Email aliasing is a great privacy tool

Using the same email address everywhere doesn’t help you stay more private. But what can you do other than create multiple new mailboxes and then manage them?

Your personal email address is a unique – And reliable – Identifier. This applies regardless of which email provider you use – whether a traditional email provider or an encrypted, privacy-friendly email provider.

Think about it… many users probably use the same email address everywhere, for everything like:

• Bank accounts
• Insurance accounts
• social media
• newsletter
• E-commerce accounts/purchases
• Forum registrations
• will continue
• personal communication

… and everything in between.

The same email address can even be implicated in data breaches and data leaks. Data breaches generally occur when a service/provider is subjected to a cyberattack and user/employee/personal data is affected stolen or otherwise compromised; Data leaks are similar, but are not necessarily the result of a Cyber ​​attack – An organization could inadvertently direct reveal sensitive/personal data from their systemsoften open to the public.

In both cases, because the collection of email addresses, their use for account creation, and as common identifiers are ubiquitous, they are often exposed (along with other data) in these breaches and leaks. Keep in mind that data breaches/leaks are just one way your email address could be exposed – many services may share your information, which may include your email address, with data brokers, partners, affiliates and contractors further

By “following the email address” you can be tracked relatively easily and targeted for marketing, general spam, fraud or phishing attempts alike.

However, it can be difficult and frustrating to create and then manage a number of different inboxes for different purposes or use cases. Enter the email alias (or forwarding)!

Note: Some email providers may offer aliasing features, but these may vary.

In general one is Email alias is a forwarding email address. Emails sent to the alias are automatically forwarded to another email address. You need an email account (an inbox) to use forwards/aliases.

There are different forms of email aliasing: plus addressing (+aliases) and unique/custom aliasing. In addition, addressing is also known as sub-addressing. To be fair, when people talk about “email aliasing,” they generally refer to unique aliasing – a unique address forwarding to an email inbox.

While addressing is useful for organization, it’s not great for data protection. This is because Plus addressing still uses the “root” of the email, which is easily identifiable. Take this list of Plus addresses for example:

For each Plus address, the actual email address is easy for almost anyone to find out: .

Therefore, you can still find this email address on marketing lists, spam lists, combo lists (where the email is often associated with leaked/cracked passwords), among others. Of course, the more places it is used (especially for important accounts), the more tied it is to your identity online and offline.

… and it also has non-data protection advantages. The privacy benefits of custom aliasing come primarily from the fact that third parties do not know your actual email address.

Phishing and spam often go hand in hand, although some “legitimate” or otherwise non-malicious companies certainly use spam or spam-like tactics.

The main advantage of using email aliases is Reducing spam and phishing attempts. As mentioned earlier – think about what your personal or “primary” email address is associated with. Additionally, your email address may be sold, disclosed (e.g., in privacy breaches or data leaks), or shared with parties other than the party with whom you shared your email.

If your email address is known, it is difficult to prevent spam – which can include cold calling emails and some marketing tactics. This can be done in different ways (as described in the previous paragraph). Once you start receiving spam, if you have an alias, you can simply deactivate that alias, making it inactive. You won’t receive the spam.

If you receive phishing emails – especially after a data breach – you can disable the alias to prevent phishing emails from being delivered to your inbox. This can reduce the chances of you falling for a phishing attack. Email remains a common and effective phishing vector. Phishing attempts often come in the form of spam, but can also be more targeted, using publicly available information or information leaked in data breaches to make the lure more credible.

As mentioned earlier, users can be easily tracked using their email address. Many people have had the same email address for years – which is fine – but the same email address has likely been used for many different accounts, services, e-commerce purchases, newsletters, personal correspondence, etc. In some cases, “people are searching for websites” – often owned by data brokers – this email may even list them!

Long-term and widespread use of a single email address likely means that it has been, and may even continue to be, shared with many companies without your explicit knowledge. For example, you can make a purchase from an e-commerce store and automatically sign up to receive emails from there. To (re)target users through advertising to increase sales, they may share their email list with other marketers or advertisers. This is not a hypothetical example; BetterHelp has been exposed for doing almost exactly this and more.

How does using an email alias help here? By using aliases across different accounts, you begin to unassociate your identity with one single E-mail address. This can make it more difficult to track your activity across different platforms.

Of course, if other collected/provider identifiers are consistent (e.g. an address or a phone number), correlations can be drawn. However, this does not necessarily mean that the effectiveness of separating your identity from a single email address is nullified.

If a service/provider manages to compromise your email address, you can also deactivate the alias.

SimpleLogin, addy.io and DuckDuckGo Email Protection are email aliasing tools designed to make generating and using email aliases easier.

SimpleLogin is an open source email aliasing service. Users can receive and send emails using aliases created with SimpleLogin. It offers support for custom domains.

SimpleLogin was acquired by Proton in April 2022. Users can still log in to SimpleLogin separately…

***This is a Security Bloggers Network syndicated blog from Avoid the Hack! Written by Avoid the Hack!. Read the original post at: