My email addressing strategy: multiple personas / custom domains / aliases

I started to migrate to Proton email a few years ago. Every time I need to give my email, I give a SimpleLogin alias. But when I am giving a generic @SimpleLogin.com alias to a real person, they always ask me if this is my real email, and followed by why I am so concern about privacy, and from who i need to hide so much. I want to avoid this.

I would say my main concern (or threat) in my email strategy is keeping my privacy and avoiding get spammed, while having a permanent email for my long term contacts and having professional / cooler own domain email in my resume.

While I don’t care about:

• full anonymity: for this I would register a domain thru nyal.la, but I do not need it,

• spending a few hours in order to update all my online accounts’ emails after an email provider switch. I do not use to switch email providers very often, like once every 10y. So I do not need a switch off / plug in solution. I do not mind spending a whole weekend updating my accounts’ emails.

But I am concern about:

• I want to reduce my exposure to big techs. Mitigation: proton-mail or tutanota as email provider.

• Most of my online accounts allow me to update the email, other times this task is not so straight forward. Like when I am switching email providers I do not want to inform all my lifelong contacts about my new email (otherwise I don’t care to spend a few hours updating my online account profiles). Mitigation: I need to own a domain for such cases.

• I want to be quite untraceable to casual stalkers: I want to avoid my neighbor, employer, or any person could find my online forum posts and accounts by using OSINT techniques. Otherwise, I am not looking for privacy at 3-letter agency level. Mitigation: register my online accounts with random usernames and email aliases. In this cases a @SimpleLogin.com alias is preferable over my own domain alias. They avoid account correlation by my custom domain.

• I want to avoid to get spammed, if any of my contacts or online accounts leak my email.
  Mitigation: give always an unique and independent email alias, even with my owned domain emails.

• I do not want to give a generic @SimpleLogin.com alias to my landlord, on my resume, work colleages… It looks weirdo. I do not want my contacts are aware that I am so concern about privacy. Mitigation: in these cases I need to be able to create aliases with my own domain. They will follow a pattern like hi_???@firstname.me, where ??? is a set of 3 random alphanumeric. The random part of an email like hi_w3x@firstname.me might looks a bit weird but not too much.

• I would like to segregated my personas:

  • I would like to avoid that my work related contacts (work colleagues, employers, head hunters…) could find by OSINT techniques any account related to my personal persona.

  • In the same way, I would like to avoid that my personal persona contacts (neighbor, dentist…) could find my professional persona online.

  Mitigation: owning 2 different domains, in my case the TLD are like firstname.me (for personal use) and firstname.dev (for my IT working stuff). I am already owning these 2 domains (kind of leasing).

• Sometimes I need to give my email to a person, while I want to be long term reachable by them, I want to protect my real identity. Maybe I do not want to disclose my real name at early stage. The issue is that my personal persona email contains my real name within the domain (this is a limitation), but might be the case where I do not want to disclose my real persona.
  Mitigation: the email I am giving here should belong to owned domain but not the one with my firstname in it. So I need a 3rd domain, hi-alias@generic-domain.com, and don’t own this yet, I am bit pissed off for having a 3rd domain just for this cases, maybe a good enough mitigation for this threat would be just using a fixed proton email address for these cases. If I need to switch email provider, or I inform them or lose them.

• Generally I like to reveal the minimal information about me. Mitigation: So even if a service knows my identity, they do not need to know that I own the firstname.[me|dev] domain. If I can update, even if it is in my bank/government, in their website my associated email, I don’t need to use my own domain email alias. A @simplelogin.com domain alias will work as good, and in case of data breach I am reducing the amount of data leaked.

• I want to reduce the risk of losing the right on my own email domains due to an expiration. Mitigation: I will keep my right on the domains for the longest period possible (or at least for 5y). So I make the initial purchase for 10y, and then every year I will buy a one more year. Always keeping this 10y frame. This avoid forgetting a domain renewal due to long trip or sickness. Switching registers in between in not a problem, you keep the rights on your domain. Most domain registrars have a functionality to allow another user renew your domain for you, but I do not think it required unless you plan to be in jail for over decade.

• I want to avoid circular dependency with my emails where I have a problem with my email setup or domain, my registrar tries to notify me by email, but emails do not reach my inbox. Mitigation: use a @pm.me alias with my registers and name-servers.

• I want to avoid my name-server (Cloudflare) bans my Cloudflare account for any kind of traffic issue (they have quite long resolution periods for free accounts) and being totally locked because Cloudflare is your domain registrar. Mitigation: decouple your name-server provider than your domain registrar. Namecheap is a bit more expensive than Cloudflare (PorkBun is cheaper than NameCheap) but they have a kind of 24/7 human customer support.

• By now it might look too complicated, but I would like to have easy to apply and easy to maintain scheme that I could keep for years without burning me out. Mitigation: when I am giving an email I just have to answer to myself the following 2 questions.

