I have a custom domain just for signups, and I sign up with [service].[username]@customdomain. The domain simply has a catchall email "accounts@customdomain"
Combined with a password manager (Bitwarden) this is absolutely brilliant.
* Spam: if I get any spam, I know exactly which company is responsible, whether directly, through selling user data or because of breaches. And I can simply block the whole alias.
* Multiple accounts: If you need a second account with some service, you simply use a new alias. No need to worry about secondary emails just for a few accounts.
* Mitigate data leaks: if some database gets compromised, all they get is a throwaway email. They also can't try to log in to other accounts or do password resets if they get a hold of the password. (somewhat redundant with a password manager and unique passwords, but still)
* Privacy: all those ad data aggregators have a harder time connecting me between accounts. (of course they still use names, address, credit card info, etc; but it helps)
* Easy self-hosting: email hosting can be a pain. But in this case you only need to receive, never send. And receiving basically always works, even with the most broken email server setup.
A downside is the unique domain name. I always wanted a shared domain with lots of users to further reduce exposure.
I actually thought about starting a service that provides this, but it's a niche product with non-trivial technical hurdles and potentially lots of support demands, so I'm happy that Mozilla is offering this.
The only downside is that people get really confused when they have to deal with your email, for example when calling support. But it's never been a real issue.
Heh, I work on Relay and I do the same :) While the approach is great, especially in situations away from my computer where I can't generate a new alias in advance, working on it I discovered that using Relay still has a couple of advantages:
- My other addresses are unguessable.
- It's far easier to block emails sent to a single alias. With my own domain, I'll have to go and add a filter into which I copy-paste the particular alias I want to block. With Relay, I can just open the dashboard and hit the toggle next to the alias labelled with the domain I used it on.
- I was looking for ways to give Mozilla money for a long time (though now I'm working there, so I guess I'm also taking its money).
In general, my setup now is to keep using my old setup for long-term accounts with somewhat more reliable services, and use Relay for e.g. requesting a quotation or having a single thing shipped to me.
Word of advice for anybody doing this: make sure you have a way to SEND email using one of your aliased addresses - because one day you will find a critical service provider can't process your emailed attachments unless sent from your registered email address (e.g. insurance claim document, bank documents, etc.)
This is very similar to how I setup my (paid) Fastmail email with my own domain. But Fastmail goes one step further: When signing up for things I use an email address like: [email protected]. Fastmail will automatically deliver any messages addressed to the above email into the Shopping folder of my Inbox. I don't have to create an alias or any rules in my email account. Fastmail will handle that when a message arrives.
This is great for categorizing messages. And you can still blacklist aliases that have been leaked to abusers.
I keep reading about people who say they have a custom domain, but I'm not sure they're aware of the caveat to that. You have to keep renewing it, and domains are infamously changing hands all the time, sometimes to bad actors who want to use the SEO juice of the domain for spam or affiliate marketing, or in the worst case: to take over your identity with it.
By all means, yes, keep it renewed, but if you stop renewing it (for whatever reason), assume all the accounts you have tied to it will be in someone elses hands.
I do this but on my main domain. I have another domain and I guess I might to move spam catching exclusively to that domain.
Anyway the trouble is writing mail to those services or replying to those. I have 13 from email usernames in my Mail.app right now on my domain. Then I stopped it. It’s just so tedious.
I wish there was an app that would let me easily do it once I proved I’m the domain owner maybe - just let me send an email from <anything>@<my domain>.tld without having to add one separately. It should also allow me to reply from same email without hassle
I tried Apple iCloud+‘S HideMyEmail feature, but:
- It’s a harder lock-in into their ecosystem
- Not available on custom domain
- You can reply from that random email username if you get email username, but you can’t start a conversation easily.
- when you stop paying those randomly generated Hide My Email are gone
- Not very convenient in the browser especially if you are not in Safari or a Mac.
For me, the best implementation of private alias is the Apple one: %randomwords%[at]icloud.com. It's way harder to wildcard block [at]icloud.com, as there are legit users of the icloud domain, than a wildcard block for: [at]mozmail.com.
