[HN Gopher] Firefox Relay
___________________________________________________________________
Firefox Relay
Author : charlieirish
Score : 284 points
Date : 2021-01-25 14:44 UTC (8 hours ago)
(HTM) web link (relay.firefox.com)
(TXT) w3m dump (relay.firefox.com)
| jannes wrote:
| Here is the list of permission the extension requires:
|
| - Access your data for all web sites
|
| If even the browser vendor can't do better than requesting access
| to everything I'm not surprised that we end up with extensions
| being sold and abused (for their permissions).
| groovecoder wrote:
| (Relay tech lead here)
|
| Yeah, the all_urls add-ons are always concerning. We have an
| issue filed to move that to optional_permissions instead, but
| need to get the UX right:
|
| https://github.com/mozilla/fx-private-relay/issues/252
| jpalomaki wrote:
| I would like to see these extensions only activating when I
| click them on toolbar.
|
| Most extensions I could consider are only needed for few pages.
| r2b2 wrote:
| I built Owl Mail [https://owlmail.io] to solve this same problem.
| I think you will find Owl Mail a fast, easy to use, and overall
| delightful alternative to FF relay.
|
| Congrats to FF Relay - more products in this space will be a win
| for better privacy online :)
| imrankhan17 wrote:
| So this is like a VPN but for email?
| gspr wrote:
| That's nice and convenient, Mozilla, but _Firefox the browser_ is
| an essential piece of software at this point. How about focusing
| your precious cash on that?
| nexthash wrote:
| Essential, but maintaining a browser in the face of enormous
| competition from Google and Microsoft is tough. If you support
| Firefox with these new endeavors, you are helping preserve the
| browser as well. Since times are changing, Mozilla must either
| adapt or be out-competed.
| gspr wrote:
| How, exactly?
|
| I'm happy to donate to Mozilla. If the money is spent on FF.
| devj wrote:
| Since Firefox has partnered with Amazon(SES) to filter spam, does
| it mean that Amazon can read our emails too?
| groovecoder wrote:
| (Relay tech lead here)
|
| It's in the privacy policy (https://www.mozilla.org/en-
| US/privacy/firefox-relay/), but yes - the emails are sent thru
| Amazon SES in plaintext.
|
| We have kicked around the idea of enabling + preserving E2EE
| emails thru Relay, but ... it's tricky.
|
| https://github.com/mozilla/fx-private-relay/issues/360
| dastx wrote:
| Is this something similar to https://simplelogin.io/? If it is,
| simplelogin is a self-hostable solution. If you're really worried
| about privacy, this would cut out the possibility that Mozilla
| might be reading your messages.
| sacred-rat wrote:
| I have been using AnonAddy[0] for this, with great results. I
| initially used Firefox Relay, but switched to get more than 5
| aliases. AnonAddy also recently added support for replies.
|
| [0] https://anonaddy.com/
| decrypt wrote:
| I thought support for replies was available for a long time.
| Happy SimpleLogin [1] customer here, which has a pricing
| similar to that of AnonAddy's highest tier.
|
| [1] https://simplelogin.io
| pj1115 wrote:
| This looks great. What I couldn't easily find for any of
| these services was a comparison with just using a catch-all
| address. I already have that in place. What sold SimpleLogin
| and AnonAddy for you?
| sacred-rat wrote:
| Looks like it came out Feb last year[0], so it has been out
| for awhile. I just learned about it recently.
|
| [0] https://anonaddy.com/blog/sending-email-from-an-alias-
| and-up...
| 6ak74rfy wrote:
| Seconding the recommendation.
|
| One of the best things about AnonAddy is that it allows you to
| create aliases on the fly. So, I hardly even need to visit
| their website, browser extension or anything.
| cimnine wrote:
| Cool, the source is available: https://github.com/mozilla/fx-
| private-relay
|
| Edit: I've previously claimed it to be open source. But there's
| no License currently that would indicate that.
