Thanks for pushing me to clarify my thinking - your comments were helpful. After more reading, I realized I was conflating some concepts around email aliases. There seem to be three main tools:
- Mailbox - Where messages actually land.
- Third-party alias - An alias provided by a service like SimpleLogin.
- First-party alias - An alias on a domain you control.
It’s clear you shouldn’t actually use your mailbox address, for both privacy and convenience - it ties you to one provider. For family accounts, a shared mailbox is convenient if only one person checks mail.
Any aliasing on a paid mailbox has limits - exploits could connect an alias to the mailbox. So paid mailboxes don’t suit threat models around political speech or avoiding doxxing. (I include forum accounts here.)
So if we’re not concerned with those threats, first-party aliases are acceptable and allow you to change mailbox providers. When and whether to reuse an alias depends on your situation. (You could still use third-party aliases as a light shield.)
In summary:
-
If you want hidden online identities, use a free mailbox + third-party aliases. E.g. ProtonMail + SimpleLogin.
-
If you need to make purchases under your name, use a paid mailbox and domain, with convenience and shielding guiding alias choices. e.g. give an IoT subscription a dedicated alias.