Unfortunately, using the apple implementation is just one more stone into their walled garden. I really wish firefox could create a legit free [at]firefox (or something else) mail and then create this alias service as premium bundle. It would be way harder for services to start blocking it.
Furthermore, I'm not really excited to the overall direction that Mozilla is moving with its side projects:
1. They bought Pocket (which I loved) and now it's on life support.
2. They created an awesome private file sharing service (firefox send) and quickly butchered it.
3. They have a vpn that is simply mullvad with new clothes and fewer geographic availability. Why anyone would use it instead of mullvad is beyond me.
Mozilla needs some serious trust building before I trust it to manage several mail aliases for me.
> 2. They created an awesome private file sharing service (firefox send) and quickly butchered it.
Thankfully it was MPL licensed[0] and has an active fork[1]. The only problem is that Mozilla requested their trademarks Mozilla/Firefox be removed, so finding this fork is a bit hard on Google.
> They bought Pocket (which I loved) and now it's on life support.
I've been waiting a long time to find someone who thought that Pocket was a good idea. Can you expand on what you like about it being integrated into firefox natively as opposed to an extension?
Agreed. They are all over the place and don't take good care of the only important thing, which is the browser. If I want a vpn, I will get a vpn. Same with email alias. This is yet another distraction. I'm not very optimistic.
I actually think Mail, VPN and password manager are three things that Mozilla should have done since day 1.
The three have one thing in common that is privacy and trust. They are also all proven profitable and sustainable business. Which they should have used to market it and generate some safe income.
File sharing and content ads were all too risky moves.
Now that their product brand are damaged it is harder to built. Not to mention they now have a fewer user to capture those value.
Relay is very cool but it took me like 24 hours since discovering and adopting it, to being unable to use it for an account. So I cannot recommend it to my family and friends who are much less tech literate than I am.
In my case I was trying to create an account on the Linux Mint Forums [1]. The confirmation email never arrived, which was very confusing to me.
This is cool, however, personally I feel like for my use case that integration with 1Password and Fastmail is better because I don't want to depend on a browser that I cannot use everywhere to manage this.
In the same way that I avoid Sign in with Apple - what am I supposed to do when I need to Sign in without Apple?!
I find 1P+FM is a much more cross-platform solution.
However, I commend Firefox for creating this functionality for people that don't use a separate password manager or Fastmail!
While we provide a Firefox extension with which generating an alias is just a click away, you're not dependent on Firefox specifically: you can generate and access your generated alias through the web interface at https://relay.firefox.com in any browser.
Correct me if I'm wrong, but you would still need to pay $3 USD/mo for Fastmail even if you use 1P. Whereas with Relay, it's 0.99 USD/mo, and no need to migrate my existing email to any other service.
Right with you on Fastmail, it's excellent. Just wondering though where do you feel you can't use Firefox? As far as I know it runs on all major platforms even if the rendering engine on iOS is still Safari.
You can only hope that the service will last long enough and not be discontinued like Firefox Send. Otherwise you have created online accounts with dead alias emails. I create the alias mail addresses in my postfix installation under /etc/aliases
"Relay Premium is available in the United States, Germany, United Kingdom, Canada, Singapore, Malaysia, New Zealand, France, Belgium, Austria, Spain, Italy, Switzerland, Netherlands, and Ireland. "
(https://relay.firefox.com/faq)
Tried signing up for Relay Premium (from France), Stripe is telling me that "The currency of this subscription isn't valid for the country associated with your payment"...
This sounds interesting, and I'd pay for it, but it seems to be dependent on a Firefox extension.
Sadly, after literally 20+ years of using Firefox, I recently switched to Brave. The performance of FF was wearing on me.
I realize it would seem to be very strange if Mozilla were to create a Chromium extension. But in this case, it is a paid service separate from the browser.
I don't understand why would one want to pay for a step down in privacy, voluntarily adding an identifier that allows to track them. The only thing it does is adding some extra information about the alias owner - something that does not make any sense to me, given that the whole point of the service is to obscure users' identities.
