And I don’t know any of them. Actually my current count is 63 email addresses, and all of them forward to my real email address. Here’s an example:
This is the only place I have ever posted this address and this is the only thing it will ever be used for, so I don’t need to keep it secret or use any fancy spam prevention tricks (unlike the 43k people who’ve viewed this stackoverflow question).
Everytime I sign up to a new website, app or mailing list I use a different, completely random and unpredictable email address.
There’s two main reasons why I do this:
1) Privacy - I don’t want marketeers, ad companies and other entities to link my accounts across different services. Not only do I try to avoid trusting private companies with my details, for various reasons, even the most well intentioned data controllers get hacked, and massive lists of email addresses appear online all the time. Using a different email address for every service also means I know who leaked it
2) Security - An email address is often the starting point for any targeted attack, and although it’s not usually considered as a factor, it is the 2nd factor required for most logins (email + password). Triggering important security processes (e.g. reset password, social engineering attacks) are trivial once you know someone’s email address. By keeping my email address secret I can signficiantly reduce the size of any potential attack surface, and if my email & password gets leaked, I’ll just change it or shut that account off and move on, it really doesn’t matter to me.
But how do I do this?
There’s a few different ways:
- A wildcard on your own domain. Then you can have something like
[email protected]etc. There is some technical effort involved in maintaining your own domain and a cost to register it every year
- Plus Addressing. It’s a little know fact that gmail (and most email providers) will ignore anything after the plus symbol on any incoming emails, for example [email protected], will be delivered to [email protected] That means you can register accounts like
[email protected]and it will all go to
[email protected]. The downside is that any hacker or markeeter can easily work out your real email address by removing everything after the plus sign
- Using IdBloc via the website or the IdBloc Chrome Extension. IdBloc will let you set up incoming email addresses that forward to your real address in a couple of clicks, which are completely random and impossible to track or predict
Using any of these methods in combination with a good password manager (I recommend BitWarden) will improve your personal security, privacy and help keep you safer online.
IdBloc is free for the first 50 email addresses you create, give it a try.
Discuss this blog post on hacker news here