| vaduz wrote:
| Source available, at best, not open source. Licence is missing
| in both the code and in the terms page [0] unless I am going
| blind.
|
| Edit: if I am going blind, I am not the only one [1]
|
| [0] https://www.mozilla.org/en-US/about/legal/terms/firefox-
| rela... [1] https://github.com/mozilla/fx-private-
| relay/issues/773
| cimnine wrote:
| You're right. I've updated my comment accordingly.
| Macha wrote:
| package.json lists it as MPL at least:
| https://github.com/mozilla/fx-private-
| relay/blob/18d491db346...
|
| Hopefully they make it clearer
| groovecoder wrote:
| (Relay tech lead)
|
| Oops, thanks for catching that. We'll add a LICENSE file.
| yumraj wrote:
| Why can't Mozilla launch a freemium email service is beyond me.
|
| Free email with Firefox domain. Paid with custom domain.
| nexthash wrote:
| This is most likely due to the enormous capital needed to start
| such a service. I suspect if they were successful it would be
| all-paid at first.
| yumraj wrote:
| I'll pay Mozilla and based on prior discussion on HN, I'm
| sure a lot of people will pay Mozilla for a paid email
| service just because of their reputation.
| seqizz wrote:
| From wikipedia:
|
| > In 2006, the Mozilla Corporation generated $66.8 million in
| revenue and $19.8 million in expenses, with 85% of that revenue
| coming from Google for "assigning [Google] as the browser's
| default search engine, and for click-throughs on ads placed on
| the ensuing search results pages."
|
| I don't think Google would like it.
| Bishonen88 wrote:
| And what happens when FireFox decides to drop this option 1-2
| years into the future? I reckon they'll give time to change the
| email address on all the pages one used it for, but still...
|
| nvm, it's in the FAQ:
|
| "What happens if Mozilla shuts down the Firefox Relay service?
|
| We will give you advance notice that you need to change the email
| address of any accounts that are using Relay aliases."
|
| Note that one cannot reply using this service (yet). So the whole
| anonymity is gone as soon as one wants to contact some service
| without disclosing the real address (?)
| megous wrote:
| You usually don't need the address you registered some account
| with to change account email to something else.
|
| Services usually just verify you control the new email address.
| maxrovertsb wrote:
| It's nice that they are being transparent about it.
| m-p-3 wrote:
| > And what happens when FireFox decides to drop this option 1-2
| years into the future?
|
| The same thing if any other company did it. That said, I do
| hope they'll offer an option to pay for more email relays which
| could also ensure its viability. Having 5 relays for free is
| nice, but I'd personally use a unique address per service.
| groovecoder wrote:
| Howdy. I'm the tech lead on Relay. We're working on replies
| right now:
|
| https://github.com/mozilla/fx-private-relay/pull/770
| lecarore wrote:
| While you're here, can you test the relay dashboard (where
| you can create aliases) on Firefox for Android 84.1.4 ? The
| scroll is incredibly sluggish, I don't know what scroll
| effect you added but please have a look. It's a bit
| unfortunate for a Mozilla service ^^ I can provide you a
| screen capture if needed.
| mk89 wrote:
| Just a proper email provider that offers this features.
| Fastmail, GMX, ...
| eloisant wrote:
| I'm probably going to use it for "throw-away" email. As in, I
| just need to receive a link right now so the service think they
| have my real address, after that the alias might as well be
| trashed.
|
| The only thing I'm worried is that this domain will soon be
| blacklisted by services (especially those I don't want to give
| my email address to).
| josepmdc wrote:
| For that use case you can just use a temporary email provider
| like temp-mail.org which are harder to blacklist since they
| have a lot of random domains.
| SamuelAdams wrote:
| Yep I often use "ten minute mail" for this too.
| tyingq wrote:
| I do miss Firefox Send.
| lights0123 wrote:
| https://news.ycombinator.com/item?id=25524472 is certainly
| not a complete replacement, but most of the time I used it
| locally so that would work.
