[HN Gopher] An Ode to Apple's Hide My Email ___________________________________________________________________ An Ode to Apple's Hide My Email Author : mlapida Score : 279 points Date : 2022-04-10 17:42 UTC (5 hours ago) (HTM) web link (empty.coffee) (TXT) w3m dump (empty.coffee) | DIVx0 wrote: | I don't use Safari but I still use this feature a lot even though | I have to do a few extra steps because it does not integrate with | anything other than Safari, its that useful for me. | | Some sites have never worked properly with the | email+tag@gmail.com thing and some have even become wise to it | and wont accept addresses like that (car dealers are the worst). | | I hope someday apple allows 3rd party integration with this | feature. | [deleted] | fiddlerwoaroof wrote: | One workaround is that gmail ignores dots in the local part | too: so you can use unusual punctuation for marketing: | e.mail@gmail.com | newaccount74 wrote: | I don't get the email+tag. Spammers can just drop the plus tag | and get your real email address? | cormacrelf wrote: | If it makes it into a leak database, you know who to blame. | stu2b50 wrote: | They could, but they don't. Spammers cast a wide net and | usually aren't concerned about the crumbs that fall through. | Not to mention the people that do the plus or dot tricks are | going to be extremely low value spam targets. | stingraycharles wrote: | Yup, but assuming these spammers want to keep their lists | of leaked emails fresh, it's kind of silly that they're so | unconcerned about it: they're very much helping to expose | their suppliers. I feel that they must realize that can't | be good, but maybe I overestimate them. | yifanlu wrote: | I signed up for Comcast Xfinity using a brand new "hide my email" | address and three months later I started receiving phishing | emails at that address. (I've gotten over half a dozen so far). | Made me realize that either Comcast was hacked (without | disclosing it) or they're selling people's emails. | randomluck040 wrote: | I do that the old fashioned way with a catchall mail address | and forward them. If they start smelling weird, I filter the | address and change the mail address with the service provider. | ed25519FUUU wrote: | I wouldn't rule out both. | dwighttk wrote: | Probably both! | redmattred wrote: | I've experienced the same with comcast and have contacted their | support. They claim there was no data breach or they aren't | selling emails, but that obviously isn't the case. | cromka wrote: | Surely some attorneys would be interested in a class-action. | sneak wrote: | According to https://www.xfinity.com/Corporate/Customers/Po | licies/Subscri... you have to give up your rights to a | class action and a jury trial to get Comcast service. | | Additionally, they spend a ton of money lobbying and | otherwise unfairly impeding competition, so in many places | in the US, they are the only option, so it's give up your | civil rights to lawsuits, or stay offline (or pay a | wireless carrier who does the same anticompetitive scumbag | shit a heinous price per gigabyte). | | The state of both wireless and wireline broadband in the US | is totally broken, and it's not getting fixed because it's | broken by design, as part of the general attitude by large | corporate interests and cooperative legislatures and | regulatory bodies to treat the US population as a sort of | natural resource like a flock of sheep to be fleeced rather | than as legitimate customers to be serviced (or a | legitimate market to be participated in on merits). | | They do this by ensuring that there is no meaningful | competition, and ensuring that if you do "willingly" engage | in service with them, you have no meaningful legal recourse | if they abuse you. | | "We're the phone company. We don't have to care." | | You have no real power against them because the people who | control the system have decided that you should not have | any real power against them. | hackernewds wrote: | Knowing how they're hijacking my bandwidth for their | Xfinity hotspot service, the dark patterns to enable it, | and the hiddenness of disabling it - it doesn't seem | implausible. | sircastor wrote: | I'm no lawyer, but I wonder if this is more of a "go | away" clause and if it would survive a real courtroom. | Your lawyer would undoubtedly say "don't waste your time | and money", but I question how many of our rights we can | really, actually give up in a contract. | EE84M3i wrote: | Well, it could also be the case that everything is working as | designed, and that they gave your address to someone else who | did have a data