What makes email alias a better alternative to email plus sign (+)

December 19, 2020 · written by Author Image SimpleLogin team

Email subaddressing, also known as plus sign (+) trick, is popularized by Gmail and now supported by most email providers. It allows creating a new email address by simply appending the plus sign(+) to your current email address.

For example, if your email address is name@email.com, you can quickly create a new email address like name+facebook@email.com for Facebook, name+twitter@email.com for Twitter, etc.

Here’s a closer look at the pros and cons of using the plus sign trick, especially when compared with email aliases.

Plus sign trick advantages

The main advantage of the plus sign trick is it’s easy to use and already available.

If you use email filters, email subaddressing is also very useful. For example, you can set up a filter to move all emails sent to name+groupon@email.com to the Promotion folder.

With subaddressing, you can create an unlimited number of email addresses: just add something after the plus sign and you’ll have a new email address.

If you are a developer or work in QA, being able to quickly create a new email address is very helpful when testing a website or application.

What are SimpleLogin email aliases?

An email alias is simply a forwarding email address. Emails sent to an email alias are forwarded to your original email address.

Like the plus sign trick, SimpleLogin allows you to have a different email address for each website: just create a new email alias everytime you need an email address.

Usually an email alias only allows email forwarding but with SimpleLogin, you can also send emails or reply from your email alias.

Currently there are 4 ways of creating a new email alias in SimpleLogin:

Plus sign trick email address isn’t good for privacy

Though practical, plus sign trick is well-known and your real email address can be easily extracted: one just needs to remove the part after the plus sign. For this reason, if your subaddress appears in an email leak (that you can easily verify on https://haveibeenpwned.com), a bad actor can extract your real email address and uses it for a spam/phishing campaign or to match with other data breaches.

Email addresses that contain the plus sign are sometimes (incorrectly) considered invalid. Even worse, a website can silently drop the part after the plus sign and use your real email address instead.

If you use Gmail, you can’t also reply from the subaddress. When you reply to an email sent to a name+newsletter@gmail.com, the reply will come from your real email address name@gmail.com

Email aliases protect your privacy

An email alias is random and there’s no way to link 2 email aliases to the same person.

For email aliases created with a catch-all domain, they can only be linked together if the domain is known to have the catch-all option enabled. There’s no way to detect whether a domain has this option enabled or to know how many people are using a domain, a bad actor usually ignores these email addresses altogether.

For email aliases created via directory, you can use a different separator than the plus sign to reduce the chance of your email aliases being linked together. SimpleLogin also supports the hash sign (#) and the slash sign (/) as separator and in the future, you can also use directory as a subdomain (i.e. newsletter.simplelogin.fr). You can then either use newsletter/python@simplelogin.fr, newsletter#python@simplelogin.fr or python@newsletter.simplelogin.fr as email address.

Email aliases reveal who are selling your data

If you use a different email alias for each website and one of your aliases starts receiving emails it isn’t supposed to receive, you can be sure that this alias is either leaked or sold.

For example, if your email alias for Facebook receives emails from LinkedIn, that means Facebook has sold your data to LinkedIn or they’ve had a data breach. Either way, you can just disable this alias. Your real email address stays hidden.

Data brokers, a $200 billion industry use your email address as the common denominator to match users between different datasets. Having thousands of email addresses make their job harder and your privacy better.

Email aliases are more flexible

With email aliases, it’s easy to change where emails are forwarded. You can just add an additional mailbox so every email sent to your email aliases is forwarded to both mailboxes.

You can also have more complex setup like having an email alias for a shoping website that forwards to both your mailbox and your partner’s mailbox. Or an email alias for your support team that allows anyone to receive customer requests and reply from the support email address.

Additional protection

On popular email services like Gmail, Outlook, your emails are stored in plaintext, meaning anyone who has access to their servers can read your emails. Even though these services claim to have a strict policy in place and promise they would never read your emails, scandals in the past have shown otherwise. With the recent Twitter hack, an employee can be social-engineered to leak the data or leave a backdoor for hackers.

Pretty Good Privacy (PGP) was created in 1991 as a way to encrypt your emails, texts, files, etc. Used by Edward Snowden, journalists, dissidents, … PGP is highly secure and almost unbreakable.

In PGP, you have 2 keys: the private key that allows you to decrypt the emails and that you should never lose. The public key is public (hence the name) that allows anyone who wants to send you an email to encrypt the email. Only you can then read the encrypted email.

SimpleLogin supports PGP and allows you to use PGP on email services that don’t natively support it. For example, you can use PGP on your Gmail using browser extensions like Mailvelope or FlowCrypt and have SimpleLogin encrypting all emails sent to your Gmail.

Security

Though primarily focused on privacy, email aliases are a good way to increase your online security. Email address is usually used with password as account credential. If you use a different email alias for each website, a bad actor now needs to know both your password and the email alias in order to hack your account.

Recommendations

With multiple advantages over plus sign trick, email aliases is a great tool to protect your online privacy. It’s recommended to use a password manager to help remember the email aliases used on different websites.

Sign up for a new SimpleLogin account to explore how email aliases can help protect your online privacy. If you have used email aliases in the past, you might be surprised by how easy it becomes now ;).