[HN Gopher] Firefox Relay
___________________________________________________________________
Firefox Relay
Author : blacktulip
Score : 267 points
Date : 2021-11-17 11:58 UTC (11 hours ago)
(HTM) web link (relay.firefox.com)
(TXT) w3m dump (relay.firefox.com)
| MickyTheMouse wrote:
| You can create aliases on Gmail with "+".
| firstname.lastname+spam@gmail.com.
|
| Probably works with other email providers too.
| hawski wrote:
| I use this scheme. I have a separate account (x@example.com),
| were I only give addresses with aliases (x+N-RANDOM-
| LETTERS@example.com). There are of course broken sites, that do
| not allow + in the e-mail address. Also Bolt (bolt-rider.com)
| ignores the alias and just sends to the base address
| (x@example.com).
| Y_Y wrote:
| You can also add dots ('.') anywhere in a gmail address and
| still have it delivered. You can use an unary encoding of
| your random letters if necessary.
| gostsamo wrote:
| This is a standard and every semi-smart spammer can strip the
| "\\+.+" part so it works only with legit websites that you want
| to handle in a special way.
| Semaphor wrote:
| Fastmail has subdomain addressing [0] to solve that.
|
| whateveryoulike@username.domain.tld is the same as
| username+whateveryoulike@domain.tld
|
| [0]: https://www.fastmail.help/hc/en-
| us/articles/360060591053-Plu...
| gostsamo wrote:
| So, spammers will learn to look at the "domain.tld" at one
| moment if this gets popular.
| quiet_cool wrote:
| another options is to buy a domain with a cpanel and set
| up a forwarder and filter to a specific folder in your
| secret main email account. The extra benefit here, since
| you own the domain, is that you can create a send
| identity of your
| arbitraryforwardingaddress@yourdomain.tld
| extra88 wrote:
| Yes, that is standard subaddressing but not all email providers
| support it (I've never heard of a Microsoft Exchange server
| supporting it). One problem with it is it exposes your real
| email address. Another problem, as the Wikipedia article notes,
| is there are a lot of inputs with poorly written validation
| that won't accept '+' as a valid email address character (they
| often only allow a-z, '.', and '@').
|
| https://en.wikipedia.org/wiki/Email_address#Subaddressing
| teh_klev wrote:
| > I've never heard of a Microsoft Exchange server supporting
| it
|
| It's supported on Exchange Online/Office 365 environments.
| There's a switch to enable it. We use it in our organisation.
| batch12 wrote:
| I made this as a side project a while back. The issue I ran into
| is my server being blocked to send due to its ASN even though it
| only sends to my addresses.
| duquedeturing wrote:
| Country limited... _sight_ :
|
| "[?]Relay Premium[?] is available in the United States, Germany,
| United Kingdom, Canada, Singapore, Malaysia, New Zealand, France,
| Belgium, Austria, Spain, Italy, Switzerland, Netherlands, and
| Ireland. " (https://relay.firefox.com/faq)
| cuonic wrote:
| Tried signing up for Relay Premium (from France), Stripe is
| telling me that "The currency of this subscription isn't valid
| for the country associated with your payment"...
| Vinnl wrote:
| (Relay engineer here.)
|
| Note that that's for the Premium service - the free tier is
| available in most countries. We're hoping to expand to more
| countries in the future.
| drdaeman wrote:
| > Your own email domain youremail@yourdomain.mozmail.com
|
| I don't understand why would one want to pay for a step down in
| privacy, voluntarily adding an identifier that allows to track
| them. The only thing it does is adding some extra information
| about the alias owner - something that does not make any sense to
| me, given that the whole point of the service is to obscure
| users' identities.
|
| I would understand really using my own domain (not this falsey
| advertising - "foo.mozmail.com" is not something I "own") rather
| than Mozilla-provided subdomain of theirs. Yea, that would also
| counter the privacy but at least there's a tradeoff - I retain
| control of that domain, so if I'm unhappy with Mozilla I still
| have the email addresses.
| groovecoder wrote:
| Howdy, relay engineer here.
|
| The random aliases at mozmail.com are certainly the most
| private option. The subdomain aliases are for convenience so
| you can make up any alias you want even if you don't have a
| device on you. (e.g., checking into a hotel, etc.)
|
| As you say - there's always trade-offs involved.
| drdaeman wrote:
| Aah, so the personal subdomains are catch-all accounts? So
| one doesn't have to talk to the Relay services at all and can
| just give out whatevertheycanthinkof@yourname.mozmail.com and
| it would get forwarded?
|
| If so - thank you, yes, now I see the point. My bad and
| please consider telling marketing team to highlight this
| hotel use case more prominently, because without it just
| comparing @mozmail.com vs @foo.mozmail.com is not really
| compelling and could be even confusing.
