Email aliases to fight off spam and improve security

If you use an email long enough, you know how much spam that email will get - some even pass through the filter and reach your inbox. When this happens, you can do three things:

  • Add filtering to delete emails from a specific domain/email address automatically

  • Ignore them as always and keep using your email

  • Declare email bankruptcy and move to a new email

As part of my journey to improve security and account hardening, I started looking for an email forwarding service. I could create random aliases for different services, permitting me to create new emails and forward them all to a single place.

Ideally, the final email would never be used, which means that the only way this email could get hit by spam is if you used it somewhere or if one of the email aliases received it.

Enter SimpleLogin

The free plan of SimpleLogin allows you to create 10 aliases to forward to a single email address. It also allows you to reply directly from your alias; this prevents you from leaking your original email address to any message. SimpleLogin is also open source, which is an essential aspect for me.

Using the service is pretty straightforward. Once you connect your email to SimpleLogin, you can create a custom alias or generate a random one. You can also generate temporary aliases and disable them after some time. The settings are also brilliant and allow you a great deal of control.

How it helps fight spam

This is all great, but you may be thinking:

"How does all of that will help me fight spam?"

Glad you asked. Once you receive an email from an alias, SimpleLogin allows you to block the sender, so even if the sender tries to send you more emails, they get blocked and will never reach your inbox.

As I mentioned above, it also allows you to generate temporary aliases, generating some for a set period and rotating them.

If you subscribe, you can even go a bit crazy (like I did) and generate a single alias for each website where I have an account. The fun thing with this approach is that you know who might have sold your email address, making it easier for you to delete your account with these services.

Moving a domain to SimpleLogin

I used a forwarding service with my primary email address from this domain. Although, I wasn't thrilled with it. Not only did the service expose the original email through a DNS checker, but it also didn't provide DMARC records.

SimpleLogin provided all that for me, so I didn't have to worry too much about email forwarding other than updating the DNS records.

The service also allows you to create catch-all aliases for your domain names, although that isn't recommended if you want to fight off spam, since folks can type any email address with your domain name, and you will get the email.

For example, would create a new alias with the name i-really-want-to-spam-you, and the email would be forwarded to your original inbox.

The not so great

Okay, so this entry is starting to sound like I will get anything from SimpleLogin (I don't). Let's now look at the not-so-great aspects of the service.

It's unclear what you need to do if you want to reply to an email that was forwarded to you with the alias. You don't need to do anything, just hit reply and SimpleLogin will use your alias to send the reply.

If you haven't received an email from this email address, you need to add it to your contact list so SimpleLogin can generate a reverse-alias. To send a new email to a contact, click the contacts button and copy the reverse-alias from the list. SimpleLogin will then use your alias to send this email.

Look at the documentation for sending emails to learn more about how this works and how to add an email to your contact list.

As I mentioned above, the settings are great, but it can be confusing to know what each one of them does. You should refer to the documentation to know what each bit does.

Closing thoughts

It's pretty clear that I enjoy SimpleLogin. Not only it helps me with various email forwarding scenarios. It also allows me to create new aliases for each new account. This is important for account hardening since I can generate a new email alias and delete the breached alias.