Posts

It is a good bet that one of the many organizations that have your personal, or business email address will lose, misuse, or mishandle it in some way. It is also highly likely that it will be days (or longer) before you are informed of the breach (if ever). Time that gives whoever has your information ample opportunity to discover your other accounts which use that same email address.

If you’re employing psuedonyms (or aliases) for non-official accounts & communications your pseudonym is going to need an email address.

It’s true that strong, unique passwords help to protect those accounts, it is email discovery that makes them easy to find in the first place. If you are like most & use the same or similar passwords across the web, then it becomes a race against time to see who can move faster to secure your other accounts, you, or the bad guys.

Using email aliases with forwarding provides a layer of protection between you, & the mishandling of your information which exposes all your other accounts.

How email forwarding works

An email address has 2 parts. In the example: johnsmith@domain.com the section before the “@” is called the local part. The area after the “@” is called the domain.

Email forwarding (also called ’email alias’ services) allows you to create unique, real email addresses on the fly to use as needed. They function by using a “catch-all” feature of the domain part, while automatically recognizing any local part that you create as a valid email address, & then forwards it to you. No, you do not have to keep up with multiple inboxes. You manage your aliases from a single dashboard.

Most email forwarding services have a slew of domains to choose from with which you can create your addresses. However, for more control I recommend using your own domain, & I’ll be touching more on that down the page.

A typical use case…

Let’s assume you’re all set up, & are using your own custom domain “wabalubadubdub.com“. One day you want to sign up for something named “bobs newsletter”. Bob (like everyone) requires your email address. You simply make one up on the fly (no need to create it in a dashboard first) just for Bob such as “bobsnewsletter@wabalubadubdub.com“. Bob sends the email confirmation, which is forwarded to your main email address, you confirm. Now you are now signed up with Bob’s Newsletter.

In the admin panel of your email forwarding account, “bobsnewsletter@wabalubadubdub.com” has been created. All emails sent from Bob are forwarded to you through it. Bob only knows the email address that you have given him. Bob has no connection to or awareness of the address that his newsletter is being forwarded to. If Bob loses your email address, you just go to your dashboard & delete it. Since you have created an email address just for Bob, it’s not being used on any other accounts.

This also works offline such as sharing your email with new acquaintances, signing up for rewards cards, or applying for credit. You can literally create an email address on the fly that is only used for that purpose. You can also reply from that alias address from the inbox that it’s been forwarded to.

For Businesses

Business owners are constantly striving to keep personal business separate from their professional lives. That generally means signing up for all your business-related accounts using one or the same few business email addresses. Sooner or later your business inbox becomes the same unmanageable hodgepodge of offers, updates, & spam as your personal inbox. You cannot delete the address because you are using it in other places.

Using forwarding email addresses (or aliases) to separate your accounts is a great way to manage your business inbox, & keep it clean from excessive communication & spam from each individual source. You can even give each client their own email address for that extra touch of personalization.

NOTE: If you are going to use email forwarding services in this manner, I HIGHLY recommend using the paid version of the service that allows you to use your own custom domain. Should that service discontinue or change things you still own your domain & can recreate any email addresses as you need to. If you are only using the free version & something changes, you’re assed out & lose all functionality.

For Parents

Protecting your kids from the wild west of the internet can be a seemingly impossible chore. Kids rarely understand the dangers of giving out too much information, or which information can

be used to find other information about them, & your household. Having an email forwarding account for them to create alias addresses on the fly not only provides a layer of protection between them & their “main” email account, it also gives you management over what they’re singing up for, & the ability to cut off communication from accounts that have jumped the shark. It also allows you to check to see if any of their alias email addresses have been compromised in a data breach.

Choosing an email forwarding service

There are a few forwarding services out there including 33mail, ImprovMX, MySudo & others ranging from free & limited, to monthly fees. Each with different features & limitations. For my needs I wanted was easy to set up, stable enough that I wasn’t worried about them going out of business & leaving me hanging, had no limitations on the number of aliases I could create, allowed me to use my own domain, & that wasn’t expensive.

@Michael Bazzel of Intel Techniques, & who produces The Privacy, Security, & OSINT podcast (among other things) spoke favorably about AnonAddy some time back. I checked it out. It hits all the sweet spots for me & offers a few features that I had not considering such as Open PGP Encryption, Chrome & Firefox add-ons, & the ability to use multiple custom domains (paid version).

The 3 suggestions that follow assume you are using AnonAddy to manage your email aliases, but the strategies should apply to whatever email forwarding service you’re using.

Setting up your AnonAddy account

AnonAddy has 3 levels. Free, Lite, & Pro. The free plan gives you enough to get started if you just want to test it out, but for long term use you are limited to the free domains that they make available to you.