breach or is themselves sending the phishing | emails. | allanrbo wrote: | Made a very similar thing, since before apple did it actually:-) | mine's called https://ent.re | JZL003 wrote: | There are lots of ways to do this. Postfix is nice but a little | heavy. The simplest and most functional way I've found is | https://github.com/0xERR0R/mailcatcher since all it does is | forward the emails. You can even use a throwaway gmail SMTP so it | doesn't get send to spam | | Easy to set up on a rpi/cheap VPS, as long as you have a | hostname. And while you're there, look for a short domain name so | it's fast to type (on credit card kiosks). You can get cheap | short non-standard TLD's like .li. I got a 3 character domain for | $5 a year, as short as bit.ly, but just for me | JZL003 wrote: | I guess it's harder (although not impossble) to send email | _from_ this throwaway address, but that has never come up for | me, for external accounts | nyuszika7h wrote: | Twitter is one site that I know requires you to reply to | their automated email from the exact same address if you want | to appeal a suspended or locked account. | user3939382 wrote: | It's a built-in feature of Fastmail which is how I do it | gman83 wrote: | I must be the only person who doesn't receive spam. I mean I do, | but it goes into the spam folder. I've never really understood | why I should use something like this. I have my email address on | my website anyway, so it's not like it's private information. | Gigachad wrote: | I have been using my current domain for 3 years now and I don't | receive any spam in my spam box either. Email spam seems like | it was a solved problem years ago. Now its all just newsletters | which go right through the spam filter.. | devmunchies wrote: | Is this different than me just programmatically adding new email | addresses on my domains, which just forward to my primary? Is it | just more convenient? | | I ask for learning, not for skepticism. | cmg wrote: | It has the benefit of being at a general domain, icloud.com, | instead of one that is (in theory) traceable to you for someone | who cares enough to do so. | gzer0 wrote: | The only thing really holding me back from wanting to use iCloud | mailing services is the current implementation of MFA on Apple | services. | | It would be fine if you were allowed to use normal MFA options, | but no, that is not possible. Instead, you MUST confirm your | logins via already signed in Apple-devices only. There is no | other way. Cannot use phone number (for good reason, but that is | besides the point), cannot have a secret key based TOTP. | Kwpolska wrote: | SMS is available as a fallback 2FA method for Apple ID. | m-p-3 wrote: | I only wish they'd support standard TOTP as well, like | everyone else. | sewsuiuldot wrote: | I wish they'd let users decide what they want to use as | additional factors. I would like to ban phone calls, | emails, SMS, and TOTP entirely from all my accounts, | especially those that hold credentials for other services, | and use only WebAuthn. | | I'd love to use Apple's keychain for credentials for | convenience but it can quickly become the weakest link, | when it should be the strongest. | gzer0 wrote: | Unfortunately, only one phone number is allowed per Apple ID. | And I do not have multiple phone numbers to expend for an SMS | only 2fa option here. | JimDabell wrote: | This is not correct. Go to | https://appleid.apple.com/account/manage and you will see | that you can add multiple trusted phone numbers under | Account Security. | bmarquez wrote: | You can have multiple accounts on one "trusted phone | number". Trusted phone number is where Apple sends the SMS | 2FA code. I have several Apple ID's on 1 phone number. | | This is different than "Reachable at" phone number which | must be unique and is used for iMessage and Facetime, and | if it's blank other people can only reach you via iCloud | account email. | | (It makes sense if you think about it, parents setting up | iCloud accounts for their children's iPads who might not | have their own phone). | thetinguy wrote: | As long as you add a trusted phone number you can do Mfa over | sms. Not ideal but it is an option. | kayodelycaon wrote: | Actually, Apple allows SMS and recovery keys as a fallback and | there is an account recovery option if none of these work. | | https://support.apple.com/en-us/HT204915 | | Google on the other hand... I've seen two people lose their | Gmail accounts even they knew the password because google | required verification from a mobile device that no longer | existed. :| | criddell wrote: | I think