Why obscure my email address on serious accounts?

Note: I’m thinking about “serious” accounts here like bills, taxes, doctor, subscriptions, shopping. I already use throwaway addresses for social and forum posts.

I already use a password manager with unique passwords for each account. I considered also using separate email addresses for each account, but I’m questioning if that’s necessary.

My thought was that unique emails would limit the impact of a data breach. However, a breach often includes more sensitive information like:

  • Social Security Number
  • Driver’s license number
  • Credit card numbers
  • Medical records
  • Tax ID number

In this context, my email address seems less important. A criminal opening a bank account in my name likely uses their own email.

I imagined duplicate emails in multiple breaches would allow easier collating of my information. While convenient, there are other unique identifiers that could be used, and sophisticated identity thieves likely collate records in this way already.

Mitigating this kind of large-scale identity theft is likely beyond what I can handle through minor opsec changes. There are better ways to prevent, detect and deal with identity theft.

So if email address reuse doesn’t aid data aggregation much, then managing separate addresses has little benefit to offset the effort required.

However, I’m open to other perspectives:

  • Is collating records without an email address harder than I realize? If so, separate addresses could help.
  • Does a breached email expose me to additional threats I haven’t considered?

Even if we assume the leaked data is linkable (which it often is not, for example if it was scraped via a vulnerability it’d only be partial), you can at least disable the address and make a new one to avoid spam

It’s essentially a free mitigation that may or may not save you from nuances whenever the site gets hacked in one way or another


you can at least disable the address and make a new one to avoid spam

I feel that spam filters are pretty good these days, and spam is annoying but low impact as a threat.

But I guess it does open you up to phishing, and the phisher could specifically try to use your PII to appear trustworthy. (“We’re messaging you about your account ACC123456.”) If you deleted a single-purpose address they couldn’t make the attempt.

3 reasons off the top of my head:

  1. The initial (and still primary) purpose of e-mail aliasing services is spam prevention. It is certainly not great if your SSN or your CC # is exposed in a breach. But you can’t spam a SSN, you can spam an e-mail address (with ads, with phishing emails, etc).
  2. It makes it easy to identify who sells or shares your private data (or has been breached) if you use a unique e-mail per account. (additionally make it less likely that a breach on Account A will effect Account B)
  3. Say your CC company is breached and your name, address, email, ssn is compromised. Now say some scammers use that info to try to create a convincing phishing email pretending to be the IRS (tax collectors). If you use the same email address for your IRS account and your CC account, it might look pretty convincing, however if the phishing email pretending to be the IRS is sent to cc-company@your-domain.tld" instead of “irs@your-domain.tld” it gives you one more obvious red flag to hopefully alert you to the fact it is a phishing email.

Very much so.

Rule of thumb here is: for any serious matter use your real mail address; for everything else: throwaway one.

Very much so. At any given time there are always threats (threat models) that we dont know about and, as a consequence, are unable to (successfully) defend against. Thats because (cyber) criminals are always (well, most of the time) one step ahead of us. Thats also why AVs exist.

Thats exactly what SimpleLogin offers you to do with their aliases. To put things simple: get spam on your alias? Just disable it and you are spam free again :slight_smile:

1 Like

This is a good point. I assume AI is going to make collation and spear-phishing easier and more effective.

1 Like

I thought this was answered pretty well in the other thread but okay.

These things are all tied to a known identity so the only real benefit is if in the event some details were leaked from one of those systems.

As they are tied to your identity, I probably would only use a domain that you own, or trust.

They would yes, and provide other documents they have to do so.

There really isn’t much you can do about that.

For things tied with known identity, there isn’t really a whole lot of benefit. These are fairly trustworthy things. Maybe you could use mail extension aka plus address and not even bother with Simple Login and a custom domain.

Simple Login would however be useful in situations where you want to have an unknown identity, like some random internet forum (like this one) for example.

1 Like

Thanks for pushing me to clarify my thinking - your comments were helpful. After more reading, I realized I was conflating some concepts around email aliases. There seem to be three main tools:

  • Mailbox - Where messages actually land.
  • Third-party alias - An alias provided by a service like SimpleLogin.
  • First-party alias - An alias on a domain you control.

It’s clear you shouldn’t actually use your mailbox address, for both privacy and convenience - it ties you to one provider. For family accounts, a shared mailbox is convenient if only one person checks mail.

Any aliasing on a paid mailbox has limits - exploits could connect an alias to the mailbox. So paid mailboxes don’t suit threat models around political speech or avoiding doxxing. (I include forum accounts here.)

So if we’re not concerned with those threats, first-party aliases are acceptable and allow you to change mailbox providers. When and whether to reuse an alias depends on your situation. (You could still use third-party aliases as a light shield.)

In summary:

  • If you want hidden online identities, use a free mailbox + third-party aliases. E.g. ProtonMail + SimpleLogin.

  • If you need to make purchases under your name, use a paid mailbox and domain, with convenience and shielding guiding alias choices. e.g. give an IoT subscription a dedicated alias.

In the case of Simple Login, that is now owned by Proton although it is a separate company:

You can also have domains on simple login (which are yours and not shared with other users).

Shared mailboxes aren’t really possible with proton because of E2EE, there are shared accounts perhaps. You still would have accounts for each people. I generally advise against the whole “couples sharing an account thing” even for old people nowadays because you generally have specific credentials to individuals eg government services etc and those simply are not shared.

That isn’t really possible, because the email is physically forwarded through the alias servers and on to the destination, likewise, the email leaving there same thing in the opposite direction. TLDR not a concern. The only real way around that is lawful interception by the provider, and if that is part of your threat model no email account will be suitable.

What you can do is have paid mailbox with known identity and then an alias for the other things which simply “pass” the email back to your main mailbox.

Just because you pay for something doesn’t necessarily mean the provider is going to give up details. TLDR if your behavior is not causing risk to them then they generally have no need to.

To be honest I think this is a bit of back-to-front way of looking at it and can be simplified a lot to:

  • Known identity - anything tied to your credit card, physical address/mobile number, use @family.com
  • Unknown identity - anything else, you may choose to have a domain or not with privacy protection

Simple Login and aliasing services can be used in both situations. For example you might have:

  • @family.com associated with your known identity and then
  • some word.com associated with your unknown identity. Make sure to pick a domain registrar that has domain privacy features to hide info from whois records.

You may very well skip registering a second domain, and just use the ones that Simple Login provide - if you do that just be mindful not to use them for things you really care about as the accounts may become locked. Typically companies like Amazon might do this.


To be honest I think this is a bit of back-to-front way of looking at it and can be simplified a lot to…

This is simpler, thanks!

Shared mailboxes aren’t really possible with proton because of E2EE, there are shared accounts perhaps. You still would have accounts for each people.

I was thinking more that jane@family.com and jim@family.com could both point to mailbox@protonmail.com (as well as shopping@family.com)

I agree there may be specific cases where you want individual mailboxes, but for every day stuff (“Did they send the link to you or me?”) this would be awesome.