I recently wrote about dark patterns and it got me thinking about the times I’ve needlessly provided personal information such as my email address and why I began using semi-anonymous email forwarding services. I started using an email forwarding service with a custom domain about a year ago and I’ve been pretty satisfied with the fact it creates a barrier between an online entity requiring an email address and my actual email address.
We live in an age where companies are storing a user’s personal information but are oftentimes inadequately securing user data, potentially leaving it exposed to those that which to abuse that data. We also live in an age where companies share data with each other as well as advertisers, including user email addresses, unbeknownst to users.
An email forwarding service essentially masks your actual email address by providing you with an alias email address you can provide for certain services where your actual email address seems a bit too intrusive and unnecessary. Let’s say I want to sign up for the Centre for the Study of Existential Risk’s (CSER) newsletter, but my email address is also associated with sensitive accounts like banking. I can provide them with an alias such as email@example.com which will then forward to my actual email address. What’s also great about this is that if I ever need to reply to an email, it will come from that alias and therefore not expose my actual email address.
Using an email forwarding service is especially awesome with a custom domain since some websites ban using email forwarding services such as AnonAddy or 33mail. I own five domains, two of which I use for email forwarding: one for stuff where I don’t care about anonymity (chuckcarroll.xyz), and another I use for junk where I share as little information as possible. In this case, if I sign up for CSER’s newsletter, I’ll give them firstname.lastname@example.org. If they’re email database is ever compromised, the hackers will
Lets say you sign up for a service that leaks your email address (either intentionally or unintentionally), you can easily disable that alias email address. If CSER’s email database is ever compromised, the attackers will have “email@example.com” and not my actual email address. Some hackers want this information for various reasons such as credential stuffing, but it many cases, email databases are oftentimes sold and which case you’ll receive unsolicited spam.
Granted, when you start using a service like AnonAddy, you are bringing a 3rd party into the picture. That said, I do not recommend using email forwarding anything extremely sensitive such as financial institutions like banking or investment accounts, but they’re ideal for social media, forums, news sites, newsletters, etc. For sensitive accounts, I do however recommend an email address with a custom domain as opposed to Gmail, Protonmail, etc because your email address is really owned by the provider or whoever owns the domain.
If you want to avoid any of your online personal and business accounts from being compromised, an email forward service is a fantastic preventative measure and will give you a peace of mind. I also highly recommend using two factor authentication such as a software-based OTP (I use andOTP on Android), and a password manager where each of your passwords are completely randomized (I use Bitwarden).