Google also has recovery keys. I have a slip of paper | with ten long strings on them that Google told me could be | used to regain access to my account. | Gigachad wrote: | Google seems to have changed their MFA stragagry recently | where normal TOTP apps are a backup measure while the | already signed in device is the primary. It wouldn't shock | me if they don't prompt you to set up the app or recovery | keys anymore. | egamirorrim wrote: | It's a really clever way for apple to be able to read everyone's | email for sure | voisin wrote: | Any evidence of this you'd like to share? | trollied wrote: | No need for the tin foil hat nonsense. | LeoPanthera wrote: | You're angry about this but not iCloud Mail, their full hosted | email product, that has existed under various names for over 20 | years? | drivebycomment wrote: | https://support.apple.com/en-us/HT210425 | | > Apple doesn't read or process any of the content in the email | messages that pass through Hide My Email, except to perform | standard spam filtering that's required to maintain our status | as a trusted email provider. All email messages are deleted | from our relay servers after they're delivered to you, usually | within seconds. | | Unless you can present an evidence, your post is mostly a | conspiracy theory. | vba616 wrote: | >your post is mostly a conspiracy theory. | | Do you frequently bet that people are doing the right thing | with no oversight? How often does that prove to be true? | abraae wrote: | I would take the bet in this case without hesitation. Apple | is too big and has too many potential internal whistle | blowers to run a clandestine email monitoring operation. | manquer wrote: | They can do that anyway? Hide my email just generates random | aliases to your iCloud mailbox which Apple always had access . | ec109685 wrote: | If you hide your gmail address, they can now see the email to | gmail that they couldn't before. | | But yes, they already have tons of access to email that they | could (but don't) do nefarious things with. | fetzu wrote: | If you are worried about third parties having access to your | communications, you shouldn't be using (unencrypted) email. | daemn wrote: | Abine Blur (https://www.abine.com/) was one of the first to do | that however some of the domains started to get blocked. Hide My | Email using iCloud negates that risk. | binwiederhier wrote: | I have a unique email address for every single service that I | sign up for, similar to this, though selfhosted. I've been doing | this for years and it works wonderfully. If someone misuses my | email address, or gets annoying, I can simply turn off the | address. Bam! | | It's the easiest Postfix config in the universe, essentially | just: virtual_alias_domains = domain1.com | domain2.com virtual_alias_maps = hash:/etc/postfix/virtual | | And then /etc/postfix/virtual looks like this: | phil.equifax@domain1.com firstname.lastname@gmail.com | phil.experian@domain1.com firstname.lastname@gmail.com ... | (hundreds of these) | | I also made a super simple web UI for myself to edit this file | quickly. | | Gmail seems to be fine with this, emails do not usually end up in | spam. Every full moon maybe, but usually it's alright. | | It's not as shiny as Apple's thing, but it's 100% selfhosted and | I own the domain. | z8 wrote: | I'm doing the exact same thing. Built a small web app that lets | me manage all my email aliases for the domain. Unfortunately | there are a couple of websites that do only allow a select list | of whitelisted domains meaning I cannot use my own, but for the | other 99% it works wonders. I wish I had had this idea ten | years ago, it would have saved me so many headaches. | KennyBlanken wrote: | > It's not as shiny as Apple's thing, but it's 100% selfhosted | and I own the domain. | | Apple's system is "shiny" because it provides near total | anonymity, whereas your setup has all the deliverabilty issues | of a self-hosted domain and rather uniquely identifies you...at | the domain level? | | I'm not sure why you are maintaining a hundreds-of-lines | virtual table and a web UI, instead of just using a regex or | two to capture phil.*@domain2.com or something along those | lines (maybe you want to do one including a year or something | to cut down on spam), or blacklisting as needed by having | postfix reject during the SMTP session so the email is marked | as invalid and is removed from the spammer's database. | | Or, I dunno, just use VERP? I don't think I've yet run across | anyone smart enough to drop VERP from email addresses. | binwiederhier wrote: | I'm maintaining hundreds of lines because I started with one. | And i was too lazy to change it. Your approach it probably | better ;-) | ohlookabird wrote: | Nice! I do something similar, but using an automatic aliasing | scheme so that I don't have to manually configure an email | address for each service and other users can use this without | me knowing their aliases. In my setup, aliases can contain | wildcards, represented as percent signs. If an alias | phil.