I would understand really using my own domain (not this falsey advertising - "foo.mozmail.com" is not something I "own") rather than Mozilla-provided subdomain of theirs. Yea, that would also counter the privacy but at least there's a tradeoff - I retain control of that domain, so if I'm unhappy with Mozilla I still have the email addresses.
The random aliases at mozmail.com are certainly the most private option. The subdomain aliases are for convenience so you can make up any alias you want even if you don't have a device on you. (e.g., checking into a hotel, etc.)
This looked interesting when I explored it, but the 150KB attachment size limit is too low. I also checked the GitHub issues list for this project and found some open issues with respect to attachment sizes lower than this not getting through (maybe because of inflation with encoding, which end users may not know about or can’t predict).
The premium paid subscription is said to be only available in specific countries, but the payment form seems to appear in other places too. So I’m not sure how the service allows or disallows subscriptions.
A quick thought also occurred to me comparing this with iCloud email aliases from Apple, which is available for all paid iCloud subscriptions starting at the same price as this one ($0.99 per month) and allows the user to use their custom domain (Firefox relay premium gives you one custom subdomain under mozmail.com).
And for the same price, Apple also provides 50GB of storage and supports the iCloud Relay hop service for Safari (and apps, if supported).
I’d like to support Firefox monetarily, assuming the revenue from this service goes to Mozilla Corporation (not Mozilla Foundation) and to Firefox. But the attachment size limit is currently unacceptable for me.
Hi! Product Manager on Relay here. Thank you for the feedback. We're actively working on upping the attachment limit as we know that is a major pain point. I hope that's something we can deliver to you shortly.
Urgh, on one hand i love the idea and i think its a good business venture for mozilla.
On the other hand, they are injecting little scare bubbles into everybody's website to advertise this, and that rubs me up the wrong way so much i want nothing to do with it.
Howdy. I'm an engineer on both Facebook Container and Relay.
We fixed the original bug in Facebook Container that was showing the prompt on every website - now it only shows the prompt on websites where Facebook trackers are detected.
Facebook Container is something that inspired and influenced the development of Relay in the first place. Facebook Container users reported that they used websites and still saw ads from those websites in their Facebook feed, even though they were using Facebook Container. Because Facebook lets anyone create custom audiences for re-targeting, we need to give users a way to protect themselves from "back end" data sharing & tracking.
Hi! I'm the Product Manager on Relay. Thank you for sharing your concerns, we absolutely understand this risk and the investment and trust it takes to sign up for a service like Firefox Relay. We're actively investing resourcing into our privacy and security products like VPN and Relay and hope to grow these services while providing more protections to more people. I hope that you can come along with us and try out Relay.
Yes, that is standard subaddressing but not all email providers support it (I've never heard of a Microsoft Exchange server supporting it). One problem with it is it exposes your real email address. Another problem, as the Wikipedia article notes, is there are a lot of inputs with poorly written validation that won't accept '+' as a valid email address character (they often only allow a-z, '.', and '@').
This is a standard and every semi-smart spammer can strip the "\+.+" part so it works only with legit websites that you want to handle in a special way.
Be careful with this. I once ordered something with Dell, and while their front-end system would accept my email address just fine, apparently one of their back-end systems choked on it, and not only did my order get stuck in limbo somewhere, but their customer service agents also couldn't easily fix it for me since their systems weren't able to handle this properly either.
I use this scheme. I have a separate account ([email protected]), were I only give addresses with aliases ([email protected]). There are of course broken sites, that do not allow + in the e-mail address. Also Bolt (bolt-rider.com) ignores the alias and just sends to the base address ([email protected]).
So this is anonaddy but with unlimited replies?
Pretty cool!
I just signed up for purelymail recently, I wish I had heard of this sooner, but it's better than never.
Is there any way to create aliases on the fly?
Something like creating a new alias automatically when an email is received?
The extension allows you to create aliases on the fly (although the free version has a limit of 5 aliases total). Note that the extension is at this time only available for Firefox on desktop.
Alternatively, if you have a Premium subscription, you can set up a catchall subdomain for yourself, so that e.g. [email protected] gets forward to you without having to create the alias in advance. Of course, this has the disadvantage of being able to associate that alias with other aliases you create.
