top | item 36128749

(no title)

mkenyon | 2 years ago

I love JMAP. It's what allowed me and my team (at 1Password) to easily add support for Masked Emails, where we randomly generate your email address in addition to your password.

Our own Madeline Hanley wrote about that experience, if you'd like to see what it's like to work with JMAP: https://blog.1password.com/making-masked-email-with-jmap/

discuss

saberworks|2 years ago

I use Fastmail and 1Password, and I do used the masked email functionality. There is a massive gap, though, that makes it very difficult to rely on masked email. When I sign up for a new account somewhere, I can choose to create a masked email. If I later need to email that company (not reply via an existing email message), I must first somehow look up what email I used for that company, go into fastmail settings and create a "sender identity", remember the email address again, and then when I compose, remember to choose the sender identity that is associated with the masked email address I created for that specific company. If I forget or mess up any of those steps, I end up sending from my primary account or some other masked email address associated with some other company. Multiply that by dozens or even a hundred companies!

It would be really nice if adding a masked email automatically created a "sending identity." Further, it would be nice if the masked email account had a nickname that included the domain I was on when I created the account. That way if I need to send an email to support@nike.com, I can use the filter and type "nike.com" and get the correct masked email address.

SparkyMcUnicorn|2 years ago

> It would be really nice if adding a masked email automatically created a "sending identity."

It does.

Just click "... Show all" when choosing a sender, and that will expand the list/search to include masked emails. It should also show you the domain/service it was set up for. And as you noted, the masked email will automatically be used as the sender when replying to an email that was sent to it as well.

Using 1Password makes it super easy to see which masked email was used for each service, so I can't really relate to your frustrations there either.

I think it's a pretty polished experience, and definitely beats everything else I've used in the past.

mths|2 years ago

> go into fastmail settings and create a "sender identity"

Not anymore, they've made it much simpler for you now by combining "aliases" and "sending identities" into "my email addresses". If you thought it was confusing before when you had to click "create new" under "sender identities" in settings, now all you need to do is:

1. Head to Settings → Migration → Import page.

2. Click on Add external sending address (SMTP) without importing emails.

3. Enter the email address and click Next.

4. On the following screen, skip the password prompt and click on Manually configure.

5. Disable the option - User authenticated SMTP when sending.

6. Save the changes.

And just like that you can start sending emails with your new address, easy peasy.

echelon|2 years ago

Instead of generating a unique email per relationship, it'd be better if the email provider generated a unique key when the relationship is established that the customer or end user can revoke.

Email me at my well known identity "whoever@whatever.com" -> my provider gives you a key that you must store and continue to use for the duration of our relationship. I can terminate it if I want. If you lose the key, you must ask for a new one. If you ask too many times, I can silence you forever. You'll have to provide your own identity when asking.

For noisy environments, I can choose to give you the key upfront and only allow for that style of relationship.

I could imagine encoding the concept of entity or organization type into the keys as well so that we can distinguish individuals from companies. Professionals, academics, official employees, etc.

If you delegate your key to another party, I can choose to pre-authorize it, manually approve it, or outright deny it. Extend it haphazardly or without my consent and you may be blocked.

I'd like that type of system.

Emails shouldn't have to change. The protocol should. Getting parties onboard might be hard unless a key stakeholder (eg. Google) decides to implement this, but they're in a position to unilaterally dictate.

joshring|2 years ago

This was also an issue I had, but there is actually very good support for this hidden by an invisible feature. Simply add an `*@domain` as your email address identity. When you select that as your from address the fastmail UI gives you an input box to use whatever email you want, you don't need to make a new identity each time. For lookup, I just use my password manager.

nemoniac|2 years ago

Off the current topic but since you're promoting 1Password, I notice their cookie policy references EU legislation but chooses not to comply with it. Do you know if that's intentional?

remram|2 years ago

Indeed that is very awkward: "European Union (“EU”) legislation requires all website operators to inform website visitors about their usage of cookies"

Later: "first-party and third-party cookies are used on: 1password.com (...)

Stating that you need consent and not asking for it is extremely weird.

abhibeckert|2 years ago

Not from 1Password, but refusing to comply with EU cookie legislation seems to be almost universal.

Is any company compliant?!

(I'm being facetious... my company is compliant or at least I think it is - not a lawyer... but it's very rare)

kazinator|2 years ago

I easily implemented throw-away mailing addresses over an IMAP/SMTP setup.

https://www.kylheku.com/cgit/tamarind/

This is a CGI-scripted web application without any kind of web framework, in an original programming language.

It authenticates you using IMAP or SASL: with direct socket work in a few lines of code. (That's the only integration with IMAP.)

It manages aliases in a standard aliases file. If configured, it can work with the master /etc/aliases file, in which cases it will carve out a section of the file for itself and respect the surrounding file when it adds or removes aliases. I run a separate aliases file, though.

kazinator|2 years ago

I do most of my mailing using the RoundCube webmail interface. I made some patches to it.

In connection with the throw-away mail aliases, the issue that comes up is that when you use them for sending, rather than just receiving mails, you want that to be available in the list of sender identities in the mail client.

While it isn't automatic, I put in a hack which at least makes it easier to identify the mail identities. In RoundCube, a mail identity has an "Organization" field: what org you belong to. There is a mail header for that, IIRC.

I changed the UI so that when you look at the identities list box, the Organization field is listed in parentheses (if it is non-blank). Then I use Organization to describe the purpose of the mail alias, e.g "Foo Mailing List" or "ABC Company".

Only a small subset of my throw-away mail aliases become sender identities; I do that manually.

nilespotter|2 years ago

I use catch all aliasing and sieve out the offenders. Seems easier.

ilyt|2 years ago

How JMAP made that better ?

Last time we did something like that new email address was just "add entry to a Dovecot database", fully protocol agnostic

calvinmorrison|2 years ago

because the masked email API matches the rest of the JMAP API, so it's easy to extend and support. Also, 1Password isn't running Dovecot, Fastmail is. So they're asking a 3rd party is a fairly standards conformant way to go and create a new email alias

Avamander|2 years ago

Yet your 1password.eu DMARC is set to a very shameful p=none. Priorities...