Kelvin Chan, Associated Press business writer
LONDON (AP) – I’ve heard of the Burner phone. How about burner email?
Many on the Internet require you to hand over your email address before using the service, until you sign up for a newsletter or redeem a special offer online from the app you downloaded.
But who says you need to give your real email address? If you are asked next, consider using email masks.
More and more services are offering spoofed email addresses and conveying messages to real addresses. Experts say this could be a powerful tool for protecting privacy and security.
Here are some pointers on why and how to do email masking.
Mask on
The idea behind email masking is simple. The masking service provides randomized addresses that can be used as decoys rather than actual emails. It could be a series of unrelated words, or a series of letters and numbers. When someone sends a message to a burner email, it will automatically route to the address without anyone knowing it.
Providers include email protection services from the privacy-centric search engine Duckduckgo, as well as independent services such as the Firefox Relay from browser manufacturer Mozilla, the email service Fastmail and Addy.io. Encrypted Service Proton Mail offers email masking with a password manager and a standalone SimpleLogin service. There are many more.
This is one of the features Apple offers from users who subscribe to iCloud+ or Apple One services. If you need to enter emails using the Safari browser app on your iPhone, tap on the field above the keyboard on the screen and “Hide Mail” to create a random address as an alternative.
It can also be used on Mac computers using the desktop Safari browser or the email app. Even if you are using a different browser or app, you can still go to iCloud settings and create a random email address manually.
Important features
Most services come with free versions with basic options and premium tiers with more features.
Some free services only accept emails, but you cannot reply to them. However, the key feature that users should look for is their ability to do both, said Andy Yen, CEO of Proton.
“Maybe you may not reply to the newsletter. That’s fine,” Yen said. But, for example, if you buy something online using an email alias, and there is a problem with the order the site needs to ask you, that’s the problem.
“The ability to respond afterwards is actually very important,” he said.
Most masking services have a dashboard control panel that allows you to view the various alias addresses that you have activated. If you notice that you are beginning to get a lot of spam, turn it off.
When should I use it?
Mask emails if you want to add an extra layer of privacy or protect yourself from data leaks and unauthorized sharing of information.
Santiago Andrigo, Principal Product Manager at Mozilla, says email masks are “a generic tool that can be used in any context.”
However, he recommends using it in two important situations. The first is when you don’t know what the website will do with your email address.
“Masking emails gives you control. Once you start receiving unwanted messages, you can easily block emails that appear in that email mask,” says Andrigo.
The second scenario is “where the relationship with the service may reveal sensitive personal information.” For example, if you join an online community for a particular medical condition or minority group, a data breaches could expose your participation.
The email fails
There are countless reasons why you won’t give your email address to those who want it.
It can be sold to a marketer or a suspicious data broker and erode your privacy by helping you build your profile for legitimate or negative purposes.
If your address ends on the wrong mailing list, it could lead to more junk or phishing emails. Additionally, if an online service is hacked, attackers can turn it off with login, password, or other personal information.
Using a unique password for all online accounts (usually with the help of a password manager) is a good cybersecurity practice. “But the real problem for any user is that the password is not actually leaking, but actually the email is leaked,” Yen said.
Changing your password after a data breach is a standard practice, but changing another sensitive information, email address, is much more difficult, unless you are using a mask.
The wrong solution
There are other so-called hacks you may have heard of.
You can set up a Throway account with free email services such as Gmail and Yahoo. But doing this can be a hassle.
Some Gmail users add a plus sign and an additional phrase or letter combination between the username and the @ symbol. It helps you track who shares your address and filter messages.
But “From a privacy standpoint, it doesn’t do anything,” Yen said. “Because people can simply take the positive and get their original address.”
How about the guy in the middle?
The email mask uses a server to relay message traffic between the sender and the recipient. So how can you verify that these servers are private?
Find a reputable provider that promises not to keep your message. If you are shopping for email masking services, Yen recommends that you check if it has a “appropriate terms”, a privacy policy and is based on a jurisdiction that may be legally liable.
“We’re very clearly saying that we don’t keep a copy of what goes through the server,” Yen said.
Firefox Relay said in its FAQ it does not read or store messages.
“If you can’t deliver the email, we’ll send it to the server and delete it after it’s delivered (it won’t last for more than three days).”
Apple says it “does not read or process content” in email messages that hide emails, except for standard spam filtering.
“All email messages are usually delivered within seconds and then removed from the relay server,” says the iPhone maker.
Barbara Ortutay, an AP technology writer in Oakland, California, contributed to this report.
Are there any technical topics that you think need to explain? Find suggestions for future editions of One Technology Tips at OneTechtip@ap.org.