%@domain1.com is set up, all your examples will be sent to | the respective aliased address. I use Postfix Admin with a | MySQL database. Hence the Postfix setup looks like this: | virtual_alias_maps = | mysql:/etc/postfix/mysql_virtual_alias_maps.cf, | mysql:/etc/postfix/mysql_virtual_alias_maps_wildcard.cf, | hash:/etc/postfix/virtual | | The first file is just regular aliases, and is basically a | simpler version of the second file (no SQL selections/filters) | and could also be merged into a single query with the second | file: user = mail password = | <password> hosts = 127.0.0.1 dbname = | maildb_postfix query = SELECT a1.goto FROM alias a1 | LEFT JOIN alias a2 on (a2.address = '%s') WHERE | '%s' LIKE a1.address AND a1.active = '1' AND | a2.address IS NULL | | This works, because the percent sign in the alias is picked up | by the LIKE keyword. A setup like this allows me to configure | many aliases through Postfix Admin's web admin page, including | optional wildcard aliases (depending on which users wants | that). It has been working very well for me over the past 15+ | years. Also, I haven't looked at that SQL query since then and | would likely write it in a nicer way today. | | Note: with the above code SQL injection could be possible | through an alias name, but given that in this setup I am the | only one managing the mail accounts, I was willing to take this | risk. :-) Postfix Admin might do some cleaning/validation, but | I haven't checked on it. | hackernewds wrote: | Why not just use phil+craigslist@gmail.com or | phil+kmart@gmail.com? same effect and lands in the same | phil@gmail.com address | ratww wrote: | Because it's not as effective if the goal is to catch spam. | Spammers are already wise to the meaning of + and will | strip it automatically when selling data in bulk. Plus, | some services block creating accounts with the + or with | their name in the address. | pixl97 wrote: | Block any email to the address missing the + | m-p-3 wrote: | Then you end up with spammers simply putting gibberish | after the plus sign. | scoot wrote: | I use 33mail.com (33m.co) which does the same thing (it has a | link on the email to disable the address). You can use a | subdomain or custom domain. It has a generous free tier, and | ridiculously cheap paid tier. (Paid is required if you want to | be able to reply to inbound emails.) | vernie wrote: | Aside from being self-hosted how does this differ from +suffix | Gmail addresses? | heldergg wrote: | Plus addressing is not unique to gmail nor it was invented by | google. | | For example, to enable plus addressing in postfix is only a | matter of defining: | | recipient_delimiter = + | JZL003 wrote: | Also, not as granular, but instead of the + suffix, add a dot | in a weird place. So | | n.ame@gmail.com or nam.e@gmail.com . Many SMTP servers | respect periods as differentiating emails, so services can't | delete them. It doesn't help you stop spam, but you can add a | gmail filter that n.ame@gmail.com is put in a separate label. | And it's very fast to type, easy for non tech-y people | MrRiddle wrote: | It's trivial to figure out main gmail address? | cubesnooper wrote: | It's almost as trivial with this format too, at least to | guess what address is used for other services, though it | has a strong advantage over using '+' in GMail in that | nothing will try this automatically. It's hard to believe | anyone would intentionally try to guess a different | service's email to spam to it, but even so in my setup I | prefer to eliminate this possibility completely by adding a | random number to the service name: | experian12322@example.com, and so on, with no catchall for | invalid addresses. | | So far the most spam I've gotten has been to the address I | used for Amazon (probably leaked by a third-party seller | there). | binwiederhier wrote: | > It's almost as trivial with this format too | | I mean you can pick any format you want before the "@", | but yeah my format is trivial. Nobody has tried to do it | automatically yet though, as far as I can tell. | SalimoS wrote: | I remember Starzplay didn't accept the + in my email when | I tried it (technically I