| j1elo wrote:
| Relay is very cool but it took me like 24 hours since discovering
| and adopting it, to being unable to use it for an account. So I
| cannot recommend it to my family and friends who are much less
| tech literate than I am.
|
| In my case I was trying to create an account on the Linux Mint
| Forums [1]. The confirmation email never arrived, which was very
| confusing to me.
|
| [1]: https://forums.linuxmint.com/
|
| After a couple emails with the admin, they told me this:
|
| > _The forum tried sending you the activation email but it 'd
| rejected by the Firefox relay with this message:_
| <...@relay.firefox.com>: host inbound-smtp.us-
| west-2.amazonaws.com[54.240.252.212] said: 550 5.7.1 TLS
| required by recipient (in reply to RCPT TO command)
|
| > _This is a known issue of the Firefox
| relay:https://github.com/mozilla/fx-private-relay/issues/757.
| I'll check but I think TLS is not under our control, same as in
| the linked issue._
|
| > _For now I think you 'll have to use a different email
| address._
|
| So while it looked promising, sadly the next day I was already
| back to using gmail addresses...
| groovecoder wrote:
| (Tech lead of Relay here)
|
| Thanks for the detail! We'll look into this. We definitely want
| to maximize deliverability.
| [deleted]
| hokonch wrote:
| I'm glad to hear it! It's been almost a year since I reported
| this bug, and I still run into web-compat issues everywhere.
| groovecoder wrote:
| Thanks for reporting it! Nothing like an influx of new
| users (and now premium customers!) to re-light some fire
| under a bug! We'll work on it.
| j1elo wrote:
| Thank you very much! Just to make it clear, I still use Relay
| for those sites that allow me to use it, I just wouldn't
| recommend it to friends because this kind of hiccups mean
| that it's not something that one can rely on with blind eyes.
| Glad to see there is active interest in ironing them out.
| e12e wrote:
| So.. Relay require tls on incoming connections - but site sends
| confirmation link over plain text smtp? What site _refuses_ to
| upgrade to tls these days? (or am I reading that wrong?)
| DerekBickerton wrote:
| > So while it looked promising, sadly the next day I was
| already back to using gmail addresses
|
| I know this pain point well. Some sites, instead of using a
| blacklist of every single disposable e-mail service, just use a
| whitelist of 'popular' email domains like gmail.com,
| outlook.com, yahoo.com etc
|
| This is why I have accounts with gmail and other popular e-mail
| providers. That's the only reason. Sad that you have to conform
| to be a normie just to use a website. Thank all the bots and
| bad faith actors for that...
| techsupporter wrote:
| > Some sites, instead of using a blacklist of every single
| disposable e-mail service, just use a whitelist of 'popular'
| email domains
|
| This is very interesting to me as I've had my own domain for
| a very long time and haven't encountered this more than twice
| in that time. If you don't mind sharing, on what kinds of
| sites have you seen this?
|
| I am not at all discounting your experience. We probably have
| different interests and visit different sites so I'm
| interested to explore that.
|
| I have very often hit the "you can't use emails from that
| service here" deny list which is why I think these kinds of
| services are neat but will quickly be rendered useless once
| the deny lists are updated.
| nagyf wrote:
| What happens when the service is discontinued, and suddenly I
| won't receive any emails from potentially hundreds of accounts?
|
| Seems like a really bad idea to rely on this service.
| Barrin92 wrote:
| the primary use case for me is to generate throwaway
| registration emails, I wouldn't necessarily use this for
| anything you really depend on.
| lovestory wrote:
| So is this like craigslist email censor?
| havkd wrote:
| Why not just create a burner Gmail address?
| vxNsr wrote:
| how does that work? Then you need to still sift through all the
| spam you get... this allows you to prevent the spam from ever
| arriving.
| AbuAssar wrote:
| Mozilla, I want to give you money and subscribe, Yet you refuse
| with this ambiguit error:
|
| The currency of this subscription is not valid for the country
| associated with your payment.
|
| Try again
| arepublicadoceu wrote:
| I'm conflicted about this.
|
| For me, the best implementation of private alias is the Apple
| one: %randomwords%[at]icloud.com. It's way harder to wildcard
| block _[at]icloud.com, as there are legit users of the icloud
| domain, than a wildcard block for:_ [at]mozmail.com.
|
| Unfortunately, using the apple implementation is just one more
| stone into their walled garden. I really wish firefox could
| create a legit free [at]firefox (or something else) mail and then
| create this alias service as premium bundle. It would be way
| harder for services to start blocking it.
|
| Furthermore, I'm not really excited to the overall direction that
| Mozilla is moving with its side projects:
|
| 1. They bought Pocket (which I loved) and now it's on life
| support.