I recommend the LITE plan because it’s cheap ($1mo.) & it gives you the ability to use your own custom domain which to me is a critical control. Although I do not expect it, should something happen to AnonAddy & you are on the free plan you may lose your alias addresses, potentially with no way to recover them. Then you would have to change the email address on all your accounts. Not good.

By using your own domain no matter what happens you always own & control it. If need be you can recreate your forwarding aliases either on another service, or manually. But at least you do not lose access to those accounts.

If registering a new domain be sure to opt-in for Who is Lock Privacy, & Transfer Lock, so that your domain registration information is private.

Of course, you need to already own, or register a domain to use for this purpose (about $14 yr). Use Hover, Go Daddy, whatever you like. Get creative & register whatever you want that is available. Remember, you may be using your new alias capabilities on professional accounts, resume’s, & such so you may want to refrain from registering anything risqué’ or immature.

There’s no reason for me to recreate the wheel here, AnonAddy has perfectly good instructions on how to set up your custom domain. It requires you to have access to the DNS settings of the domain so that you can verify ownership, & make it work through their email servers. Should you run into issues contact support at your domain registrar (For instance Hover or Go Daddy) for assistance setting up the records properly.

Obviously if budget is an issue the free options are awesome & choosing from the ample selection of domains to use will be simply fine. However, my fear is, just like with VPN’s that some email server admins will get wise to the free forwarding domains & start to block them. This may never happen, but I do not like depending on everything to go exactly right.

AnonAddyForwarding your aliases to an inbox

When setting up your AnonAddy account (or whatever service you are using) you will be prompted to provide an email account to forward your alias addresses to. For this purpose, I have another single use private email address, on an encrypted service that allows multiple inboxes.

I do not recommend using a free email account for this. By now you’ve probably heard that services like Gmail scan your emails so that they can advertise your interests to you. If you now start sending all your account emails through Gmail, you are just doing the same thing…. giving them everything about you. Enough to build a solid profile whether you use that Google account for anything else or not.

If you’re not already using one, consider Protonmail ,Tutanota or another encrypted, private email service. Besides the obvious benefits of using encrypted, secure email, these companies are privacy-focused, & do not make money from advertising. I use the paid versions but even the free versions of both are better than free email accounts from the big 3 (Microsoft, Google, Yahoo) or your cable company. And you certainly don’t want to use your work email.

Suggestions for setting up your forwarding aliases.

Again, wheel already created. AnonAddy has easy to follow instructions for setting up your aliases. When you first get started you’ll be tempted to create cute aliases, or use the automatically generated unique ones which trust me, will get confusing & hard to remember once you have 20+ aliases in your dashboard. There are appropriate use cases for creating randomly generated addresses, but maybe not with accounts that you use frequently.

Using the above example “@wabalubadubdub.com” as your domain one suggestion is using the name of the company as the local name of the alias address. For instance if creating a forwarding email address for Bacteria Frap Water Park, simply make the forwarding email that you use for them “bacteriafrap@wabalubadubdub.com“. This will make them easier to find, manage, & delete should they become compromised, or ends up sending a lot of spam.

If you are worried about someone figuring out your naming system & spamming, you could add a code or additional special word that only you know to the end of the local part of the email address. Examples: “backteriafrap007@@wabalubadubdub.com“, “bobsnewsletter-hunting@@wabalubadubdub.com“. Get creative with that, use underscores, dashes, or whatever works for you.

If you forget an alias address it is easy enough to log into AnonAddy to refresh your memory. They do not have a mobile app, but the responsive version of their website works fine.

Also, make sure that all your accounts have a way to recover them should you lose access to your primary way.

Test, discover, have fun

You will find many marvelous uses for your forwarding capabilities, & in some cases discover a slight sense of anonymity. Knowing that none of your accounts use repeated emails, thereby not leading to another account, gives you a very freeing sense of privacy & security. I have found many uses for using my email aliases including:

  • Social Media accounts
  • Downloading industry white papers
  • Friends & family
  • Resume’s
  • Rewards programs
  • Online communities
  • Web services
  • Contests / Raffles
  • Political organizations
  • Membership sites
  • Newsletter sign ups
  • Petitions / Polls

Since I’ve started using email forwarding, I’ve stopped giving out my “real” email addresses to anyone. Having this tool in your arsenal will make you more aware of how many things ask for your email, & scrutinize who is worthy of the risk, & why is not. I firmly believe having the ability to create email aliases on the fly is a critical tool to have in your privacy tool kit.

While I encourage sharing what you know to help friends, & family protect their privacy & strengthen their security, you should never let anyone know your exact privacy strategy, or any personal details surrounding it.