signed up but couldn't login | anymore ) | binwiederhier wrote: | Honestly, probably not a whole lot. | | Though I had originally made this because with the "+" | approach, you can easily get the original address by simply | removing everything after the "+", while with mine you | cannot. On top of that, sometimes "+" does not work in | services that do "strict email validation". | [deleted] | webmobdev wrote: | Some services do not accept email with a "+" in it. | KennyBlanken wrote: | Postfix allows defining any character as a VERP separator. | | OP also could have just used a regex in the virtual file. | PrettyPastry wrote: | Some services even accept it to create an account, but not | to log in. | | One never let me change my email or password when I used | the +. | r2b2 wrote: | The problem with self hosted email is that your domain becomes | a unique (or near-unique with a few domains) tracking | reference. | jen729w wrote: | Only if the entity on the other end understands this though, | right? Which they probably don't. | | Otherwise everyone @example.com is the same person. | webmobdev wrote: | And, if the email service is also self-hosted, it prevents | Apple from collecting more data about your interests and | purchases through your email, which it uses to profile you (to | determine how to extract more money from you). | TonyTrapp wrote: | I'm doing it the other way around, which is slightly less work | because you don't have to create new email addresses | explicitly: Catch-all by default, with a recipient blocklist as | part of smtpd_relay_restrictions that I update whenever some | service gets breached. | rootusrootus wrote: | I do a simplified version of this. I just use a catchall | account with Fastmail and then pick email addresses in the | domain randomly. If someone abuses the address, I block it. I | specifically do _not_ use addresses that make it obvious what | my strategy is. I end up just using a name and number that | would look right at home on gmail. | | I'm also not trying to stop tracking, so much as I'm trying to | have my own semi-permanent equivalent to mailinator that nobody | will recognize as such, that I can use to cut back on the | amount of spam I get. | 3-cheese-sundae wrote: | I used to do it this way too, but got overwhelmed by | dictionary attacks. | beeboop wrote: | I've been happily using fastmail for years and I think I'm | going to be forced to stop. My outbound emails are constantly | getting caught in spam and it recently cost me a job offer. | b1n wrote: | I've been thinking of a new way to use my email... | | - Only use one email address: hi@example.com | | - Always add a filter: hi+hn@example.com | | - Send all emails without a filter to SPAM | | Since it's not a common strategy, it is much more likely that | spammers remove the +hn before sending an email than add one. | IAmEveryone wrote: | Gmail also ignores the dot. If you choose a 17-character | mailbox name, you can use any one of 2^16 different | patterns of placing dots between them. | | Capitalisation could also be used for such a purpose, but | may be more likeely to accidentally get stripped. | vmception wrote: | would not recommend | | not only can you not sign up to many services, customer | support can often get confused when you need to email reply | to them and you cannot email from your aliased email. they | see you as a separate user not in their system, or the | wrong person replied to the support ticket, etc. | mackmgg wrote: | Can you not reply from a user+foo@example.com alias? I | use the catchall approach (so just foo@example.com when | signing up for foo), but if I need to email customer | support I'll just send the email from foo@example.com. | I've never tried that with a + in the account though to | see if my client supports it. | VTimofeenko wrote: | I have tried this approach. Unfortunately, some services | will not accept plus sign in the username no matter what | RFC says. On top of that, some services seem to not like | seeing the service name in the username. I.e. foo.tld will | refuse sending email to mailbox+foo@mydomain.tld. | JimDabell wrote: | Some mail providers support receiving mail on arbitrary | hostnames, so you can set up a wildcard MX record and | then use mailbox@foo.example.com instead. This avoids | email validation issues with plus addresses, spammers | don't try removing any parts of the hostname, and I think | in the many years I have been using it I've only run into | a problem with including the service name once or | possibly twice. | plsbenice34 wrote: | Fastmail seems to be based in Australia