| decrypt wrote:
| Same. I have been using Tresorit Send [1] and Visee's
| (developer of ffsend CLI tool) Firefox Send instance [2] in
| the meantime. Visee is also looking for donations [3] to
| support hosting of that instance.
|
| [1] https://send.tresorit.com
|
| [2] https://send.visee.com
|
| [3] https://gitlab.com/timvisee/ffsend/-/issues/100#note_3763
| 163...
| jwineinger wrote:
| > Firefox Relay supports email forwarding (including attachments)
| of email up to 150KB in size
|
| > Any emails larger than 150KB will not be forwarded.
|
| I'm not sure what to think of the size limitation. I wonder what
| percentage of emails are under that.
| tandr wrote:
| They probably going to remove this restriction as part of
| payable services.
| allendoerfer wrote:
| Will be added to the list of domains people cannot use to sign up
| for accounts. In my experience, this only works on small sites.
| asiachick wrote:
| Agreed. Sites will just say, "relay.firefox.com" email address
| are not allowed. By definition they know it's not your real
| email address
| cmeacham98 wrote:
| In my experience it is the other way around.
|
| Big name websites generally have enough users that email "just
| works". Smaller websites are more likely to use misguided
| measures such as a bad email validating regex (hello to anyone
| with a non-standard TLD!), only allowing gmail, or blacklisting
| domains like these.
| tutfbhuf wrote:
| One time email domains and email forward services are usually
| blocked, there are very long block lists for such domains.
|
| From my personal experience it is best to have a secondary
| email account on a provider that is usually not blocked (like
| gmail), to keep your primary email account clean.
| throwaway123x2 wrote:
| I have a .family TLD as my primary address that gets refused
| because of bad regex half the time and consigned to spam the
| other half :(
| martin_a wrote:
| > use misguided measures such as a bad email validating regex
|
| Ever heard of Magento? They have that built in, at least in
| version 1. But it's a fixed list with "valid TLDs", anything
| not on that is not accepted when registering.
|
| Feels strange, when you can't register on your own shop...
| organsnyder wrote:
| I use a .dev domain for my main email address, and I
| occasionally encounter sites that don't accept it as valid.
| Even worse, sometimes I could create an account but then
| something would be broken, such as when I could log in to
| Best Buy via their mobile app, but not their website (or
| vice-versa--I can't remember for sure). I'm assuming I get
| hit both by incomplete whitelists and ill-advised
| blacklists.
| lxgr wrote:
| +1, and ironically I remember seeing both "must use Gmail"
| and "must not use Gmail" in the past...
|
| The only correct to validate email addresses is to just send
| a message there and see if the user can click the
| confirmation link.
|
| Chances are that would be the next step in any signup flow
| anyway, so why introduce this artificial middle step of
| "validating the email address"?
| lxgr wrote:
| I've always been extremely annoyed by these attempts to "detect
| fake email addresses/accounts".
|
| People can have more than one email address, so if your goal is
| "one account/offer/trial membership per real person", email
| ain't the way to achieve that, period.
|
| Even worse are sites that disallow registering via "freemail
| providers" and require you to "use your ISPs or employer's".
| (Haven't seen this one in a while, but it definitely used to be
| a thing.)
| notsureaboutpg wrote:
| The goal isn't to have one account/offer/trial per person,
| the goal is to ward off bots and spammers who are going to
| misuse your service. Since they know they are doing that and
| they know they could be held liable for what they do, they
| use sketchy disposable email addresses.
|
| My sites and apps have a blacklist and we don't allow email
| accounts from those. It's just me running this thing. If I
| had the security and engineering workforce of even a mid-
| sized tech company, I wouldn't have to do this. Alas.
| r2b2 wrote:
| Only if Firefox makes it easy and free to create unlimited
| addresses and/or disposable address.
|
| I use owlmail.io for hundreds of accounts (major sites
| included) and haven't had an issue.
