You can't increase your privacy or security without changing your habits. Using your real email address to log into websites is one such habit – you've spent decades typing the same email address into every website, and in the process you've made yourself vulnerable to spammers and hackers alike.
Fortunately, this habit is very easy to correct. You just have to use nicknames in email.
Table of Contents
Spammers and hackers want your email address
Anytime you share your email address with a website or app, you're potentially exposing yourself to spammers and hackers. Websites shamelessly sell user data to advertisers, and customer emails are regularly leaked in corporate data breaches.
Spam is annoying, although it can also be a source of phishing attacks or other cybercrimes. And while an email address is often the least scary thing to come out of a data breach, it can lead to a lot of trouble. Hackers may learn that you visit websites related to private topics, such as medical or mental health issues. Or, they might use the data from multiple breaches to form a picture of your identity and shape a targeted attack.
These threats can be mitigated by using unique passwords for each account, keeping your personal information close to your chest, setting up fraud alerts and monitoring untrustworthy emails. Hiding your real email address just adds an extra layer of protection and privacy.
Some Email services keep your real email address hidden
Instead of giving websites your real email address, you should use an email alias service to create unique forwarding addresses. Email aliases are not “real” email accounts - they do not require a special password or time-consuming setup process. Instead, you ask a client like Apple Hide My Email or Proton Mail to create an alias with a random name, like “[email protected]”. Any message sent to this alias will be forwarded to your main mailbox, but the sender will never know your real email address.
If a website decides to sell one of your alias addresses to advertisers, it's no big deal. Simply disable email forwarding for that address to prevent spam from being sent to your real inbox. Of course, aliases also let you see which websites are selling your data. Let's say you use an email alias for a golf site – if the alias is suddenly flooded with spam, you can assume the golf site sold your alias to advertisers.
By the way, you are free to use an email alias for bank, utility or other “important” accounts. Email aliases aren't just for random websites or social media apps. Although I should note that some "major" sites reject email aliases. (While we're on the subject, I also recommend using specially crafted addresses for banking and the like. This will put some distance between your primary email address and your most sensitive information).
You can also send emails from an alias. And if you reply to a message forwarded by one of your aliases, it will automatically be filtered through the alias, preventing you from accidentally exposing your real email address.
The only problem with email aliases, as you may have already guessed, is that you quickly end up with a unique email address for each website. This makes logging in a bit difficult, although you can solve the problem by using a password management service like 1Password or Dashlane. These services can automatically fill in your login information on websites and help you create unique passwords for each of your accounts. (You should use a password management service, even if you choose not to use email aliases).
Email aliases also come with some risk. If the company hosting your nicknames shuts down, your nicknames may disappear. However, this risk is not exclusive to alias services. Any email provider, including Gmail, can go down at some point. If you are concerned that an email forwarding service may be shut down in the future, set up the SimpleLogin alias for a self-hosted domain.
Which Email Service Should You Use?
There are several email alias services to choose from. And, aside from some differences in usability or payment structure, they all perform the same basic task.
Here is a short list of the best email alias services:
- Apple Hide My Email: All Apple devices have a built-in email spoofing client called Hide My Email. It's not the most intuitive option, but it's free and automatically suggests nicknames when you sign up for new sites.
- ProtonMail: Proton Mail paying customers can create an unlimited number of hide-my-email aliases from the Proton Mail Security Center, the Proton Pass app, or SimpleLogin. Proton Mail includes a ton of intuitive email organization features that are also worth checking out.
- Anonaddy: A popular open source encryption service with free and paid options. AnonAddy also offers a browser extension that makes it super easy to create aliases on-the-fly.
- firefox relay: A neat service with free and paid tiers. Firefox Relay is good for those who want a convenient online control panel for managing aliases, and top subscription tiers include phone number aliasing.
- DuckDuckGo Email Protection: Available for free, DuckDuckGo Email Protection is a good choice for those who regularly use DuckDuckGo services. And, like Firefox Relay, it includes a simple web control panel.
- SimpleLogin: The best choice for advanced users who need to create aliases in a self-managed domain. Note that SimpleLogin was recently acquired by Proton.
If you want to completely overhaul your email setup and increase your privacy, Proton Mail is the best of these options. I'm constantly impressed by the email organization capabilities offered by Proton Mail, and while all of these email services are clearly privacy-oriented, Proton takes things to the extreme with full end-to-end encryption across all of their products .
AnonAddy, Firefox Relay and DuckDuckGo Email Protection are all incredibly easy to use and don't require much installation. AnonAddy is good for those who need regular access to aliases, while the other options are better for occasional use.
Apple Hide My Email has the advantage of being integrated with Apple products, and if you own an iPhone or Mac, you probably already use it. However, the interface for managing or deleting Hide My Email aliases is quite confusing. I'm guessing this will improve over time as Apple recently announced some huge improvements to their password management service,
When Shouldn't You Use Nicknames in Email?
You can use an email alias whenever you want. However, you should probably use your real email address when communicating with friends, family, colleagues, lawyers, government agencies, or anyone else who needs to know who they are talking to.
If you're worried about grandma exposing your primary email address to a bunch of spammers, then don't give her your primary address. Create a new email address and use it exclusively for family communications. Most email apps and services make it easy to switch between accounts on the go, so managing an extra email account should be a no-brainer.
By the same token, email aliases are not designed with digital signature verification in mind. A digital signature is essentially a fingerprint for outgoing emails – it proves that the email was sent by you and was not altered in transit. (Most people have never used a digital signature, and some email clients don't support this feature, so this is a niche point).
I would like to point out that email aliases are only one tool in your toolbox. You don't need to use pseudonyms all the time, and pseudonyms won't completely protect you from spam or cybercriminals. Also, if your primary email address is your first and last name, people won't have much trouble guessing it – now is a good time to sign in to your email account, set up two-factor authentication, and come up with a unique password.