I hate to be negative about new products, but I have to agree with @ph00lt0 here. With per-user subdomains like this, it’s just a persistent identifier that can be used to track you. Data brokers might not be looking for subdomains now, but when this becomes common enough it will be handled no differently than plus-aliasing, which spammers and data brokers already know how to deal with:
There is simply no difference between
firstname.lastname@example.org from a privacy perspective
The other problem—from a spam perspective—is that the non-randomized + subdomain alias approach doesn’t stop spammers from contacting you:
For example, if I give you my email as
email@example.com, and then I disable that alias in SimpleLogin, there’s no possible way for you to email me. How could you know what another mailbox address of mine is given that information?
On the other hand, if I give you my email as
firstname.lastname@example.org and then disable that alias (is disabling aliases possible with your system in the first place?), a spammer can still easily reach my mailbox by replacing
restaurant@ with any other arbitrary string.
I realize that these two things are trade-offs for convenience, especially for offline alias creation situations, but that doesn’t stop them from being legitimate privacy concerns. I think users optionally need to be able to:
- Disable catch-all functionality and only allow emails to pre-defined or generated aliases
- Allow random unique aliases on the @maskmy.id domain without a subdomain identifier
It’s not that your subdomain approach is bad, it’s just that without these features, you’ve really only implemented half of the functionality of competing services like Addy.io and SimpleLogin. There are benefits to both approaches, which is why the aforementioned services provide both options.
Can you create unlimited subdomains?
r/PrivacyGuides remains permanently closed to new posts, but if it makes you feel any better this forum already receives a similar level of traffic from search engines and other sources to what the subreddit used to receive