Email alias strategy

I’m sorting out my email alias strategy and wanted some input. Here’s what I’m doing / considering doing:

I use Proton with Simple Login

A. Proton email address
never given out to anyone.
all Simple Login aliases forward here

B. Simple Login Aliases w/ Custom Domain #1
used for services where I want to retain the account (i.e stuff I care about)

C. Simple Login Aliases w/ Custom Domain #2
used for services that are critical and personally identifiable by nature (health insurance, banking, electric bills, etc)

D. Simple Login Aliases w/ default 'simplelogin.com domains
used for anything I don’t care about (shopping, services I seldom use, etc)

So some questions here:

  1. Is C above useful, or do I really just need a single custom domain that covers B & C?
  2. Sometimes family or friends want to email me, or sometimes, they send me a gift for a holiday and in doing so, have submitted my email to some subscription service. For this, I’m considering a separate “friends & fam” domain, or segregating those aliases. Any thoughts on how to approach that?
  3. Finally, if I do any business dealings where people want to contact me for services, I’ll likely have an additional domain for this. This also seems like it could be subject to the issues in question #2 as well

Thanks in advance

Proton aliases:
#1 login (never give out; only used to login)
#2 main inbox (never give out; redirect all SL aliases here)
#3 friends & family
#4 business/important
#5 random (a pre-setup alias for when you need an email on the fly; burn later if need be)
#6 domain registrar (to buy your custom domain)

Simplelogin aliases:
ID known - use custom domain #1
ID unknown - use SL domain

Notes:
#3, #4 and #5 can be on custom domain #2 if desired
Accounts with SL aliases are usually only receiving email. Whilst reverse aliases can be used to reply, they can be cumbersome. For important accounts that you will frequently reply to or have multiple cc recipients, use #4

1 Like

Completely agree about A. Using a custom domain is one way to protect it.
In regard to B & C, I did not know custom domains could be used for SL aliases, but the separation makes sense to me. D also, makes perfect sense.

Right now, I use a random alias for more than 90% of the websites for which I have accounts.

Depends on your threat model really. From pure privacy pov, with custom domain you’re trading some privacy and/or anonymity with total control and total portability. Some service provider already exchanging data among themselves so compartmentalization using 1 unique alias per 1 service on custom domain might be moot since those services might realize its just 1 person using the custom domain vs using alias provider domain with its thousands of users on the domains.

I did the A and B myself but since my reason for using custom domain is for control and portability, with privacy became the bonus, i don’t feel the need to further compartmentalize using more than 1 domain.

I’m curious to know people’s take on this. Since Aliases came only recently, I did gave my main protonmail address to some companies.

If I changed all of those one by one to a new alias for each, is it sufficient? Meaning, they would still possibly have my main address in their database?

I have a bad advice :sweat_smile: :
Start using alias for everything, creating too much of them. Notice that it’s becoming a real hassle when you need to compose new mails, cause you need to go to aliasing service and retrieve the reverse send address. Notice that when you reply to an email, sometimes your real username get leaked in the message body. Start to doubt your choices to use too much alias, and perhaps back down a little bit. :sweat_smile:

3 Likes

Yeah its quite problematic, and for wuite a few times i have to change my account from alias to a real email to initiate a dialog with a provider.

Though sometimes you can find contact forms on providers website, i use that s much as possible, though it could bring 1 more party (CRM) into the game.

Still, I think using alias is benefitial, just it is definitely not something I can recommend to everyone.

Only Krypton can get at you Superman …

The main goal I see is when your email address leaks to whatever marketing or other companies, you can clearly see who leaked your address. Then you could file a complaint and disable that specific alias.

3 Likes

Why did you give your main Proton address away when you could potentially give out secondary Proton addresses with a paid subscription?

I had paid Proton Mail+ subscription for years, without ever using it, because I was still figured out my strategy. I didn’t even create secondary addresses until a couple of months ago. And even when I had a free account for many years, I pretty much never used it, except for sending emails to myself. I’m that paranoid about corporations having my main address.

I started paying a couple years after.

I can trace the few organisms I gave my main address and could change them all, but is it worth it or a waste of time?

I think you can simply create another address and make that new address the default address.

2 Likes

ASKING FOR FEEDBACK:

Is it a bad strategy to use e-mail aliases for frequent correspondence?

Ever since I signed up to Proton Mail, I’ve avoided sharing my Proton addresses with anyone who uses a Big Tech email providers such as Gmail, Hotmail, Yahoo, etc… That means not sharing my Proton addresses with friends, family, and occasionally businesses.

My Rule: If I have the choice between exposing my Proton address to send non-encrypted emails versus using an alias to send non-encrypted e-mails, I’d rather do the latter.

Is that a bad idea for people I have to exchange with regularly?