unfortunately, so it | is not secure | Gigachad wrote: | Email is not secure full stop. Don't do any kind of | sensitive conversation over it regardless of where it is | hosted. | texaslonghorn5 wrote: | As an android user I've never seen this before -- this seems way | better than email+tag@gmail.com | lapser wrote: | There is SimpleLogin[0] and Mozilla Private Relay[1] as more | generic options. I've never tried them as I struggle to figure | out how trustworthy they are. At the end of the day, emails are | essentially proxied by these products. | | [0] https://simplelogin.io | | [1] https://relay.firefox.com/ | C4K3 wrote: | Another one that's come up in the past is | https://sneakemail.com/ | gnuj3 wrote: | Simplpgin have been around for much longer than Apple's | service and I believe they have been bought by ProtonMail now | as well. | baxtr wrote: | The great thing about Apple doing stuff like that is the sheer | scale they reach. | | Sure, there were many services like that before, and many of us | have used them. But making it an integral part of iOS can drive | mass adoption. You have to credit Apple for that. | Gigachad wrote: | There is also a trust component. I do trust Apple to not abuse | this product or shut it down in the future much more than I do | some no name privacy company. | ultrasounder wrote: | This is serendipitous. I just now signed up for the 5 day | overcoming overthinking challenge by Jon Acuff and when I signed | up Apple checkef with me if I wanted to hide my email and this is | trending on HN! | pueblito wrote: | Yesterday I was shopping with my wife and was thrilled with how I | could use Hide My Email in an irl sales situation - mattress | shopping! | pensatoio wrote: | Hide My Email is an awesome product, no doubt, but why the | mention of Have I Been Pwned? Security through obscurity is not | worth two cents. Use a password manager and generate your | passwords. | ThePowerOfFuet wrote: | > It's important to note that you shouldn't use Hide My Email for | everything. For example, you probably don't want to use a random | address for critical services such as online banking. If you | trust the bank with your money, you can probably trust them with | your email. I'd also think through those sites that may use your | email to help others find you, such as social media accounts. If | you'd like your contacts to find you automatically, you'll need | to use an email they know of. | | Social media is high on the list of use cases for such addresses | to help preserve one's privacy. | earthboundkid wrote: | How do I report Hide My Email abuse? Someone used it to send a | nasty email to my company. I couldn't figure out how to report | it. My guess is there is no way to do it and there won't be until | after some reporters make it the Apple scandal of the week when | there's no other news. | callalex wrote: | Are you sure that was the actual sender? Email allows you to | write whatever you want in the From field. | Gigachad wrote: | If your email host is half decent it will automatically move | these emails to spam and plaster huge fraud warnings all over | an email which does this. | quenix wrote: | I'm not sure how one would do that? You cannot create Hide My | Email addresses purely to send mail. Your company would have to | first send mail to that address, and then the person behind it | may reply | fwr wrote: | Of course you can: https://www.macrumors.com/how-to/hide- | your-email-address-mai... | guywithabike wrote: | Have you tried emailing abuse@icloud.com? | FabHK wrote: | A useful feature the article doesn't mention: | | In macOS Mail and iOS Mail, when you reply to an email or send a | new one, you can choose the "From" address: The options are the | usual accounts you have set up, plus, now, a "Hide my Email" | proxy generated on-the-fly. I've found it very handy on several | occasions. | lowdose wrote: | I have been tinkering to use chrome auto filling form to sign up | for random services with the email address of the current | director of the CIA Bill Burns. Haven't tried it though. | sneak wrote: | Apple provides data on iCloud subscribers to the police without | search warrants or probable cause over 20k times every year(!) | (under FAA 702, aka PRISM), because the US federal government | illegally demands it and Apple has no ability to really stop them | without their staff going to jail (thanks to the government's | secret interpretations of what FAA 702 really means). Much of the | data in iCloud is _not_ end-to-end encrypted (including the keys | protecting all of your iMessages, as well as all your photos, and | your device backups) so this is a _huge_ amount of data on /about | you they can be compelled to turn over at any time _without | probable cause_. | | This means that you shouldn't use iCloud (even if you have | nothing to hide). The fact that there is no probable cause | required means that the state can demand this data as part of a | fishing expedition to abuse/harass even the totally innocent. | | This means that features like this, which _lock you in_ to using | iCloud in the long term, should be assiduously avoided. | | Get your own domain name and get your own email hosting (not from | Apple) and use that. You can setup a catchall to have unlimited | unique email addresses. You can use multiple domains if you like. | Step by step instructions on how to do this are on my website. | newaccount74 wrote: | I've been using yopmail for years to avoid spam, but the problem | is that a lot of services have blocked yopmail and other | disposable email addresses. | | The nice thing with "hide my email" and Fastmails "masked | addresses" is that the two services use a popular domain, so | sites can't easily block it. | ratww wrote: | Yep, I used to use Mailinator, sometimes others, but they | eventually end up blocked in Marketing-hungry websites. | | Even myname+random@gmail.com and similar can get blocked from | registration on some websites now. | | The difference here is the power of iCloud. Services can't | afford to block it. | | This is similar to Domain Fronting [1]. Maybe we should call | this email fronting? | | [1] https://en.wikipedia.org/wiki/Domain_fronting | kingcharles wrote: | I still get sites from time to time that reject custom domains | and want an address on yahoo.com, gmail.com etc, which is | infuriating. | | The worst thing is that so many sites have stupid email | validation rules. Even cameo.com, which is a mid-size ecommerce | site, doesn't accept a lot of TLDs created in the last 8 years, | including mine. | sunny3 wrote: | Unfortunately, I found that Hide My Email complicates | unsubscribing. I tried unsubscribing from Jumba Juice many times | unsuccessfully, only to realize that the email that I entered was | my actual email, and I should enter the email that was shared to | Jumba Juice instead. | dawnerd wrote: | If an unsubscribe link makes me re-enter my email I just report | as spam. Not worth the energy | yellow_postit wrote: | Love the service but nervous on the lock-in. Any guides for how | to migrate off Apple after using lots of emails? | | I've been happy with the Fastmail+1Password integration as that | "feels" less painful to migrate off the in the future. | adamhearn wrote: | Currently I forward all my iCloud mail to my protonmail. Not | sure if the aliases will stick around after cancelling a | subscription however. | up6w6 wrote: | The most popular open-source alternatives are SimpleLogin[1] and | AnonAddy[2]. The former one was just acquired by ProtonMail[3]. | | [1] https://github.com/simple-login/app/ | | [2] https://github.com/anonaddy/anonaddy | | [3] https://protonmail.com/blog/proton-and-simplelogin-join- | forc... | bertman wrote: | Huh, hadn't heard about Proton buying Simple Login. I'm not | sure how to feel about that. I really like SimpleLogin, but | Proton always felt kind of "icky" for lack of a better word. | Guess we'll see. | Vinnl wrote: | Mozilla also has Firefox Relay: https://relay.firefox.com/ | | (Disclosure: I'm on the Relay team.) | sinatra wrote: | If relay gets popular, won't some services simply start to | block relay subdomain for registration to make it | ineffective? Just like 10minutesemail etc are blocked in many | places. | m-p-3 wrote: | You can flag them to the Relay team and AFAIK they'll reach | out to the domain that blacklisted them with the hope to | make them change their mind. | | A service that doesn't accept an email proxy during | registration is not going to respect my privacy, so IMO not | worth of using. | skeletonjelly wrote: | I love Relay! Thank you! | submeta wrote: | Been using individual email adresses for each website I signed up | for by using Fastmail.com's email aliasses. - Previously I had a | second email address just for sign ups, but whenever a platform | was hacked and user data was leaked, my email address was burned. | | So yes, this feature is super useful, and kudos to Apple for | introducing this to their customer base. | germinalphrase wrote: | I use this feature extensively. | | My only wish is that it were easier to send an outgoing email via | a Hide My Email address (rather than only being about to reply | once the other party has sent the first message). | gnuj3 wrote: | Yup, this makes is unusable for me. Try AnonAddy bro, its much | better. You even get iOS app to manage your aliases on the go. | kingcharles wrote: | Fastmail handles this perfectly. | | Discussion here: | | https://news.ycombinator.com/item?id=30964570 | blokey wrote: | In iOS and macOS mail.app, you can select the from name in the | compose sheet and the option to autogenerate and random email | address using "Hide My Email". | | Not totally intuitive but pretty decent. | germinalphrase wrote: | Ah, that is helpful. Thank you. | laserdancepony wrote: | If Apple would provide an easy and straightforward method of | sending emails from that garbled and, to the layperson, | "anonymous" adresses all kind of dumb shit would happen. I | guess they don't want that kind of publicity, even if they can | obviously trace every offender. | manquer wrote: | Gmail used to have send-as feature that verified only with your | ability to click on the link that you get from google on that | inbox. | | Technically you can do the same with SES on AWS as well, they | verify just a single email address this way (domain is with dns | records), and they have SMTP gateways to connect to a mail | client . | pram wrote: | Huge fan of this, started using it for practically every signup. | I've already had the opportunity to shitcan an alias because it | obviously got dumped to some advertisement list. | | Now I just need to work on untangling 15 years of other services | from my main account. | 4a3f35b5a wrote: | > you probably don't want to use a random address for critical | services such as online banking. | | Why not? | gnuj3 wrote: | Where is the ode to the likes of AnonAddy that have been about | for a long time now AND are provides much better service? | 8K832d7tNmiQ wrote: | hear, hear! | | Anonaddy is a godsend to me, for having an additional feature | to set which alias are allowed to forward (albeit limited just | enough for essential services I can use) and also recently you | can reply a message from your alias email | hombre_fatal wrote: | Bringing first-class support for it on Safari/iOS is | interesting, and I'm surprised they did it. Even my mom is | using it because, when it pops up, why not. | | Until this, it was just a handful of privacy-conscious folks | using services like AnonAddy. | edsimpson wrote: | Don't forget SimpleLogin which is open source and just got | bought by ProtonMail last week. | notriddle wrote: | Services that only provide disposable addresses get blocked. | iCloud is too big to block. | gnuj3 wrote: | I havent come across service that would reject me, although I | use my own domain with AnonAddy. | SylvieLorxu wrote: | I see SimpleLogin mentioned in the replies several times, but I | haven't seen anyone mention that you can use your own domain name | with them to prevent vendor lock-in. | | You can also export your setup through their API so you can very | easily migrate to a self-hosted instance if ever necessary: | | wget --header "Authentication: YOUR_API_KEY" | https://app.simplelogin.io/api/export/aliases -o simplelogin- | export-$(date +%s).csv | | And given the author talks about Have I Been Pwned, I feel I | should mention that SimpleLogin has built-in HIBP integration | (contributed by me in https://github.com/simple- | login/app/pull/472) | hackernewds wrote: | Why not just use phil+craigslist@gmail.com or | phil+kmart@gmail.com to achieve the same effect? ends up in the | same phil@gmail.com inbox | muhehe wrote: | This is nice and all, until your apple account get locked (for no | good reason) | sosborn wrote: | You can say that about any email service that isn't self- | hosted. | drexlspivey wrote: | Using your own domain doesn't have this problem as you can | just move to another service | muhehe wrote: | That's true, of course. But this is adding _another_ layer of | dependency to already fragile reliability. | | Edit: also with custom domain you can switch email providers. | uuyi wrote: | I use my custom domain with iCloud. I use the anonymous | email feature only for crap signups. Problem solved. | muhehe wrote: | Good for you (seriously), that's very reasonable, but far | from author's recommendation. | crossroadsguy wrote: | Or you want to send email (not a reply). | | People are better off not using Apple's HideMyEmail. There are | better ways that allows this on your domain - no lock-in! | | Or no lock-in with a device or browser (because without that | it's a bigger pain). ___________________________________________________________________ (page generated 2022-04-10 23:00 UTC)