| SV_BubbleTime wrote:
| I like the idea. But relay.firefox.com could have been shorter, I
| suppose it doesn't matter here because the extension is supposed
| to roll you a new one and paste it in. But I'd like a service
| with a shorter domain for reading to people over the phone or at
| a store, double especially when it's a throwaway anyhow.
| r2b2 wrote:
| If domain succinctness is your dream, have a gander at Owl Mail
| [https://owlmail.io].
| remram wrote:
| In particular, the two dots after the @ are probably going to
| be blocked by many validation regexes.
| m_st wrote:
| Good luck when this service goes down. But otherwise: Sounds
| great!
|
| Questions:
|
| 1. Is this new?
|
| 2. Why just 5 relays? How can I get more?
|
| 3. Is something like that available from 1Password? Would be a
| great addition.
| decrypt wrote:
| 1. No, been around for over six months. Possibly longer, but I
| got access sometime between June and August.
|
| 2. That may be a good questions for developers at #firefox-
| relay:mozilla.org (Matrix room)
|
| 3. It has come up in a few tweets in the past, but 1Password
| does not seem to have any plans for now. I use SimpleLogin
| browser extensions, and 1Password neatly picks up that alias
| address from my signup form.
| r2b2 wrote:
| Might be worth checking out Owl Mail [https://owlmail.io].
|
| A few bonuses:
|
| * Larger attachments, 5MB + some wiggle room depending on the
| message size.
|
| * Replies (single and multi-party) in beta.
|
| * More addresses (a generous free tier, paid plans on the way).
|
| * Fast and simple UI.
| thecrumb wrote:
| Firefox is a bit like Google. They roll these out and then a year
| later they kill them. Looking at you Firefox send. So I'll pass.
| nexthash wrote:
| To be fair to Firefox, the only reason there is such a high
| rate of churn with their services is that they are trying to
| preserve their mission in the face of competition with Big Tech
| giants like Google. The more you support Firefox, the more
| likely it will be that this service will stick.
| rileyteige wrote:
| > Firefox Send
|
| What a letdown to see this service so quickly retired.
| ordx wrote:
| Services like this usually get banned by a lot of websites for
| various reasons. One solution could be to rotate domains from
| time to time, but I doubt they gonna do this.
| elliotlarson wrote:
| I don't know. It's so easy to just create a random Gmail address
| and forward email from it. Maybe this makes it easier, but Gmail
| is one of the few Google products that I feel pretty confident
| will be around for a long time.
| decrypt wrote:
| One still has to enter a mobile number to sign up for that
| Google account. But the larger difference is, that account
| would still be a standalone email address, which just happens
| to forward to your main Gmail address. But Firefox Relay (and
| similar products, like AnonAddy and SimpleLogin) are alias
| services. The idea with these services is to create addresses
| that can be immediately blocked, if they get into the hands of
| spammers. I am a happy SimpleLogin customer, and have made as
| many as 200 addresses. AnonAddy is a great start too, for those
| that need unlimited addresses. Both allow responding from those
| addresses, while AnonAddy's count is less.
| Normille wrote:
| Yandex Mail [0] is a better choice for this than Gmail. It
| also asks for a phone number to validate, on sign up. But
| there's a box you can tick which says something like _" I
| don't have a mobile phone"_ and then you can validate with a
| Captcha instead
|
| [0]https://mail.yandex.com
| elliotlarson wrote:
| Ah, okay. Those are fair points.
| niftylettuce wrote:
| I encourage you to instead try out https://forwardemail.net. I'm
| launching our browser extension and our SMTP service very soon.
| It's completely open-source and free. No logging either. We're
| the only service that doesn't write emails let alone logs to disk
| nor store any metadata.
|
| You can use unlimited custom domains and create disposable
| aliases on the fly as well!
|
| (I'm the creator, lmk any questions!)
| zanecraw wrote:
| Awesome! Just signed up for the free plan and looking forward
| for this browser extension.
| remilee wrote:
| Super easy to set up, thanks!