What the f. Do they even want users. I can not create a Firefox Account. Every register page is a login page. When I enter an email and a password it expects an existing account (which I do not have). This is beyond belief.
I think I've been using it for nearly 15 years. And I selfishly hope it never gets more popular since it's so obscure that it seems to fly under the radar of most blacklists despite its 20+ year history. I like how it keeps a count of all of the messages it's blackholed to a given address so you can see who pimped you like a used car if you use a unique address per signup.
[+] [-] the_duke|4 years ago|reply
I have a custom domain just for signups, and I sign up with [service].[username]@customdomain. The domain simply has a catchall email "accounts@customdomain"
Combined with a password manager (Bitwarden) this is absolutely brilliant.
* Spam: if I get any spam, I know exactly which company is responsible, whether directly, through selling user data or because of breaches. And I can simply block the whole alias.
* Multiple accounts: If you need a second account with some service, you simply use a new alias. No need to worry about secondary emails just for a few accounts.
* Mitigate data leaks: if some database gets compromised, all they get is a throwaway email. They also can't try to log in to other accounts or do password resets if they get a hold of the password. (somewhat redundant with a password manager and unique passwords, but still)
* Privacy: all those ad data aggregators have a harder time connecting me between accounts. (of course they still use names, address, credit card info, etc; but it helps)
* Easy self-hosting: email hosting can be a pain. But in this case you only need to receive, never send. And receiving basically always works, even with the most broken email server setup.
A downside is the unique domain name. I always wanted a shared domain with lots of users to further reduce exposure.
I actually thought about starting a service that provides this, but it's a niche product with non-trivial technical hurdles and potentially lots of support demands, so I'm happy that Mozilla is offering this.
The only downside is that people get really confused when they have to deal with your email, for example when calling support. But it's never been a real issue.
Highly recommended!
[+] [-] Vinnl|4 years ago|reply
- My other addresses are unguessable.
- It's far easier to block emails sent to a single alias. With my own domain, I'll have to go and add a filter into which I copy-paste the particular alias I want to block. With Relay, I can just open the dashboard and hit the toggle next to the alias labelled with the domain I used it on.
- I was looking for ways to give Mozilla money for a long time (though now I'm working there, so I guess I'm also taking its money).
In general, my setup now is to keep using my old setup for long-term accounts with somewhat more reliable services, and use Relay for e.g. requesting a quotation or having a single thing shipped to me.
[+] [-] ryanjshaw|4 years ago|reply
[+] [-] discardedrefuse|4 years ago|reply
This is great for categorizing messages. And you can still blacklist aliases that have been leaked to abusers.
[+] [-] sysadm1n|4 years ago|reply
I keep reading about people who say they have a custom domain, but I'm not sure they're aware of the caveat to that. You have to keep renewing it, and domains are infamously changing hands all the time, sometimes to bad actors who want to use the SEO juice of the domain for spam or affiliate marketing, or in the worst case: to take over your identity with it.
By all means, yes, keep it renewed, but if you stop renewing it (for whatever reason), assume all the accounts you have tied to it will be in someone elses hands.
[+] [-] crossroadsguy|4 years ago|reply
Anyway the trouble is writing mail to those services or replying to those. I have 13 from email usernames in my Mail.app right now on my domain. Then I stopped it. It’s just so tedious.
I wish there was an app that would let me easily do it once I proved I’m the domain owner maybe - just let me send an email from <anything>@<my domain>.tld without having to add one separately. It should also allow me to reply from same email without hassle
I tried Apple iCloud+‘S HideMyEmail feature, but:
- It’s a harder lock-in into their ecosystem
- Not available on custom domain
- You can reply from that random email username if you get email username, but you can’t start a conversation easily.
- when you stop paying those randomly generated Hide My Email are gone
- Not very convenient in the browser especially if you are not in Safari or a Mac.
[+] [-] arepublicadoceu|4 years ago|reply
For me, the best implementation of private alias is the Apple one: %randomwords%[at]icloud.com. It's way harder to wildcard block [at]icloud.com, as there are legit users of the icloud domain, than a wildcard block for: [at]mozmail.com.