|
| 2. They created an awesome private file sharing service (firefox
| send) and quickly butchered it.
|
| 3. They have a vpn that is simply mullvad with new clothes and
| fewer geographic availability. Why anyone would use it instead of
| mullvad is beyond me.
|
| Mozilla needs some serious trust building before I trust it to
| manage several mail aliases for me.
| sciurus wrote:
| > 1. They bought Pocket (which I loved) and now it's on life
| support.
|
| Why do you say it's on life support?
| judge2020 wrote:
| > 2. They created an awesome private file sharing service
| (firefox send) and quickly butchered it.
|
| Thankfully it was MPL licensed[0] and has an active fork[1].
| The only problem is that Mozilla requested their trademarks
| Mozilla/Firefox be removed, so finding this fork is a bit hard
| on Google.
|
| 0: https://github.com/mozilla/send/blob/master/LICENSE
|
| 1: https://gitlab.com/timvisee/send
| 0des wrote:
| > They bought Pocket (which I loved) and now it's on life
| support.
|
| I've been waiting a long time to find someone who thought that
| Pocket was a good idea. Can you expand on what you like about
| it being integrated into firefox natively as opposed to an
| extension?
| mekkkkkk wrote:
| I've been a heavy user of Pocket, and I obviously think it's
| great. In the end it's not much more than a reading list, but
| what really makes it useful is its integration with the Kobo
| e-readers. I can happen upon an interesting long form article
| at work, save it to Pocket and read it on the subway on the
| way home on my phone, or before sleeping on the e-reader.
|
| I'm not a Firefox user, so I'm using the extension, but if I
| were I'd really appreciate the integration.
| 0des wrote:
| Thanks for the reply. However, I was specifically hoping to
| hear a testimonial from a Firefox user who prefers it as a
| native integration rather than the extension.
| arepublicadoceu wrote:
| > Can you expand on what you like about it being integrated
| into firefox natively as opposed to an extension?
|
| Nowhere in my post I've said that I thought it was a good
| idea to integrate pocket to Firefox natively. I said that I
| loved pocket as a service. A service that improved constantly
| before Mozilla acquired it and now it seems like there's no
| significant upgrade for the last however many years Mozilla
| acquired it.
|
| As an addendum, I absolutely do not think that integrating
| pocket to Firefox was a good idea. Even though I love(d)
| pocket and Firefox, it should be an extension.
| bambax wrote:
| Agreed. They are all over the place and don't take good care of
| the only important thing, which is the browser. If I want a
| vpn, I will get a vpn. Same with email alias. This is yet
| another distraction. I'm not very optimistic.
| nabakin wrote:
| I think they have a revenue issue. They can't make the money
| necessary to sustain a lot of their work so they are trying
| to find other sources of revenue that are privacy focused to
| help. See the layoffs from last year for example.
| markstos wrote:
| Solving privacy by sharing all your emails [were obscuring your
| email address matters] with Mozilla.
| pm90 wrote:
| Won't websites just blacklist this domain from creating accounts?
| decrypt wrote:
| It's rare though.
|
| I have been using alias services like Anonaddy and SimpleLogin
| for nearly two years. I have seen only on website block
| SimpleLogin, and it was a Pixelfed instance. I simply signed up
| on another Pixelfed instance as these are federated.
|
| These alias companies also have multiple domains, so in a way
| these blocks can be worked around.
| Freak_NL wrote:
| Mailinator's domains are pretty much all blocked in lots of
| cases. There are lists filled with such domains that services
| often seem to use.
| pmontra wrote:
| Mailinator is very famous. I never heard about the other
| services in this sub thread though. It could be that they
| are allowed because few people know that they exist.
| igetspam wrote:
| About a year after Gmail launched, commercial services
| blocked the domain for account registration, in droves. I
| remember seeing errors about using "free" email services. It
| hasn't happened yet me in a long time but I also use a
| wildcard address and a personal domain for most things now.
| (My gmail account is regularly blocked but that's becaue
| people assume it's fake and they use it for testing... I get
| all the spam.)
| makosdv wrote:
| Some probably will.
| otherme123 wrote:
| I've find a good amount of sites that do not blacklist, but
| whitelist maybe four or five domains (gmail, hotmail,
| outlook...) and any others not allowed.
| djbusby wrote:
| Cat v Mouse
| encryptluks2 wrote:
| I've been using SimpleLogin for a while now which does just this.
| The thing I like about SimpleLogin, is that it can be self-hosted
| and they have an open source app on F-Droid.
| rpxio wrote:
| I've been using Spamgourmet for over a decade for this
| functionality. I'm surprised it's not more popular here.
