LONDON (AP) — You’ve heard of burner phones. What about burner email?
So much of the internet now requires that you hand over your email address before you’re able to use any services — from an app you’ve downloaded to signing up for a newsletter or redeeming a special offer online.
But who says you have to give your real email address? Next time you’re asked, consider using an email mask.
There are a growing number of services that give out disguised email addresses and relay any messages to your actual address. Experts say this can be a powerful tool to safeguard privacy and security.
Here are some pointers on the whys and hows of email masking:
Mask on
The idea behind email masking is simple. The masking service gives you a randomized address you can use as a decoy instead of your actual email. It can be a series of unrelated words, or a string of letters and numbers. When someone sends a message to the burner email, it will be automatically routed to your address without anyone knowing.
Providers include privacy-focused search engine DuckDuckGo’s Email Protection service, Firefox Relay from browser maker Mozilla, email service FastMail and independent services like Addy.io. The encrypted service Proton Mail offers email masking with its password manager and standalone SimpleLogin service. There are many others.
It’s one of the features Apple offers users subscribing to its iCloud+ or Apple One services. When you’re using the Safari browser app on your iPhone and need to input your email, you can tap the field above the onscreen keyboard to “Hide My Email,” which then creates a random address as a substitute.
It’s also available on Mac computers with the desktop Safari browser or Mail app. If you’re using a different browser or app, you can still manually create a random email address by going into your iCloud settings.
A Key Feature
Most services have a free version with basic options and a premium tier with more features.
Some free services can only receive emails but not reply to them. However, an important feature users should look for is the ability to do both, said Proton CEO Andy Yen.
“Maybe you never reply to a newsletter and that’s fine,” said Yen. But it’s a problem if, for example, you used your email alias to buy something online and there’s an issue with your order that the site needs to ask you about.
“Then the ability to reply is actually pretty important,” he said.
Most masking services have a dashboard control panel where you can view the various alias addresses you’ve activated. If you notice one starting to get a lot of spam, just turn it off.
When should I use it?
Mask your email when you want to add an extra layer of privacy or protect yourself from data leaks or unauthorized information sharing.
An email mask is a “general-purpose tool that can be used in any context,” says Santiago Andrigo, principal product manager at Mozilla.
However, he recommends using it in two key situations. The first is when you’re unsure what a website will do with your email address.
“Masking your email gives you control — if you start receiving unwanted messages, you can easily block any emails coming to that email mask,” Andrigo said.
The second scenario is “when your association with a service could reveal sensitive personal information,” he said. For example, if you join an online community for a specific medical condition or a minority group, a data breach could expose your participation.
Email fail
There are myriad reasons not to give out your email address to anyone who wants it.
It could be sold to marketers or shady data brokers, eroding your privacy by helping them build a profile of you for legitimate or nefarious purposes.
If your address ends up on the wrong mailing list, it could result in more junk or phishing emails. And if an online service is hacked, attackers could make off with logins, passwords and other personal information.
Using unique passwords for all your online accounts — typically with the help of a password manager — is good cybersecurity practice. “But the real pain point for any user is actually not the password getting leaked, but actually the email getting leaked,” said Yen.
Changing your password after a data breach is standard practice but it’s a lot harder to change another piece of sensitive information, your email address — unless you’re using a mask.
False solutions
There are other so-called hacks that you might have heard about.
You could set up a throwaway account with a free email service like Gmail or Yahoo. But it’s tedious to do this.
Some Gmail users add a plus sign and an extra phrase or combination of characters between their username and the @ sign. It helps track who’s sharing your address as well as filter messages.
But “from a privacy standpoint, that does nothing,” said Yen. “Because people can just simply take away the plus and get your original address.”
What about the man in the middle?
Email masks use their servers to relay message traffic between the sender and the recipient. So how can you be sure those servers are private?
Look for reputable providers that promise not to keep your messages. If you’re shopping around for an email masking service, Yen advises checking if it has “proper terms and conditions,” a privacy policy and is based in a jurisdiction where it could be legally held accountable.
“We state very clearly we’re not keeping a copy of anything that passes through our servers,” Yen said.
Firefox Relay says in its FAQs that it does not “read or store any of your messages.”
“In the event that an email cannot be delivered to you, we will keep it on our servers and delete it after it has been delivered (in no event will we hold onto it for more than three days),” it says.
Apple says it “doesn’t read or process any of the content” in email messages that pass through Hide My Email except for standard spam filtering.
“All email messages are deleted from our relay servers after they’re delivered to you, usually within seconds,” the iPhone maker says.
___
AP Technology Writer Barbara Ortutay in Oakland, Calif. contributed to this report.
___
Is there a tech topic that you think needs explaining? Write to us at [email protected] with your suggestions for future editions of One Tech Tip.
