What are Email Aliases?

A brief on email aliases and why they are important for privacy protection.

As the name suggests, an email alias is an alternative or forwarding email address that you use in place of the actual one. So any email sent to the alias address (say, alias@example.com) is forwarded to the actual address (say, me@example.com). Using this technique, you can create unique alias addresses for each service that you'd like to sign up for e.g. twitter@example.com, github@example.com and so on, each associated with the same email address. If any of these services happen to be in a breach and your data is found online, you'll know the exact culprit.

This sounds simple but the actual usage (and tradeoffs) depend on the email service you choose. Let's look at a few options.

If you use Gmail, you can add +alias suffix to your email address e.g. me+twitter@gmail.com, me+github@gmail.com, where me@gmail.com is your actual email address. This trick also works with Protonmail. Some services have wisened up to this trick, but it still works for a majority of services. This approach works well if you are only receiving emails though, and not if you plan to correspond with the sender.

If you need aliases for two-way communications, the best approach is to set up a mail account with paid services like Google Workspace or Zoho at your own domain e.g. example.com. Both services offer a generous 30 aliases limit per account, and Zoho even offers this in their free tier. Protonmail allows you to add additional addresses too, but the starter edition only offers 5 aliases, which is too low to be actually useful.

Zoho email alias configuration

Finally, a service like SimpleLogin offers a hybrid approach. Create an account and the desired aliases at one of the public domains available, or your personal domain if you have one. Emails sent to the aliases are forwarded on to your registered email address. SimpleLogin offers a privacy-focused solution; it is open source, supports custom domains, and advanced security options like two-factor authentication and PGP encryption. The free edition offers 15 aliases, and you can upgrade for unlimited aliases.

SimpleLogin email alias registration

Irrespective of the option you choose, email aliases are a significantly better way to sign up for services, improving your privacy posture and offering better data breach attribution in the process.

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe