[HN Gopher] An Ode to Apple's Hide My Email
___________________________________________________________________
An Ode to Apple's Hide My Email
Author : mlapida
Score : 279 points
Date : 2022-04-10 17:42 UTC (5 hours ago)
(HTM) web link (empty.coffee)
(TXT) w3m dump (empty.coffee)
| DIVx0 wrote:
| I don't use Safari but I still use this feature a lot even though
| I have to do a few extra steps because it does not integrate with
| anything other than Safari, its that useful for me.
|
| Some sites have never worked properly with the
| email+tag@gmail.com thing and some have even become wise to it
| and wont accept addresses like that (car dealers are the worst).
|
| I hope someday apple allows 3rd party integration with this
| feature.
| [deleted]
| fiddlerwoaroof wrote:
| One workaround is that gmail ignores dots in the local part
| too: so you can use unusual punctuation for marketing:
| e.mail@gmail.com
| newaccount74 wrote:
| I don't get the email+tag. Spammers can just drop the plus tag
| and get your real email address?
| cormacrelf wrote:
| If it makes it into a leak database, you know who to blame.
| stu2b50 wrote:
| They could, but they don't. Spammers cast a wide net and
| usually aren't concerned about the crumbs that fall through.
| Not to mention the people that do the plus or dot tricks are
| going to be extremely low value spam targets.
| stingraycharles wrote:
| Yup, but assuming these spammers want to keep their lists
| of leaked emails fresh, it's kind of silly that they're so
| unconcerned about it: they're very much helping to expose
| their suppliers. I feel that they must realize that can't
| be good, but maybe I overestimate them.
| yifanlu wrote:
| I signed up for Comcast Xfinity using a brand new "hide my email"
| address and three months later I started receiving phishing
| emails at that address. (I've gotten over half a dozen so far).
| Made me realize that either Comcast was hacked (without
| disclosing it) or they're selling people's emails.
| randomluck040 wrote:
| I do that the old fashioned way with a catchall mail address
| and forward them. If they start smelling weird, I filter the
| address and change the mail address with the service provider.
| ed25519FUUU wrote:
| I wouldn't rule out both.
| dwighttk wrote:
| Probably both!
| redmattred wrote:
| I've experienced the same with comcast and have contacted their
| support. They claim there was no data breach or they aren't
| selling emails, but that obviously isn't the case.
| cromka wrote:
| Surely some attorneys would be interested in a class-action.
| sneak wrote:
| According to https://www.xfinity.com/Corporate/Customers/Po
| licies/Subscri... you have to give up your rights to a
| class action and a jury trial to get Comcast service.
|
| Additionally, they spend a ton of money lobbying and
| otherwise unfairly impeding competition, so in many places
| in the US, they are the only option, so it's give up your
| civil rights to lawsuits, or stay offline (or pay a
| wireless carrier who does the same anticompetitive scumbag
| shit a heinous price per gigabyte).
|
| The state of both wireless and wireline broadband in the US
| is totally broken, and it's not getting fixed because it's
| broken by design, as part of the general attitude by large
| corporate interests and cooperative legislatures and
| regulatory bodies to treat the US population as a sort of
| natural resource like a flock of sheep to be fleeced rather
| than as legitimate customers to be serviced (or a
| legitimate market to be participated in on merits).
|
| They do this by ensuring that there is no meaningful
| competition, and ensuring that if you do "willingly" engage
| in service with them, you have no meaningful legal recourse
| if they abuse you.
|
| "We're the phone company. We don't have to care."
|
| You have no real power against them because the people who
| control the system have decided that you should not have
| any real power against them.
| hackernewds wrote:
| Knowing how they're hijacking my bandwidth for their
| Xfinity hotspot service, the dark patterns to enable it,
| and the hiddenness of disabling it - it doesn't seem
| implausible.
| sircastor wrote:
| I'm no lawyer, but I wonder if this is more of a "go
| away" clause and if it would survive a real courtroom.
| Your lawyer would undoubtedly say "don't waste your time
| and money", but I question how many of our rights we can
| really, actually give up in a contract.
| EE84M3i wrote:
| Well, it could also be the case that everything is working as
| designed, and that they gave your address to someone else who
| did have a data breach or is themselves sending the phishing
| emails.
| allanrbo wrote:
| Made a very similar thing, since before apple did it actually:-)
| mine's called https://ent.re
| JZL003 wrote:
| There are lots of ways to do this. Postfix is nice but a little
| heavy. The simplest and most functional way I've found is
| https://github.com/0xERR0R/mailcatcher since all it does is
| forward the emails. You can even use a throwaway gmail SMTP so it
| doesn't get send to spam
|
| Easy to set up on a rpi/cheap VPS, as long as you have a
| hostname. And while you're there, look for a short domain name so
| it's fast to type (on credit card kiosks). You can get cheap
| short non-standard TLD's like .li. I got a 3 character domain for
| $5 a year, as short as bit.ly, but just for me
| JZL003 wrote:
| I guess it's harder (although not impossble) to send email
| _from_ this throwaway address, but that has never come up for
| me, for external accounts
| nyuszika7h wrote:
| Twitter is one site that I know requires you to reply to
| their automated email from the exact same address if you want
| to appeal a suspended or locked account.
| user3939382 wrote:
| It's a built-in feature of Fastmail which is how I do it
| gman83 wrote:
| I must be the only person who doesn't receive spam. I mean I do,
| but it goes into the spam folder. I've never really understood
| why I should use something like this. I have my email address on
| my website anyway, so it's not like it's private information.
| Gigachad wrote:
| I have been using my current domain for 3 years now and I don't
| receive any spam in my spam box either. Email spam seems like
| it was a solved problem years ago. Now its all just newsletters
| which go right through the spam filter..
| devmunchies wrote:
| Is this different than me just programmatically adding new email
| addresses on my domains, which just forward to my primary? Is it
| just more convenient?
|
| I ask for learning, not for skepticism.
| cmg wrote:
| It has the benefit of being at a general domain, icloud.com,
| instead of one that is (in theory) traceable to you for someone
| who cares enough to do so.
| gzer0 wrote:
| The only thing really holding me back from wanting to use iCloud
| mailing services is the current implementation of MFA on Apple
| services.
|
| It would be fine if you were allowed to use normal MFA options,
| but no, that is not possible. Instead, you MUST confirm your
| logins via already signed in Apple-devices only. There is no
| other way. Cannot use phone number (for good reason, but that is
| besides the point), cannot have a secret key based TOTP.
| Kwpolska wrote:
| SMS is available as a fallback 2FA method for Apple ID.
| m-p-3 wrote:
| I only wish they'd support standard TOTP as well, like
| everyone else.
| sewsuiuldot wrote:
| I wish they'd let users decide what they want to use as
| additional factors. I would like to ban phone calls,
| emails, SMS, and TOTP entirely from all my accounts,
| especially those that hold credentials for other services,
| and use only WebAuthn.
|
| I'd love to use Apple's keychain for credentials for
| convenience but it can quickly become the weakest link,
| when it should be the strongest.
| gzer0 wrote:
| Unfortunately, only one phone number is allowed per Apple ID.
| And I do not have multiple phone numbers to expend for an SMS
| only 2fa option here.
| JimDabell wrote:
| This is not correct. Go to
| https://appleid.apple.com/account/manage and you will see
| that you can add multiple trusted phone numbers under
| Account Security.
| bmarquez wrote:
| You can have multiple accounts on one "trusted phone
| number". Trusted phone number is where Apple sends the SMS
| 2FA code. I have several Apple ID's on 1 phone number.
|
| This is different than "Reachable at" phone number which
| must be unique and is used for iMessage and Facetime, and
| if it's blank other people can only reach you via iCloud
| account email.
|
| (It makes sense if you think about it, parents setting up
| iCloud accounts for their children's iPads who might not
| have their own phone).
| thetinguy wrote:
| As long as you add a trusted phone number you can do Mfa over
| sms. Not ideal but it is an option.
| kayodelycaon wrote:
| Actually, Apple allows SMS and recovery keys as a fallback and
| there is an account recovery option if none of these work.
|
| https://support.apple.com/en-us/HT204915
|
| Google on the other hand... I've seen two people lose their
| Gmail accounts even they knew the password because google
| required verification from a mobile device that no longer
| existed. :|
| criddell wrote:
| I think Google also has recovery keys. I have a slip of paper
| with ten long strings on them that Google told me could be
| used to regain access to my account.
| Gigachad wrote:
| Google seems to have changed their MFA stragagry recently
| where normal TOTP apps are a backup measure while the
| already signed in device is the primary. It wouldn't shock
| me if they don't prompt you to set up the app or recovery
| keys anymore.
| egamirorrim wrote:
| It's a really clever way for apple to be able to read everyone's
| email for sure
| voisin wrote:
| Any evidence of this you'd like to share?
| trollied wrote:
| No need for the tin foil hat nonsense.
| LeoPanthera wrote:
| You're angry about this but not iCloud Mail, their full hosted
| email product, that has existed under various names for over 20
| years?
| drivebycomment wrote:
| https://support.apple.com/en-us/HT210425
|
| > Apple doesn't read or process any of the content in the email
| messages that pass through Hide My Email, except to perform
| standard spam filtering that's required to maintain our status
| as a trusted email provider. All email messages are deleted
| from our relay servers after they're delivered to you, usually
| within seconds.
|
| Unless you can present an evidence, your post is mostly a
| conspiracy theory.
| vba616 wrote:
| >your post is mostly a conspiracy theory.
|
| Do you frequently bet that people are doing the right thing
| with no oversight? How often does that prove to be true?
| abraae wrote:
| I would take the bet in this case without hesitation. Apple
| is too big and has too many potential internal whistle
| blowers to run a clandestine email monitoring operation.
| manquer wrote:
| They can do that anyway? Hide my email just generates random
| aliases to your iCloud mailbox which Apple always had access .
| ec109685 wrote:
| If you hide your gmail address, they can now see the email to
| gmail that they couldn't before.
|
| But yes, they already have tons of access to email that they
| could (but don't) do nefarious things with.
| fetzu wrote:
| If you are worried about third parties having access to your
| communications, you shouldn't be using (unencrypted) email.
| daemn wrote:
| Abine Blur (https://www.abine.com/) was one of the first to do
| that however some of the domains started to get blocked. Hide My
| Email using iCloud negates that risk.
| binwiederhier wrote:
| I have a unique email address for every single service that I
| sign up for, similar to this, though selfhosted. I've been doing
| this for years and it works wonderfully. If someone misuses my
| email address, or gets annoying, I can simply turn off the
| address. Bam!
|
| It's the easiest Postfix config in the universe, essentially
| just: virtual_alias_domains = domain1.com
| domain2.com virtual_alias_maps = hash:/etc/postfix/virtual
|
| And then /etc/postfix/virtual looks like this:
| phil.equifax@domain1.com firstname.lastname@gmail.com
| phil.experian@domain1.com firstname.lastname@gmail.com ...
| (hundreds of these)
|
| I also made a super simple web UI for myself to edit this file
| quickly.
|
| Gmail seems to be fine with this, emails do not usually end up in
| spam. Every full moon maybe, but usually it's alright.
|
| It's not as shiny as Apple's thing, but it's 100% selfhosted and
| I own the domain.
| z8 wrote:
| I'm doing the exact same thing. Built a small web app that lets
| me manage all my email aliases for the domain. Unfortunately
| there are a couple of websites that do only allow a select list
| of whitelisted domains meaning I cannot use my own, but for the
| other 99% it works wonders. I wish I had had this idea ten
| years ago, it would have saved me so many headaches.
| KennyBlanken wrote:
| > It's not as shiny as Apple's thing, but it's 100% selfhosted
| and I own the domain.
|
| Apple's system is "shiny" because it provides near total
| anonymity, whereas your setup has all the deliverabilty issues
| of a self-hosted domain and rather uniquely identifies you...at
| the domain level?
|
| I'm not sure why you are maintaining a hundreds-of-lines
| virtual table and a web UI, instead of just using a regex or
| two to capture phil.*@domain2.com or something along those
| lines (maybe you want to do one including a year or something
| to cut down on spam), or blacklisting as needed by having
| postfix reject during the SMTP session so the email is marked
| as invalid and is removed from the spammer's database.
|
| Or, I dunno, just use VERP? I don't think I've yet run across
| anyone smart enough to drop VERP from email addresses.
| binwiederhier wrote:
| I'm maintaining hundreds of lines because I started with one.
| And i was too lazy to change it. Your approach it probably
| better ;-)
| ohlookabird wrote:
| Nice! I do something similar, but using an automatic aliasing
| scheme so that I don't have to manually configure an email
| address for each service and other users can use this without
| me knowing their aliases. In my setup, aliases can contain
| wildcards, represented as percent signs. If an alias
| phil.%@domain1.com is set up, all your examples will be sent to
| the respective aliased address. I use Postfix Admin with a
| MySQL database. Hence the Postfix setup looks like this:
| virtual_alias_maps =
| mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
| mysql:/etc/postfix/mysql_virtual_alias_maps_wildcard.cf,
| hash:/etc/postfix/virtual
|
| The first file is just regular aliases, and is basically a
| simpler version of the second file (no SQL selections/filters)
| and could also be merged into a single query with the second
| file: user = mail password =
| <password> hosts = 127.0.0.1 dbname =
| maildb_postfix query = SELECT a1.goto FROM alias a1
| LEFT JOIN alias a2 on (a2.address = '%s') WHERE
| '%s' LIKE a1.address AND a1.active = '1' AND
| a2.address IS NULL
|
| This works, because the percent sign in the alias is picked up
| by the LIKE keyword. A setup like this allows me to configure
| many aliases through Postfix Admin's web admin page, including
| optional wildcard aliases (depending on which users wants
| that). It has been working very well for me over the past 15+
| years. Also, I haven't looked at that SQL query since then and
| would likely write it in a nicer way today.
|
| Note: with the above code SQL injection could be possible
| through an alias name, but given that in this setup I am the
| only one managing the mail accounts, I was willing to take this
| risk. :-) Postfix Admin might do some cleaning/validation, but
| I haven't checked on it.
| hackernewds wrote:
| Why not just use phil+craigslist@gmail.com or
| phil+kmart@gmail.com? same effect and lands in the same
| phil@gmail.com address
| ratww wrote:
| Because it's not as effective if the goal is to catch spam.
| Spammers are already wise to the meaning of + and will
| strip it automatically when selling data in bulk. Plus,
| some services block creating accounts with the + or with
| their name in the address.
| pixl97 wrote:
| Block any email to the address missing the +
| m-p-3 wrote:
| Then you end up with spammers simply putting gibberish
| after the plus sign.
| scoot wrote:
| I use 33mail.com (33m.co) which does the same thing (it has a
| link on the email to disable the address). You can use a
| subdomain or custom domain. It has a generous free tier, and
| ridiculously cheap paid tier. (Paid is required if you want to
| be able to reply to inbound emails.)
| vernie wrote:
| Aside from being self-hosted how does this differ from +suffix
| Gmail addresses?
| heldergg wrote:
| Plus addressing is not unique to gmail nor it was invented by
| google.
|
| For example, to enable plus addressing in postfix is only a
| matter of defining:
|
| recipient_delimiter = +
| JZL003 wrote:
| Also, not as granular, but instead of the + suffix, add a dot
| in a weird place. So
|
| n.ame@gmail.com or nam.e@gmail.com . Many SMTP servers
| respect periods as differentiating emails, so services can't
| delete them. It doesn't help you stop spam, but you can add a
| gmail filter that n.ame@gmail.com is put in a separate label.
| And it's very fast to type, easy for non tech-y people
| MrRiddle wrote:
| It's trivial to figure out main gmail address?
| cubesnooper wrote:
| It's almost as trivial with this format too, at least to
| guess what address is used for other services, though it
| has a strong advantage over using '+' in GMail in that
| nothing will try this automatically. It's hard to believe
| anyone would intentionally try to guess a different
| service's email to spam to it, but even so in my setup I
| prefer to eliminate this possibility completely by adding a
| random number to the service name:
| experian12322@example.com, and so on, with no catchall for
| invalid addresses.
|
| So far the most spam I've gotten has been to the address I
| used for Amazon (probably leaked by a third-party seller
| there).
| binwiederhier wrote:
| > It's almost as trivial with this format too
|
| I mean you can pick any format you want before the "@",
| but yeah my format is trivial. Nobody has tried to do it
| automatically yet though, as far as I can tell.
| SalimoS wrote:
| I remember Starzplay didn't accept the + in my email when
| I tried it (technically I signed up but couldn't login
| anymore )
| binwiederhier wrote:
| Honestly, probably not a whole lot.
|
| Though I had originally made this because with the "+"
| approach, you can easily get the original address by simply
| removing everything after the "+", while with mine you
| cannot. On top of that, sometimes "+" does not work in
| services that do "strict email validation".
| [deleted]
| webmobdev wrote:
| Some services do not accept email with a "+" in it.
| KennyBlanken wrote:
| Postfix allows defining any character as a VERP separator.
|
| OP also could have just used a regex in the virtual file.
| PrettyPastry wrote:
| Some services even accept it to create an account, but not
| to log in.
|
| One never let me change my email or password when I used
| the +.
| r2b2 wrote:
| The problem with self hosted email is that your domain becomes
| a unique (or near-unique with a few domains) tracking
| reference.
| jen729w wrote:
| Only if the entity on the other end understands this though,
| right? Which they probably don't.
|
| Otherwise everyone @example.com is the same person.
| webmobdev wrote:
| And, if the email service is also self-hosted, it prevents
| Apple from collecting more data about your interests and
| purchases through your email, which it uses to profile you (to
| determine how to extract more money from you).
| TonyTrapp wrote:
| I'm doing it the other way around, which is slightly less work
| because you don't have to create new email addresses
| explicitly: Catch-all by default, with a recipient blocklist as
| part of smtpd_relay_restrictions that I update whenever some
| service gets breached.
| rootusrootus wrote:
| I do a simplified version of this. I just use a catchall
| account with Fastmail and then pick email addresses in the
| domain randomly. If someone abuses the address, I block it. I
| specifically do _not_ use addresses that make it obvious what
| my strategy is. I end up just using a name and number that
| would look right at home on gmail.
|
| I'm also not trying to stop tracking, so much as I'm trying to
| have my own semi-permanent equivalent to mailinator that nobody
| will recognize as such, that I can use to cut back on the
| amount of spam I get.
| 3-cheese-sundae wrote:
| I used to do it this way too, but got overwhelmed by
| dictionary attacks.
| beeboop wrote:
| I've been happily using fastmail for years and I think I'm
| going to be forced to stop. My outbound emails are constantly
| getting caught in spam and it recently cost me a job offer.
| b1n wrote:
| I've been thinking of a new way to use my email...
|
| - Only use one email address: hi@example.com
|
| - Always add a filter: hi+hn@example.com
|
| - Send all emails without a filter to SPAM
|
| Since it's not a common strategy, it is much more likely that
| spammers remove the +hn before sending an email than add one.
| IAmEveryone wrote:
| Gmail also ignores the dot. If you choose a 17-character
| mailbox name, you can use any one of 2^16 different
| patterns of placing dots between them.
|
| Capitalisation could also be used for such a purpose, but
| may be more likeely to accidentally get stripped.
| vmception wrote:
| would not recommend
|
| not only can you not sign up to many services, customer
| support can often get confused when you need to email reply
| to them and you cannot email from your aliased email. they
| see you as a separate user not in their system, or the
| wrong person replied to the support ticket, etc.
| mackmgg wrote:
| Can you not reply from a user+foo@example.com alias? I
| use the catchall approach (so just foo@example.com when
| signing up for foo), but if I need to email customer
| support I'll just send the email from foo@example.com.
| I've never tried that with a + in the account though to
| see if my client supports it.
| VTimofeenko wrote:
| I have tried this approach. Unfortunately, some services
| will not accept plus sign in the username no matter what
| RFC says. On top of that, some services seem to not like
| seeing the service name in the username. I.e. foo.tld will
| refuse sending email to mailbox+foo@mydomain.tld.
| JimDabell wrote:
| Some mail providers support receiving mail on arbitrary
| hostnames, so you can set up a wildcard MX record and
| then use mailbox@foo.example.com instead. This avoids
| email validation issues with plus addresses, spammers
| don't try removing any parts of the hostname, and I think
| in the many years I have been using it I've only run into
| a problem with including the service name once or
| possibly twice.
| plsbenice34 wrote:
| Fastmail seems to be based in Australia unfortunately, so it
| is not secure
| Gigachad wrote:
| Email is not secure full stop. Don't do any kind of
| sensitive conversation over it regardless of where it is
| hosted.
| texaslonghorn5 wrote:
| As an android user I've never seen this before -- this seems way
| better than email+tag@gmail.com
| lapser wrote:
| There is SimpleLogin[0] and Mozilla Private Relay[1] as more
| generic options. I've never tried them as I struggle to figure
| out how trustworthy they are. At the end of the day, emails are
| essentially proxied by these products.
|
| [0] https://simplelogin.io
|
| [1] https://relay.firefox.com/
| C4K3 wrote:
| Another one that's come up in the past is
| https://sneakemail.com/
| gnuj3 wrote:
| Simplpgin have been around for much longer than Apple's
| service and I believe they have been bought by ProtonMail now
| as well.
| baxtr wrote:
| The great thing about Apple doing stuff like that is the sheer
| scale they reach.
|
| Sure, there were many services like that before, and many of us
| have used them. But making it an integral part of iOS can drive
| mass adoption. You have to credit Apple for that.
| Gigachad wrote:
| There is also a trust component. I do trust Apple to not abuse
| this product or shut it down in the future much more than I do
| some no name privacy company.
| ultrasounder wrote:
| This is serendipitous. I just now signed up for the 5 day
| overcoming overthinking challenge by Jon Acuff and when I signed
| up Apple checkef with me if I wanted to hide my email and this is
| trending on HN!
| pueblito wrote:
| Yesterday I was shopping with my wife and was thrilled with how I
| could use Hide My Email in an irl sales situation - mattress
| shopping!
| pensatoio wrote:
| Hide My Email is an awesome product, no doubt, but why the
| mention of Have I Been Pwned? Security through obscurity is not
| worth two cents. Use a password manager and generate your
| passwords.
| ThePowerOfFuet wrote:
| > It's important to note that you shouldn't use Hide My Email for
| everything. For example, you probably don't want to use a random
| address for critical services such as online banking. If you
| trust the bank with your money, you can probably trust them with
| your email. I'd also think through those sites that may use your
| email to help others find you, such as social media accounts. If
| you'd like your contacts to find you automatically, you'll need
| to use an email they know of.
|
| Social media is high on the list of use cases for such addresses
| to help preserve one's privacy.
| earthboundkid wrote:
| How do I report Hide My Email abuse? Someone used it to send a
| nasty email to my company. I couldn't figure out how to report
| it. My guess is there is no way to do it and there won't be until
| after some reporters make it the Apple scandal of the week when
| there's no other news.
| callalex wrote:
| Are you sure that was the actual sender? Email allows you to
| write whatever you want in the From field.
| Gigachad wrote:
| If your email host is half decent it will automatically move
| these emails to spam and plaster huge fraud warnings all over
| an email which does this.
| quenix wrote:
| I'm not sure how one would do that? You cannot create Hide My
| Email addresses purely to send mail. Your company would have to
| first send mail to that address, and then the person behind it
| may reply
| fwr wrote:
| Of course you can: https://www.macrumors.com/how-to/hide-
| your-email-address-mai...
| guywithabike wrote:
| Have you tried emailing abuse@icloud.com?
| FabHK wrote:
| A useful feature the article doesn't mention:
|
| In macOS Mail and iOS Mail, when you reply to an email or send a
| new one, you can choose the "From" address: The options are the
| usual accounts you have set up, plus, now, a "Hide my Email"
| proxy generated on-the-fly. I've found it very handy on several
| occasions.
| lowdose wrote:
| I have been tinkering to use chrome auto filling form to sign up
| for random services with the email address of the current
| director of the CIA Bill Burns. Haven't tried it though.
| sneak wrote:
| Apple provides data on iCloud subscribers to the police without
| search warrants or probable cause over 20k times every year(!)
| (under FAA 702, aka PRISM), because the US federal government
| illegally demands it and Apple has no ability to really stop them
| without their staff going to jail (thanks to the government's
| secret interpretations of what FAA 702 really means). Much of the
| data in iCloud is _not_ end-to-end encrypted (including the keys
| protecting all of your iMessages, as well as all your photos, and
| your device backups) so this is a _huge_ amount of data on /about
| you they can be compelled to turn over at any time _without
| probable cause_.
|
| This means that you shouldn't use iCloud (even if you have
| nothing to hide). The fact that there is no probable cause
| required means that the state can demand this data as part of a
| fishing expedition to abuse/harass even the totally innocent.
|
| This means that features like this, which _lock you in_ to using
| iCloud in the long term, should be assiduously avoided.
|
| Get your own domain name and get your own email hosting (not from
| Apple) and use that. You can setup a catchall to have unlimited
| unique email addresses. You can use multiple domains if you like.
| Step by step instructions on how to do this are on my website.
| newaccount74 wrote:
| I've been using yopmail for years to avoid spam, but the problem
| is that a lot of services have blocked yopmail and other
| disposable email addresses.
|
| The nice thing with "hide my email" and Fastmails "masked
| addresses" is that the two services use a popular domain, so
| sites can't easily block it.
| ratww wrote:
| Yep, I used to use Mailinator, sometimes others, but they
| eventually end up blocked in Marketing-hungry websites.
|
| Even myname+random@gmail.com and similar can get blocked from
| registration on some websites now.
|
| The difference here is the power of iCloud. Services can't
| afford to block it.
|
| This is similar to Domain Fronting [1]. Maybe we should call
| this email fronting?
|
| [1] https://en.wikipedia.org/wiki/Domain_fronting
| kingcharles wrote:
| I still get sites from time to time that reject custom domains
| and want an address on yahoo.com, gmail.com etc, which is
| infuriating.
|
| The worst thing is that so many sites have stupid email
| validation rules. Even cameo.com, which is a mid-size ecommerce
| site, doesn't accept a lot of TLDs created in the last 8 years,
| including mine.
| sunny3 wrote:
| Unfortunately, I found that Hide My Email complicates
| unsubscribing. I tried unsubscribing from Jumba Juice many times
| unsuccessfully, only to realize that the email that I entered was
| my actual email, and I should enter the email that was shared to
| Jumba Juice instead.
| dawnerd wrote:
| If an unsubscribe link makes me re-enter my email I just report
| as spam. Not worth the energy
| yellow_postit wrote:
| Love the service but nervous on the lock-in. Any guides for how
| to migrate off Apple after using lots of emails?
|
| I've been happy with the Fastmail+1Password integration as that
| "feels" less painful to migrate off the in the future.
| adamhearn wrote:
| Currently I forward all my iCloud mail to my protonmail. Not
| sure if the aliases will stick around after cancelling a
| subscription however.
| up6w6 wrote:
| The most popular open-source alternatives are SimpleLogin[1] and
| AnonAddy[2]. The former one was just acquired by ProtonMail[3].
|
| [1] https://github.com/simple-login/app/
|
| [2] https://github.com/anonaddy/anonaddy
|
| [3] https://protonmail.com/blog/proton-and-simplelogin-join-
| forc...
| bertman wrote:
| Huh, hadn't heard about Proton buying Simple Login. I'm not
| sure how to feel about that. I really like SimpleLogin, but
| Proton always felt kind of "icky" for lack of a better word.
| Guess we'll see.
| Vinnl wrote:
| Mozilla also has Firefox Relay: https://relay.firefox.com/
|
| (Disclosure: I'm on the Relay team.)
| sinatra wrote:
| If relay gets popular, won't some services simply start to
| block relay subdomain for registration to make it
| ineffective? Just like 10minutesemail etc are blocked in many
| places.
| m-p-3 wrote:
| You can flag them to the Relay team and AFAIK they'll reach
| out to the domain that blacklisted them with the hope to
| make them change their mind.
|
| A service that doesn't accept an email proxy during
| registration is not going to respect my privacy, so IMO not
| worth of using.
| skeletonjelly wrote:
| I love Relay! Thank you!
| submeta wrote:
| Been using individual email adresses for each website I signed up
| for by using Fastmail.com's email aliasses. - Previously I had a
| second email address just for sign ups, but whenever a platform
| was hacked and user data was leaked, my email address was burned.
|
| So yes, this feature is super useful, and kudos to Apple for
| introducing this to their customer base.
| germinalphrase wrote:
| I use this feature extensively.
|
| My only wish is that it were easier to send an outgoing email via
| a Hide My Email address (rather than only being about to reply
| once the other party has sent the first message).
| gnuj3 wrote:
| Yup, this makes is unusable for me. Try AnonAddy bro, its much
| better. You even get iOS app to manage your aliases on the go.
| kingcharles wrote:
| Fastmail handles this perfectly.
|
| Discussion here:
|
| https://news.ycombinator.com/item?id=30964570
| blokey wrote:
| In iOS and macOS mail.app, you can select the from name in the
| compose sheet and the option to autogenerate and random email
| address using "Hide My Email".
|
| Not totally intuitive but pretty decent.
| germinalphrase wrote:
| Ah, that is helpful. Thank you.
| laserdancepony wrote:
| If Apple would provide an easy and straightforward method of
| sending emails from that garbled and, to the layperson,
| "anonymous" adresses all kind of dumb shit would happen. I
| guess they don't want that kind of publicity, even if they can
| obviously trace every offender.
| manquer wrote:
| Gmail used to have send-as feature that verified only with your
| ability to click on the link that you get from google on that
| inbox.
|
| Technically you can do the same with SES on AWS as well, they
| verify just a single email address this way (domain is with dns
| records), and they have SMTP gateways to connect to a mail
| client .
| pram wrote:
| Huge fan of this, started using it for practically every signup.
| I've already had the opportunity to shitcan an alias because it
| obviously got dumped to some advertisement list.
|
| Now I just need to work on untangling 15 years of other services
| from my main account.
| 4a3f35b5a wrote:
| > you probably don't want to use a random address for critical
| services such as online banking.
|
| Why not?
| gnuj3 wrote:
| Where is the ode to the likes of AnonAddy that have been about
| for a long time now AND are provides much better service?
| 8K832d7tNmiQ wrote:
| hear, hear!
|
| Anonaddy is a godsend to me, for having an additional feature
| to set which alias are allowed to forward (albeit limited just
| enough for essential services I can use) and also recently you
| can reply a message from your alias email
| hombre_fatal wrote:
| Bringing first-class support for it on Safari/iOS is
| interesting, and I'm surprised they did it. Even my mom is
| using it because, when it pops up, why not.
|
| Until this, it was just a handful of privacy-conscious folks
| using services like AnonAddy.
| edsimpson wrote:
| Don't forget SimpleLogin which is open source and just got
| bought by ProtonMail last week.
| notriddle wrote:
| Services that only provide disposable addresses get blocked.
| iCloud is too big to block.
| gnuj3 wrote:
| I havent come across service that would reject me, although I
| use my own domain with AnonAddy.
| SylvieLorxu wrote:
| I see SimpleLogin mentioned in the replies several times, but I
| haven't seen anyone mention that you can use your own domain name
| with them to prevent vendor lock-in.
|
| You can also export your setup through their API so you can very
| easily migrate to a self-hosted instance if ever necessary:
|
| wget --header "Authentication: YOUR_API_KEY"
| https://app.simplelogin.io/api/export/aliases -o simplelogin-
| export-$(date +%s).csv
|
| And given the author talks about Have I Been Pwned, I feel I
| should mention that SimpleLogin has built-in HIBP integration
| (contributed by me in https://github.com/simple-
| login/app/pull/472)
| hackernewds wrote:
| Why not just use phil+craigslist@gmail.com or
| phil+kmart@gmail.com to achieve the same effect? ends up in the
| same phil@gmail.com inbox
| muhehe wrote:
| This is nice and all, until your apple account get locked (for no
| good reason)
| sosborn wrote:
| You can say that about any email service that isn't self-
| hosted.
| drexlspivey wrote:
| Using your own domain doesn't have this problem as you can
| just move to another service
| muhehe wrote:
| That's true, of course. But this is adding _another_ layer of
| dependency to already fragile reliability.
|
| Edit: also with custom domain you can switch email providers.
| uuyi wrote:
| I use my custom domain with iCloud. I use the anonymous
| email feature only for crap signups. Problem solved.
| muhehe wrote:
| Good for you (seriously), that's very reasonable, but far
| from author's recommendation.
| crossroadsguy wrote:
| Or you want to send email (not a reply).
|
| People are better off not using Apple's HideMyEmail. There are
| better ways that allows this on your domain - no lock-in!
|
| Or no lock-in with a device or browser (because without that
| it's a bigger pain).
___________________________________________________________________
(page generated 2022-04-10 23:00 UTC)