Privacy, Security
What is Email Masking?
Nov. 2, 2021 (updated Jan. 20, 2023) / My Data Removal Staff
In recent years, really since around 2013 when Snowden leaked that the NSA was spying on all Americans (and the whole world), privacy has become more of an issue. Technological advances are making surveillance easier than ever.
Spam seems to be at an all-time high. Junk mail and spam emails aren’t new, but they are becoming more sophisticated. The spam phone calls and texts are also feeling more invasive and ubiquitous.
The average adult has around 100 online accounts. That is a lot to juggle and a lot of exposure. The odds of one or more of your accounts being leaked this year gets pretty high when you have so many.
Many sites and services don’t actually need to know our real information to be able to provide us with a service. Starbucks will give you your coffee no matter what you say your name is. MyFitnessPal will help you track your calories even if you say your name is Ronald McDonald.
What is email masking?
Simply put, email masking is using a different email address that forwards all emails to your primary inbox. It often doesn’t let the person sending you emails know what your real address is or even that you are using a masked email address.
An example of email masking
Let’s say you want to sign up for a newsletter from boardgamegeeks.com, but you don’t want them to know your real gmail address. Maybe they have a bad privacy policy (who reads those anyways) or maybe you are trying to have your real address out there less often. You decide you want to give them a masked email address from simplelogin, a masked email provider you have an account with. The process is simple. You login to your simplelogin account and create a new masked email address. For this example, let’s say you use boardgamegeek.newsletter@aleeas.com. Then on boardgamegeeks.com, you enter the masked email address you just created, and then every week in your gmail inbox you receive the newsletter. If you decide you don’t want the newsletter anymore, you can simply turn off the masked email address in your simplelogin account and it will no longer forward those email to your gmail account. Using a masked email also provides a level of security. If boardgamegeeks.com were to have a leak or share your address with others, it wouldn’t bother you much since you would be able to just turn the email address off.
When to use a masked email address
Masked email addresses shouldn’t be used 100% of the time, but they can be used a lot. Here are some ways to think about when to use a masked email address.
- A one off purchase - Maybe you want to buy some new sunglasses from goodr. But you don’t feel the need to share with them your real email address. So you create an account using a masked email address.
- A site you use infrequently - Are you someone who rents a car once every couple of years? Maybe for your hertz.com account you use a masked email address.
- Services that don’t verify your information - Does Spotify need to know your real email address? Probably not.
- A service that might share your information - Does Doodle need to know your real email address? Have you read their privacy policy? We haven’t either.
When not to use a masked email address
Some services are not a good fit for masked email addresses. For these accounts you could consider subaddressing (a.k.a. email plus addresses). Not all websites allow this, but it is worth a shot to keep the email address unique.
- Financial accounts - You don’t need your online banking emails passing through an extra server. It’s safest to keep these types of accounts connected to your main email account.
- Other sensitive accounts - An account with your medical provider is a good example. If the emails will contain sensitive information that you do not want to pass through an additional third party, you should probably not use a masked email address.
- Sites that don’t like masked email addresses - Sites that get a lot of spam accounts aren’t fans of masked email addresses (Facebook for example). They likely block usage of many of the domains of the masked email providers. In this case, you don’t have many options. You can either use your main email account, create another legit email account, or you can get a premium account with one of the masked email providers and use a masked email address with your own domain.
Masked Email Services
There are more and more of these services recently and most do a fine job. Here are some of the services we have experience with and can recommend. These services are free, and if you upgrade to a paid service, you can use your own domain.
Simplelogin. These guys are open-source, which means they are all-stars in the privacy world. They give you domains like aleeas.com
Anonaddy. They are also open-source. They have funny random word masked email addresses.
33mail. They give you a subdomain which is your login like coolestguyever. So emails to anything @coolestguyever.33mail.com would go to your inbox.
Blur. They have a lot of other privacy services they want to upsell you on.
What should I do?
Sign up for an account with one of the masked services, and whenever you create a new account online (as long as it’s not sensitive), you can use a masked email address.
It is worth considering using your own domain. This is the safest option since if something were to go wrong, you could switch your domain over to a different service. You are also least likely to be flagged as email masking/spam since your domain will be used much less frequently than the shared domains for free accounts with email masking providers. It could make sense to try it out for a while with a free account and upgrade later once you are more comfortable.
Consider your online alias strategy
Online aliases are a separate subject, but it is worth bringing up. Check out our article You Need an Online Alias Strategy. Just like you don’t want everyone to know your real email address, the same is true for your real name and other identifying information. You could come up with an alias or two – pick names, birthdays, addresses, and email addresses. When you sign up for something new you will be ready.
How do you keep all this stuff straight?
Use a password manager. They remember logins to sites you visit and they are perfect for remembering what account you use where. You can add additional details to the notes section as you need to.
You should probably write some of this stuff down. If you use one main alias you could put the details on a sticky note somewhere or in a notes app on your phone so you can reference it when you need to.
Unique logins are most secure and private.
Masked email addresses let you have more unique login ids (when your login is required to be an email address) for services you use. Unique logins are great because they are unique. Many accounts have been hacked because someone used the same email address and the same password somewhere (LinkedIn for example) and that data is found in a data breach. Someone can then try that same login and password at another service (Uber for example) and sometimes it works. You should never reuse passwords (see our article on password managers), but never reusing a login makes you twice as hard to hack. Add on multi-factor authentication and you get about as close as you can to invincibility as you can online.