Proposed solution:

• I will own 3 domains, one for each persona (personal, professional and non-disclosed identity). Or maybe just 2 + one proton email for non-disclosed identity scenarios.

• I will setup these 3 owned domains in SimpleLogin, all them pointing to my unique proton email inbox.

• I will never share my real proton email address.

• when I will need to give my email I will need, at most, to answer these 2 questions:

  → am I gonna be able to update easily this account/service email in future?
     → yes: alias@simplelogin.com // don’t need to use a custom domain
     → no: what persona I want to associated this email to?
         → personal: alias@firtname.me
         → IT professional: alias@firstname.dev
         → non-disclosed ID: alias@generic.com (or whatever@pm.me)
  

Final thoughts:

• I believe this ends in a simple solution and easy to execute.

• It is extendable, if later in life I want to add a new persona. I just need to add the new persona’s email into my SimpleLogin.

• If some day I would like to get rid of one of my personas email (like my professional one), this do not affect my personal persona emails.

• The factor key to decide when I need to use my custom domain or a generic simple login, it is not if the other side knows my identity. This is not the relevant factor. The key is if I will be able to update easily that account/service email when needed. If I can update it easily I will keep a generic domain alias@simplelogin.com even if it is for banking or gov. If they do not allow such domain, I would a my personal domain alias.

• I use when I can alias@simplelogin.com over alias@firstname.me to make difficult the correlation among accounts. Otherwise, even using aliases any data breach with my domain will be pointing to me.

• In case I need to migrate to another email provider, I could complete the task in a weekend.

• It’s a kind of cool to me, having my own firstname.me and firstname.dev as email domains. But it has some flaws:

  • my first email was firstname@hotmail.com and I got a lot of emails from random people thinking I was their friend, or receiving a intimacy email from a namesake’s girlfriend, crazy but many people used my hotmail email as their recoverable email in other email accounts. At least my today email domains are not firstname.com; .dev and .me are quite niche, prob unknown for non tech-savvy people.
  • it contains identifiable data of myself, it is just a domain but they reveal my real name. So I can’t use them when I do not need/want my real identity.

Generally solid strategy.

This looks solid, sustainable long term.

One Smart Improvement: Add a “Buffer Layer” Domain

Right now you have:

• firstname.me → personal

• firstname.dev → professional

• generic.com (maybe) → non-disclosed

• All routed through SimpleLogin → Proton

The only structural weakness:

If Proton or SimpleLogin ever becomes unavailable (account lock, policy change, billing issue, political issue), all three personas go dark at once.

Suggestion: Add a hidden “infrastructure domain”

Instead of routing everything directly to Proton, do this:

Persona domains
   ↓
SimpleLogin
   ↓
inbox@infra-domain.net  (not publicly used)
   ↓
Proton

That infra-domain.net:

• Is never shared publicly

• Exists only as your internal routing layer

• Can point to Proton today

• Can point to another provider tomorrow

If you ever migrate away from Proton:

• You only change forwarding target once

• No need to reconfigure 3 persona domains separately

• No need to notify contacts

It reduces blast radius dramatically.

Yes, that was the exact same weakness I noticed, but instead of using a hidden infrastructure domain, I would suggest self-hosting email infrastructure at that advanced stage instead.

Thanks @bulletproof for your detailed feedback.

However I do not see a substantial benefit adding a infrastructure domain, but maybe I am missing sth.

If I have an issue with Proton, I think I could forward all my aliases (generic SimpleLogin and owned domains ones) to another email provider in a matter of minutes. Not need of infrastructure domain.

But an issue with SimpleLogin is way more problematic. I have not used any other email alias service, so I do not know if the migration of my owned domain aliases would be straight forward;
and about the generic SimpleLogin aliases, with or without infrastructure domain, is gonna be highly time consuming, in any way, I would need to reset every online account email with generic SimpleLogin alias.

But since SimpleLogin is owned by Proton, any problem with one of them would probably affect the other.

So adding the infrastructure domain just help a migration from Proton, but this is a minor issue. The real problem is migrating from SimpleLogin and on that this solution does not help.

do you think .me is a good long term TLD?
is there a risk that they will become greedy and start raising prices?
it might be a better idea to use a .com or .net for personal email?
currently .me are a bit more pricy than .com/.net/.org, but it is not a lot more,
otherwise I do not want to end paying a lot just because .me become fancy domains,
it would be tight to my personal email, so I wound not like to get rid of it once I would start to use it

as I mentioned in the past, many people used my first email address, firstname@hotmail.com, to sign up on all kinds of services.
might it be a better idea to have a more obscure domain for personal email something like @firstname-mail.com?
something that would never occur to anyone by chance

also my firstname.net domain is available, but a personal email .me sounds better to me

No, many if not most non-generic TLDs have technical issues when configured with an email server against e-commerce checkout flows. However, if you do not use email addresses for this specific purpose, then you should be fine.

Yes.

Yes, although I personally use the .org TLD.

Yes.