| riedel wrote:
| Should always use two or more of such services in a cascade to
| generate a mix network for true anonymity. Wait: The E-Mail
| forwarder would actually need to remove the To: fields to
| support this...
| riedel wrote:
| the future was here: https://www.mixminion.net/
| azinman2 wrote:
| > " Unlike other services, we do not keep logs nor metadata,
| never read emails, and are 100% open-source."
|
| So how do you prevent abuse?
| niftylettuce wrote:
| I created tools such as https://spamscanner.net and use ARC +
| ARF.
| GordonS wrote:
| I'm familiar with DKIM and SPF, but haven't come across the
| acronyms ARC or ARF before?
| dominotw wrote:
| I don't consider my email to be valuable enough to be hidden. I
| don't use email at all other than to do very mundane tasks.
| mosselman wrote:
| I once saw a comment on an auction on a yellow commode someone
| was advertising. It read "No thank, I am looking for a blue
| one".
|
| Your comment made me think of that.
| remram wrote:
| I assume emails @relay.firefox.com will be banned from every form
| in a week or two, the same way @yopmail.com is?
| Vixel wrote:
| My thoughts exactly. I've even run into sites that don't allow
| tutanota
| kilroy123 wrote:
| That was the very first thought that popped into my head.
| jamesboehmer wrote:
| IMO if you're really concerned about anonymity and securing your
| email from credential-stuffing, and willing to pay for such a
| service (I used to pay for 33mail), it's easier to just buy a
| domain and route * to your inbox.
|
| It won't get banned by some services, you have complete control
| over the domain and account, you can send email from any address
| you wish, you can sign up for domain-wide haveibeenpwned alerts
| by verifying domain ownership via TXT records, and you don't have
| to worry about the service going out of business in 2 years.
|
| After going through my password manager last year and changing as
| many logins and emails as I could, I've found several services
| that have sold my email address to third parties and one that was
| hacked. It's a relief to know I don't have all my proverbial
| email eggs in one basket.
| 7786655 wrote:
| How on earth is that anonymous? All of your emails are on the
| same domain, and nobody else is using that domain. As soon as I
| see an email @jamesboehmersdomain, I know that it belongs to
| jamesboehmer.
| dinkleberg wrote:
| You buy some cheap domain for this purpose. Certain TLDs go
| for real cheap (~$2/year).
| nucleardog wrote:
| I wouldn't tie my entire digital identity to whatever's
| cheapest if I could avoid it.
|
| In my case I use my CC TLD. I'm in a generally stable
| nation that follows the rule of law and the administrator
| of the CC TLD has all sorts of processes in place that I
| have access to as far as regaining control of the domain if
| it's inappropriately transferred, making appeals, etc.
|
| The extra $10 or so a year this costs is very much worth it
| to me as basically a form of insurance.
| thayne wrote:
| What TLDs are those?
| Hamuko wrote:
| https://tld-list.com/
|
| Sort by cheapest renewal.
|
| For example, you can register and renew a .feedback
| domain for $1.49 a year.
| stevewillows wrote:
| like Hamuko said, there are domains like .party, etc that
| are cheap. However, some sites won't take them. My main
| junk account is a wildcard .party domain. It'll work with
| mosts sites, but the odd one won't take them. I ended up
| registering a .com that goes to the same inbox to get
| around these.
| jamesboehmer wrote:
| You're right, it's not 100% anonymous. But my name's not in
| the domain, and I use WhoisGuard with my registrar. It's
| reasonably effective, cheap, and a low effort way to deflect
| the bots and identify suspicious activity.
| koheripbal wrote:
| This could be more easily done by simply signing up for
| gmail with an address that doesn't contain your name.
| jamesboehmer wrote:
| 7786655's point was that the custom domain is not perfect
| anonymity because if someone knows who owns the domain,
| then they know the owner of every email. If someone
| discovers my pseudonymous gmail account, then the same
| problem exists. But perfect anonymity was never my goal.
| dvfjsdhgfv wrote:
| > route * to your inbox
|
| This is a terrible solution. Updating aliases takes a few
| seconds, you can even shorten this time by creating a simple
| script adding the new alias and updating the aliases db.
