Data Breach Defense: Email Masking

What is Email Masking?

Email masking services allow you to create unique, random email address for each situation where you would need a functional email address - signing up for a website, subscribing to a newsletter, etc - and have them forward to your true inbox.

Why do I Need Email Masking?

Consider the following: a random online account of yours gets caught up in a data breach. When you registered for this account, you registered with your main email, yourname@gmail.com. There are now a variety of ways that I can search for this email address to see where else you have accounts, such as Twitter, Facebook, even bank accounts. Furthermore, I can see from your email address that you use Gmail and I already have one half of your login. Now I just need to guess your password.If I take over your primary email, I can easily take over all your other accounts by abusing the password reset option. Another peripheral benefit is the ability to control spam. If one of your email addresses gets sold or breached (or the service you gave it to just sucks) and you start getting spam, you can simply disable it and no longer receive that spam.

Below I have listed two services that offer email masking. Both services offer a free tier that should work just fine for most users, but offer additional useful features for paid users. I have signed up for both and found them both to be functionally the same. The only real difference between the two services is their user interface and their pricing, both of which are affordable and reasonable. I encourage you to try both out and go with whichever one you find most appealing.


AnonAddy

SimpleLogin

(Non-Affiliate Link)
  • Open source
  • Supports PGP
  • Multiple inboxes
  • Works with custom domains

Getting Started + Tips & Tricks

Like the other tools I have suggested on this site, I encourage you to make the changes one by one. Every time you use a website, take a moment to change your email address to a masked, forwarding email address. I then encourage you to use your masked email addresses going forward.

The biggest tip I have for using these services is to not use them for critically important accounts such as banking, medical, or other accounts you cannot afford to lose access to. Email forwarding services are still relatively new and are constantly getting blacklisted by various companies. Have a separate encrypted email account for use with important services, or ideally a custom domain.