Unfortunately, using the apple implementation is just one more stone into their walled garden. I really wish firefox could create a legit free [at]firefox (or something else) mail and then create this alias service as premium bundle. It would be way harder for services to start blocking it.
Furthermore, I'm not really excited to the overall direction that Mozilla is moving with its side projects:
1. They bought Pocket (which I loved) and now it's on life support.
2. They created an awesome private file sharing service (firefox send) and quickly butchered it.
3. They have a vpn that is simply mullvad with new clothes and fewer geographic availability. Why anyone would use it instead of mullvad is beyond me.
Mozilla needs some serious trust building before I trust it to manage several mail aliases for me.
[+] [-] judge2020|4 years ago|reply
Thankfully it was MPL licensed[0] and has an active fork[1]. The only problem is that Mozilla requested their trademarks Mozilla/Firefox be removed, so finding this fork is a bit hard on Google.
0: https://github.com/mozilla/send/blob/master/LICENSE
1: https://gitlab.com/timvisee/send
[+] [-] 0des|4 years ago|reply
I've been waiting a long time to find someone who thought that Pocket was a good idea. Can you expand on what you like about it being integrated into firefox natively as opposed to an extension?
[+] [-] bambax|4 years ago|reply
[+] [-] ksec|4 years ago|reply
The three have one thing in common that is privacy and trust. They are also all proven profitable and sustainable business. Which they should have used to market it and generate some safe income.
File sharing and content ads were all too risky moves.
Now that their product brand are damaged it is harder to built. Not to mention they now have a fewer user to capture those value.
[+] [-] sciurus|4 years ago|reply
Why do you say it's on life support?
[+] [-] j1elo|4 years ago|reply
In my case I was trying to create an account on the Linux Mint Forums [1]. The confirmation email never arrived, which was very confusing to me.
[1]: https://forums.linuxmint.com/
After a couple emails with the admin, they told me this:
> The forum tried sending you the activation email but it'd rejected by the Firefox relay with this message:
> This is a known issue of the Firefox relay: https://github.com/mozilla/fx-private-relay/issues/757. I'll check but I think TLS is not under our control, same as in the linked issue.> For now I think you'll have to use a different email address.
So while it looked promising, sadly the next day I was already back to using gmail addresses...
[+] [-] antihero|4 years ago|reply
In the same way that I avoid Sign in with Apple - what am I supposed to do when I need to Sign in without Apple?!
I find 1P+FM is a much more cross-platform solution.
However, I commend Firefox for creating this functionality for people that don't use a separate password manager or Fastmail!
[+] [-] Vinnl|4 years ago|reply
While we provide a Firefox extension with which generating an alias is just a click away, you're not dependent on Firefox specifically: you can generate and access your generated alias through the web interface at https://relay.firefox.com in any browser.
[+] [-] ssalazars|4 years ago|reply
[+] [-] Lio|4 years ago|reply
[+] [-] marcellus23|4 years ago|reply
[+] [-] adamkochanowicz|4 years ago|reply
[+] [-] MrksHfmn|4 years ago|reply
[+] [-] duquedeturing|4 years ago|reply
"Relay Premium is available in the United States, Germany, United Kingdom, Canada, Singapore, Malaysia, New Zealand, France, Belgium, Austria, Spain, Italy, Switzerland, Netherlands, and Ireland. " (https://relay.firefox.com/faq)
[+] [-] Vinnl|4 years ago|reply
Note that that's for the Premium service - the free tier is available in most countries. We're hoping to expand to more countries in the future.
[+] [-] cuonic|4 years ago|reply
[+] [-] nagyf|4 years ago|reply
Seems like a really bad idea to rely on this service.
[+] [-] EMM_386|4 years ago|reply
Sadly, after literally 20+ years of using Firefox, I recently switched to Brave. The performance of FF was wearing on me.
I realize it would seem to be very strange if Mozilla were to create a Chromium extension. But in this case, it is a paid service separate from the browser.
[+] [-] drdaeman|4 years ago|reply
I don't understand why would one want to pay for a step down in privacy, voluntarily adding an identifier that allows to track them. The only thing it does is adding some extra information about the alias owner - something that does not make any sense to me, given that the whole point of the service is to obscure users' identities.
