Monday, May 23, 2016

Life is Better without Username Reuse (email aliases FTW!)

Facebook, LinkedIn, Amazon, PayPal, Yahoo, Google. We keep accounts with many of these websites. They and many others use email addresses as the first half of the classic username and password combo. They do this because email addresses are unique and double as a reasonably secure communication channel with the user. And of course we often sign-up for things online to receive information by entering our email address. All this email address sharing, while technically nothing being wrong with it, unfortunately causes several highly annoying problems. These problems can be solved, or at least made far easier to deal with, by leveraging email address aliases. An email alias is where you create one or more email addresses that all send to the same account, vaguely similar to desktop folder shortcuts.

With email address sharing / username reuse, by far the biggest problem we run into is spam. And the more we share and reuse our email addresses across systems, the bigger the spam problem becomes. Sometimes websites sell our email addresses. Other times they share them with third-partie business partners, and from time to time they get leaked in a data breach. Whatever the case, once an email address is out there, it’s out there. No taking it back and no amount of mailing list opting out will help. I know. I’ve tried.

There are other problems too. Anyone who knows your email address can easily determine what systems you’re using (i.e. “This email address is already registered.”). This issue is not only a privacy issue, but a potential security issue as it makes it easier to target your account via brute force, phishing, password recovery hacks, etc. And of course when you have several online accounts, you’re constantly notified via email, which explodes your inbox. Creating rules in your email app using strings in the subject or content body helps, but doing so isn’t easy and never comprehensive. When all these problems are tied to your email email address, there is no escape. You can’t easily kill or change your main email address because all your friends, family, and business contacts use it too.

My solution to these problems, which has been working great, is by using email address aliases based on custom domain name. For example, my personal domain is jeremiahgrossman.com. So as an example, I create a new email alias that’s just for Facebook, like fb@jeremiahgrossman.com. Or on Paypal it would be pp@jeremiahgrossman. You can technically use any email alias for this purpose, even a random one. When email is sent to these aliases they automatically forward to my main email address. I never reuse these email address aliases for any other than their intended use, and never use my main email address to register for anything if I can help it.

It does cost a few bucks to pay for domain name and email hosting, but it ain’t much these days and the value is WAY worth it. When things are set up this way, I can be reasonably sure that any email to these aliases, that is supposedly from them, is legit and not a phishing scam because no one else knows the email address / username I used. And since the particular website is only using the email address alias I gave them, inbox rules are way easier.

Then if the email address is leaked, gets spammed out, or whatever, I can just kill it off, create another, and change the account email address / username. The up front work is a little tedious, but again, worth it. And the best part, when you have your own domain name, email aliases are essentially free — I’ve about 100 now. And there is no reason you can’t use any old crap domain name either.

Good luck!

12 comments:

Doug Burks said...

Great post!

Per Jeremiah's request, I'm adding my comment from Twitter.

Another option that doesn't require running your own domain is that some email providers allow users to use "plus" aliases:
https://support.google.com/mail/answer/12096?hl=en

However, there are some websites that don't allow the plus sign in email addresses, so it's not a universal solution.

Anonymous said...

I do this but have a catchall on my domain do i dont need to create aliases. If one gets soammed then I'll block that specific alias.

Anonymous said...

I do this but have a catchall on my domain do i dont need to create aliases. If one gets soammed then I'll block that specific alias.

Anonymous said...

Occasionally I run into a problem where I must be able to send from the designated email address as well as receive mail to it, or it must match some other system's email-based username. These can be quite annoying to work around.

Anonymous said...

Sending from a specific address when using aliases is a tiny bit annoying, but still possible at least.
Configure the actual email-address you want to send from in your mailclient by just changing the front part of the already set-up address and you will send the mail from this address when using this account.

Anonymous said...

Something you might wist to take into account is that your mail host might limit email aliases - I use GApps and they limit you to 50 aliases per real account, but that might be b/c I'm on a grandfathered free account.

One way to get around this is to have "category accounts" - e.g. money@, shopping@ - and tie the aliases to those accounts; this also provides an additional benefit that you can archive emails in the category account inboxes before you forward them to your main account, so if you just delete things in your main account you have a backup. Obviously you might not want to do this for your category inbox dealing with sketchy things

skomak said...

Great idea, I had it in my mind for a long time but maybe just slow down for a while and implement it for myself :)

Anonymous said...

Re plus addresses, some email providers (Fastmail for example) allow you to use subdomains in the same way: anything@username.domain.com

Tamizh said...

Truly said jeremiah, email id and username are unique for everyone. You know what our future generation won't be having a username available for them few years later.

elixir of immortality

Marry said...

If you are going for Gmail images, you must complete the details like the name of your ad, landing page URL, the display URL, email subject line, name of the advertiser and a description of offer made by you. http://robertbuckner.livejournal.com/3277.html

نيازمنديهای ايران said...

perfect..............

ishhu said...

nice