| jamesboehmer wrote:
| What's bad about it? Been doing this for more than a year now
| and I've not encountered any problems. I've had catchall
| emails for every domain I own for 20 years or so and the
| worst I get is cold sales emails to info@ and sales@.
|
| If I want to block an incoming address it's a few clicks
| away, I've just never needed to because spam filtering works
| pretty well. Perhaps that might change some day and I'll
| switch to a whitelist approach.
| wnevets wrote:
| > IMO if you're really concerned about anonymity and securing
| your email from credential-stuffing, and willing to pay for
| such a service (I used to pay for 33mail), it's easier to just
| buy a domain and route * to your inbox.
|
| I've been doing this years and I usually use the domain I'm
| signing up for as the address. Beware tho some people get
| really confused by how email works. I was requesting quotes for
| a home improvement project and I've had employees at these
| companies think I was either friends with the owner or that I
| hacked their email.
| giaour wrote:
| It gets super awkward when you have to read the email aloud.
| My optometrist spent five minutes trying to explain that they
| wanted _my_ email when they tried to transfer a prescription
| from Warby Parker.
|
| "My email/username for Warby Parker is 'warbyparker.com@...'"
|
| "No, they need _your_ email, not theirs. "
|
| "..."
| mceachen wrote:
| I solved this by only including a unique prefix of the
| website, like "warby@example.com".
| 411111111111111 wrote:
| "oh, so you're an employee?"
|
| Got asked that once after specifying sixt@mydomain when
| renting a car
| noncoml wrote:
| Forget about that, way too advanced!
|
| I had a customer support on the phone insisting I was not
| giving them a valid email. "It should have something like
| @gmail.com or @yahoo.com".
| batch12 wrote:
| I do something like this too except the aliases are manually
| created. I went one step further and made an optional learning
| period for addresses so anything from a previously unseen
| sender address after x days is dropped. I also added an
| optional lifespan to the address so it is only valid for Y
| days.
| grep_name wrote:
| My experience with email in general has been so exhausting.
| This year I finally set up a new email address at a custom
| domain (with * catchall), but what I've found is that I'm
| afraid to give it to anyone. Right now I'm using it to
| communicate with like 3 people and it feels so nice.
|
| I may use the * in the future for custom emails for groups of
| concerns (jobs@domain or applications@domain, hn@domain,
| banking@domain), but I'm worried it will just add to the
| heaping mental overhead I already experience when working with
| email (what was my address I use for this again...?, etc). I
| can't help the feeling that it's just a matter of time before
| it starts to look like my original email account where even
| unsubscribing from things seems like a labor of Sisyphus, but
| this time with the added noise of it going to an email naming
| system I've lost control of.
| stevewillows wrote:
| with my catchall, I use one address per site. If they sell it
| off or whatever, I block the old one, update it on the site
| (e.g. hn2@blah.net)
|
| They're all tucked away in your password manager anyway, so
| there isn't any effort or tracking needed.
|
| I've had this system for about two years now and have yet to
| receive any junk mail with the new domain.
| amelius wrote:
| Sending email reliably is a nightmare.
| r2b2 wrote:
| Using your own private domain does not give you the same level
| of anonymity. Your domain name becomes a globally unique
| identifier that companies (and once leaked, anyone) can use to
| fingerprint you activity online.
|
| (Source, I run https://owlmail.io and this is a common
| question.)
| yread wrote:
| Sending email from your own domain is anything but easy. You
| need SPF, DKIM and DMARC at minimum. Are you going to host your
| own mail server? No one will accept your emails. Will you use
| sendgrid or postmark or SES? Enjoy having your emails
| (especially in the beginning) randomly end up in spam folders
| or worse completely quarantined (no bounce, nothing in spam
| folder) for various large institutions using MS Forefront.
|
| Sending email is complicated.