E.g.: Suppose my sisters and I hire a lawyer to sue a company over a family matter.

Although our lawyer has a professional privately owned e-mail (lawyer@lawfirm.com), and I have a Proton address, my sisters both have Gmail addresses.

So because I want to avoid any of my Proton addresses to be exposed on Google’s servers via my sisters, I give our lawyer and my sisters an alias instead (username@passinbox.com).

Knowing that there are going to be group e-mails through which we regularly correspond with our lawyer as a family, creating long email threads (15+), is it impractical to use an alias?

Is it bad to use an alias if one wants to keep records of emails? Are there any downsides to this strategy vs using a Proton address?

Keep in mind, in both cases, the emails are not E2EE.

Considering Google already has access to all the information contained in the emails you are copied into with your sisters, might it be easier to create your own single use Gmail account, rather than giving yourself the added stress of managing threads with an alias, and revealing the fact you use Proton or whatever (metadata)? Direct your emails to a private email client like Thunderbird, and export copies of your emails for your record.

Why would I create a single use Gmail account? That makes no sense.

My sisters don’t have my Proton address. They still have my old Gmail address. When I switched to Proton, I never gave any of my Proton addresses to friends or family. I also haven’t had to email my family for anything in many months. Now, I do.

You note at the very top of the thread that you “use Proton with Simple Login”. I don’t recall seeing mention of you having a Gmail account that your sisters already contact you on. That aside, why can’t you continue using that account to communicate with your sisters and the lawyer, considering Google has access via your sisters to all the correspondence if not from you directly? That way you wouldn’t need to reveal having a Proton account or aliases. Could forward emails to your Proton inbox (if you require) via an alias, or export your emails.

WHY DON’T USE GMAIL

I’m sorry, let me clarify. I have a Gmail address that I’ve had for years, and it’s the email address that my sisters have for me. Since I’ve started using Proton as my default email provider, I have not given any of my Proton addresses to any personal contact, ie friends and family. Although I receive notifications emails about family stuff, I haven’t had to email my sisters in a long time, because I call and text them all the time. E-mail is not our primary way for communicating as a family. It’s partly because of that, I don’t want to use my Gmail address.

WHY I DON’T WANT TO USE PROTON

I plan to have a Proton address that is exclusively used for friends and family. If I needed to send an email that is just for my sisters, I would happily use Proton and encrypt the email with a password. However, if I have to email my sisters, but also include a third party that is a company (eg: plumber, law firm, insurance, etc…), it becomes complicated. It’s easy to send a password via a 2nd communication channel to my sisters. It’s harder with companies.

You could argue that I could do it with a lawyer, and that they should / would be understanding, but my family and I don’t just have to deal with lawyers. It was just an example to illustrate my dilemma.

DOWNSIDES TO USING ALIASES

Do you see a downside to using aliases for regular communication with a group?

In the example I gave, one of the downside I see is that if I use different aliases for a plumber, a law firm, and an insurance company, and I have to include my sisters in all those emails, they have to remember which alias to use for me, depending on which company is being addressed.

It’s easy if all they’re doing is clicking reply to an email thread I started. But it becomes more complicated if one of my sister initiates the email. It could be frustrating for them, even if it’s not that hard.

At the same time, this downside would still exist if I used Proton, because I wouldn’t want to use the same Proton address to email my family that I use to email my lawyer or my doctor. Each of them would have their own proton address (healthcare(1), legal(2), utilities (3), etc… )

GROUP EMAILS SEEM MESSY TO MANAGE IF I WANT TO PROTECT MY PRIVACY

In general, I’m finding that emails to multiple recipients can be complicated regardless of if one is using an alias, or IS sending an E2EE email via Proton to non-Proton users.

It’s not clear to me what happens when the other parties reply to the encrypted email. I haven’t sent an E2EE email to a non Proton user in years. And I have never sent one to multiple recipients.

I know that Proton allows non-Proton recipients to reply with an E2EE email, but does that mean the other non-Proton users in the thread can receive it too. Can they? I don’t know.

When corresponding with a group that includes your sisters, unless your sisters are willing to move away from Gmail whatever email address you use will be revealed to Google (and potentially others), along with the contents of those emails.

If your sisters are going to struggle remembering you have a separate email address for family only, along with any password to open the emails, then I would just stick to using Gmail for your sisters, or create an alias that they can use for everything and you accept a third-party might occasionally get copied in. If in the future you start getting junk-mail, you can create a new alias and inform your sisters of the change of address. Doesn’t sound like you get many emails from your sisters to warrant any stress or inconvenience.

Perhaps Proton support can help answer your questions about group messaging.

You make a valid point. I’ll ask Proton Support. That said, I’m leaning on using an alias for now and see how it goes.