too good either.)

However, for the purpose of privacy protection, the protection provided by mailbox alias is still insufficient, which leads us back to the topic of this article - anonymous mailbox service.

Introduction and Evaluation Criteria of Anonymous Email Service Players

At present, in the market of anonymous mailbox service, there are veteran powerhouses and new faces rubbing their hands. In this article, we will choose five representative services - Firefox Relay, SimpleLogin, iCloud+ Hide My Email, Fastmail (in co-operation with 1Password), DuckDuckGo Email Protection for comparison.

In my opinion, the main evaluation criteria for anonymous email services should include the following dimensions:

Most Important - affecting usability features:

Relatively unimportant features:

Based on the above criteria, we first give a table of for the reader to review:

(2022-08-25 Editor's note: DuckDuckGo's privacy mailbox was opened for registration in August 2022.)

Accordingly, the advice is:

If you are interested in the specific performance of each player in the above comparison dimensions, as well as the specific reasons for the above recommendations, follow along below to continue exploring.

How to differentiate the use of email addresses - advice from personal experience

Before concluding, I would like to make a few suggestions on how to differentiate the use of email addresses based on my personal experience for the reader's reference:

  1. for formal communication and application (e.g. resume, joining Workspace): use the main mailbox prefixed with your name and English name.
  2. for device logins (Apple ID, Microsoft Account, game console accounts, etc.): use an alias prefixed with a nickname, because it's too much of a hassle to enter a random email address, especially on a PlayStation where you have to use a joystick to enter it 🥲.
  3. credit card statements and other finance related: use a separate alias and don't provide it to anyone but your bank.
  4. other account signups: use an anonymous email address, forward to the main email address
  5. newsletter subscription: my habit is not to subscribe by email, but to use a service like Kill the Newsletter, generate a subscription link and then subscribe directly to the newsletter using a news reader.