I would understand really using my own domain (not this falsey advertising - "foo.mozmail.com" is not something I "own") rather than Mozilla-provided subdomain of theirs. Yea, that would also counter the privacy but at least there's a tradeoff - I retain control of that domain, so if I'm unhappy with Mozilla I still have the email addresses.
[+] [-] groovecoder|4 years ago|reply
The random aliases at mozmail.com are certainly the most private option. The subdomain aliases are for convenience so you can make up any alias you want even if you don't have a device on you. (e.g., checking into a hotel, etc.)
As you say - there's always trade-offs involved.
[+] [-] pm90|4 years ago|reply
[+] [-] newscracker|4 years ago|reply
The premium paid subscription is said to be only available in specific countries, but the payment form seems to appear in other places too. So I’m not sure how the service allows or disallows subscriptions.
A quick thought also occurred to me comparing this with iCloud email aliases from Apple, which is available for all paid iCloud subscriptions starting at the same price as this one ($0.99 per month) and allows the user to use their custom domain (Firefox relay premium gives you one custom subdomain under mozmail.com). And for the same price, Apple also provides 50GB of storage and supports the iCloud Relay hop service for Safari (and apps, if supported).
I’d like to support Firefox monetarily, assuming the revenue from this service goes to Mozilla Corporation (not Mozilla Foundation) and to Firefox. But the attachment size limit is currently unacceptable for me.
[+] [-] toeknee0|4 years ago|reply
Please keep the great feedback coming :)
[+] [-] akdor1154|4 years ago|reply
On the other hand, they are injecting little scare bubbles into everybody's website to advertise this, and that rubs me up the wrong way so much i want nothing to do with it.
[+] [-] groovecoder|4 years ago|reply
We fixed the original bug in Facebook Container that was showing the prompt on every website - now it only shows the prompt on websites where Facebook trackers are detected.
Facebook Container is something that inspired and influenced the development of Relay in the first place. Facebook Container users reported that they used websites and still saw ads from those websites in their Facebook feed, even though they were using Facebook Container. Because Facebook lets anyone create custom audiences for re-targeting, we need to give users a way to protect themselves from "back end" data sharing & tracking.
(https://www.facebook.com/business/help/744354708981227?id=24...)
[+] [-] opencl|4 years ago|reply
[+] [-] llampx|4 years ago|reply
Pretty nice service however again I am afraid that one day the plug will be pulled and the email addresses will be orphaned.
[+] [-] toeknee0|4 years ago|reply
[+] [-] AbuAssar|4 years ago|reply
The currency of this subscription is not valid for the country associated with your payment.
Try again
[+] [-] newhotelowner|4 years ago|reply
I use https://improvmx.com/ to forward all subdomain email to my main email (gmail) account. It has a option to forward emails to a black hole too.
From that I have learned that big companies like adobe & lendingtree gets hacked too. Or they sell your data.
[+] [-] MickyTheMouse|4 years ago|reply
Probably works with other email providers too.
[+] [-] extra88|4 years ago|reply
https://en.wikipedia.org/wiki/Email_address#Subaddressing
[+] [-] gostsamo|4 years ago|reply
[+] [-] Vinnl|4 years ago|reply
[+] [-] hawski|4 years ago|reply
[+] [-] ranguna|4 years ago|reply
Is there any way to create aliases on the fly?
Something like creating a new alias automatically when an email is received?
[+] [-] Vinnl|4 years ago|reply
Alternatively, if you have a Premium subscription, you can set up a catchall subdomain for yourself, so that e.g. [email protected] gets forward to you without having to create the alias in advance. Of course, this has the disadvantage of being able to associate that alias with other aliases you create.
[+] [-] stereoradonc|4 years ago|reply
[+] [-] unicornporn|4 years ago|reply
[+] [-] abraham|4 years ago|reply
[+] [-] rpxio|4 years ago|reply
https://spamgourmet.com
[+] [-] yborg|4 years ago|reply
[+] [-] vxNsr|4 years ago|reply