| [deleted]
| jszymborski wrote:
| I do the catchall thing too, but Migadu has an API for creating
| aliases... I think it'd be pretty cool to create a little
| script to generate random aliases and keep track of them.
| blindm wrote:
| > it's easier to just buy a domain and route * to your inbox
|
| There is the caveat of the domain getting into the wrong hands,
| if you look long enough down the road. What if you die, or
| simply can't afford to renew the domain well into the future? I
| know if I could look down from heaven after I die and saw
| someone re-registering my dropped domain, I would be furious!
|
| Then there is the issue of even when you're alive, you could
| simply refuse to renew for whatever reason and the domain is
| suddenly someone else's.
|
| MarkMonitor and Epik are the only companies that I know of that
| can safeguard against this. Epik has so called 'forever
| domains' and ensure the domain stays active well into the
| future.
| jamesboehmer wrote:
| I gave this some thought and decided it's actually worse with
| gmail. If google decides they don't like me, they can kill my
| email and I would lose access to pretty much everything.
|
| But if my custom-domain email provider closes shop, I can at
| least take my domain with me.
|
| You have a point though, I should just prepay for the next 10
| years of my domain, and set myself a reminder to renew in 9
| years :-)
| jsheard wrote:
| Renewing a .com for the maximum 10 years in advance is a
| bit of a trap, because to transfer the domain to another
| registrar you have to buy at least one additional year...
| which you can't do if you're already at the 10 year limit.
| If your registrar pulls a GoDaddy and you want to move away
| you might find yourself having to wait up to a year.
|
| There might be similar caveats with other TLDs but I only
| have experience with .com
| kube-system wrote:
| Good point. I'll make sure to keep mine registered
| 9-years out from now on.
| arpa wrote:
| It's just a domain, man, chill, don't let it drag you down.
| Why should you feel so strongly about transient things? It's
| just a name...
| dinkleberg wrote:
| They have a point though, when you rely on a domain you've
| gotta be cautious. If I buy your domain when you forget to
| renew it I can then do password resets against any accounts
| you used an email on that domain with.
| megous wrote:
| It would be nice if web services offered an option to
| disable this misfeature per account, or better yet offer
| to upload the user's PGP key and encrypt all outgoing
| email with it, incl. the password reset email.
| kart23 wrote:
| do you have more info on the 'forever domain'? Are they
| actually guaranteeing the domain forever or is it just as
| long as Epik exists?
| Vixel wrote:
| This is a good way to get a ton of spam from bots who try every
| word @yourdomain
| fartcannon wrote:
| You can still have spam filters and block lists.
| giaour wrote:
| I like the way Fastmail handles this. Your normal email is
| _user_ @ _domain_. _tld_ , and you can configure the service
| to also treat emails to <anything>@ _user_. _domain_. _tld_
| as having been sent to you.
|
| I have never seen bots try random addresses on a subdomain.
| robinhood wrote:
| This is exactly how I use Fastmail. Every newsletter/new
| account has a dedicated email address that is an alias to
| my primary fastmail address, based on a custom combination.
|
| That way, it's super easy to know which service is actually
| either spamming me, or leaked my email address.
| slightwinder wrote:
| I'm use a catchall-domain for 10 years or so, never got any
| botspam like that. Only think I got sometimes was spam to
| info@domain, and this can be easily ignored.
|
| Do those bots really exist? I would think the TLD I use is
| just not interessting enough for them, but it's from a big
| country.
| megous wrote:
| Yes, they did exist. I stopped using catchall because of
| them. It's not as common these days, looking at my postfix
| log. Though some large spammers were shut down a few years
| ago. I saw a sharp 60-70% drop in spam volume when that
| happened. So maybe someone who was doing this dictionary
| search gave up or was shutdown too in recent past.
| bartvk wrote:
| I have this regularly. My catch all gets emails from a bot
| that tries common first names at my domain, but sometimes
| really weird ones as well, seemingly random such as
| a23ssaaaa@example.com
| jamesboehmer wrote:
| Do people not already get their primary inboxes flooded with
| spam anyway? I've found my email provider's spam filtering
| pretty good anyway, it hasn't been an issue.
| thethimble wrote:
| What do you use for email hosting?
| jamesboehmer wrote:
| I'd rather not say. I imagine it shouldn't matter though.
| Plenty of email providers allow custom domains and
| configurable routing.
| kevincox wrote:
| It is probably a non-issue but one downside is that if people
| realize that you are doing this they can just pick a new "user"
| and reach you even if you have blocked their original address.
|
| It would be interesting to do something like this with
| signatures. You could generate new addresses "on the fly" by
| picking a prefix and signing it. Then you can use this email
| and it can't be modified in a way to generate a new valid
| email.
|
| For example you could have walmart-oaiua83n@yourdomain.example
| and they couldn't just change it to goodcompany@example.com.
| pricci wrote:
| I would do something like that but with a simple rule/cipher
| that can be computed mentally and is not completely obvious
| at first look. Like a shift cipher of the first two
| characters of the name:
|
| wolmart.yq@example.com
|
| w+2 = y and o+2 = q
| kevincox wrote:
| I was thinking that you would have a browser extension or
| bookmarklet but yes, you could definitely get away with
| something simpler.
| joosters wrote:
| I do this with my email, and it's definitely a non-issue. The
| problem is not _people_ but _processes_ - automated spam and
| the like.
| 8ytecoder wrote:
| Agreed. I do this and even without any good spam filter, my
| spam is down to at most 2 a week. The reason behind this is
| that most companies that exchange data use email/phone
| number as a unique key.
|
| (I use fastmail to host. This is the only reason I can't
| use Hey yet.)
| Shorn wrote:
| Where's the pricing page?
| dschuessler wrote:
| There's a self-hostable alternative called Inboxen
| (https://inboxen.org/) I haven't gotten around to setting it up
| yet, unfortunately.
| emphatizer2000 wrote:
| Until they deplatform you and all of your email addresses stop
| working.
| [deleted]
| [deleted]
| garysahota93 wrote:
| I've set something like this up with Google Domains + Gmail for
| free (well, the yearly cost of the domain, but yeah)
|
| I was able to set up alias emails in my gmail & have all emails
| from a particular domain forward to my domain as well.
|
| Then went with a password manager & changed all my email
| addresses to my own domain with specific relays (amazon@ netflix@
| etc etc)
|
| Works really well for ~12/year!
| tandr wrote:
| So, the same idea that is https://sneakemail.com ?
|
| (happy user for like 12 years?)
| megous wrote:
| I generate long completely random aliases also for other reason:
| to help with phishing detection.
|
| I store aliases in DB along with a short description of to whom
| they were issued, and some extra flags. My mail client then
| highlights emails sent to these aliases in green color and shows
| their description instead of the alias itself in the "From"
| column of the message list.
|
| I always give random aliases to online services, eshops, shipping
| companies, etc. These private aliases will never receive SPAM, or
| phishing, unless leaked by the company.
|
| Anything that looks like a transactional email from some service,
| and is not sent to private alias, just gets deleted right away.
| It's not even worth opening, no matter how good it looks.
|
| And I can keep my phishing guard up on much lower volume of green
| emails. It also makes whitelisting transactional email easier,
| without allowing random SPAM to the Inbox, because filtering
| based on the "shared secret" per company delivery address will
| allow in all important email from the company, regardless of how
| or from what address it was sent.
| FloatArtifact wrote:
| Is there something like this privacy oriented for phone numbers?
| stephenc_c_ wrote:
| Similar to Apple's option https://support.apple.com/en-
| us/HT210425
| jacurtis wrote:
| The concept is similar. But Apple only provides this feature on
| sites that impliment "Sign in with Apple". Firefox Relay allows
| you to create these relays on the fly, ad-hoc to put into any
| email field on the web (like sign up for my newsletter fields).
___________________________________________________________________
(page generated 2021-01-25 23:03 UTC)