|
| https://spamgourmet.com
| vxNsr wrote:
| Never heard of this one. I'd love to get something like this
| that I can self-host, or pay to use my own domain.
| hsx wrote:
| Doesn't seem like I can sign up in Australia, payment is not
| accepted..
| Vinnl wrote:
| (Relay engineer here.)
|
| Unfortunately the Premium service that we launched yesterday is
| only available in a limited (but growing) number of countries.
| The free version should be available to you though.
| the_duke wrote:
| I've been using this pattern for years.
|
| I have a custom domain just for signups, and I sign up with
| [service].[username]@customdomain. The domain simply has a
| catchall email "accounts@customdomain"
|
| Combined with a password manager (Bitwarden) this is absolutely
| brilliant.
|
| * Spam: if I get any spam, I know exactly which company is
| responsible, whether directly, through selling user data or
| because of breaches. And I can simply block the whole alias.
|
| * Multiple accounts: If you need a second account with some
| service, you simply use a new alias. No need to worry about
| secondary emails just for a few accounts.
|
| * Mitigate data leaks: if some database gets compromised, all
| they get is a throwaway email. They also can't try to log in to
| other accounts or do password resets if they get a hold of the
| password. (somewhat redundant with a password manager and unique
| passwords, but still)
|
| * Privacy: all those ad data aggregators have a harder time
| connecting me between accounts. (of course they still use names,
| address, credit card info, etc; but it helps)
|
| * Easy self-hosting: email hosting can be a pain. But in this
| case you only need to receive, never send. And receiving
| basically always works, even with the most broken email server
| setup.
|
| A downside is the unique domain name. I always wanted a shared
| domain with lots of users to further reduce exposure.
|
| I actually thought about starting a service that provides this,
| but it's a niche product with non-trivial technical hurdles and
| potentially lots of support demands, so I'm happy that Mozilla is
| offering this.
|
| The only downside is that people get really confused when they
| have to deal with your email, for example when calling support.
| But it's never been a real issue.
|
| Highly recommended!
| heresie-dabord wrote:
| The functionality isn't easy to discover, but you can use an
| account at outlook.live.com (MS) to create e-mail aliases.
|
| You can manage the aliases within the same parent account.
| piokoch wrote:
| "A downside is the unique domain name" that depends, I bet that
| a lot of services will disallow registration with @mozmail.com
| addresses and the trick would not work. In case of you custom
| domain they will never know if this is a real thing or some
| throwaway address.
| csmpltn wrote:
| Your single point of failure is your account at your registrar,
| where your domain can be hijacked. Once your domain is taken
| over - all of your accounts which are connected to this domain
| are also owned. So you're still only one hack away here.
| neogodless wrote:
| That is accurate for any and all approaches with email, but
| it does not negate the (significant) incremental improvements
| this strategy grants you.
| csmpltn wrote:
| > "That is accurate for any and all approaches with email"
|
| The likelihood of a takeover of @gmail.com or @icloud.com
| is much lower though.
| kingcharles wrote:
| I went to jail. Got out. Seems like there is no way to
| reaccess my old gmail account.
| the8472 wrote:
| Instead those can just cancel your account without
| explanation or recourse. With a registrar you have a
| contractual relationship enforceable in your local
| jurisdiction.
| the_duke wrote:
| Well, sure. But my registrar requires 2FA and has good
| support. The domain also has a hard lock for transfers, which
| would require a signature and id.
|
| A targeted hack that could get 2FA tokens or a social
| engineering attack on the registar aren't threat vectors I'm
| concerned about. I'm not that interesting.
|
| Much better than being at risk of, for example, Google
| cancelling your Gmail account for whatever reason, or your
| mail account getting hacked.
| sysadm1n wrote:
| > I have a custom domain just for signups
|
| I keep reading about people who say they have a custom domain,
| but I'm not sure they're aware of the caveat to that. You have
| to keep renewing it, and domains are infamously changing hands
| all the time, sometimes to bad actors who want to use the SEO
| juice of the domain for spam or affiliate marketing, or in the
| worst case: to take over your identity with it.
|
| By all means, yes, keep it renewed, but if you stop renewing it
| (for whatever reason), assume all the accounts you have tied to
| it will be in someone elses hands.
| kingcharles wrote:
| I (unexpectedly) went to jail. Try renewing your domains
| while you are in jail. As you say, now you've lost access to
| everything.
|
| My solution: make sure you keep your domains renewed to the
| maximum allowed by your registrar if you can. 10 years with
| dotcoms.
| encryptluks2 wrote:
| Or at least make sure you have some type of plan document
| to have a family member or someone you trust assist, but
| having it done automatically is better. Unfortunately,
| other services like Gmail or what not may end up closing
| your account after a couple years. If you have your own
| domain, maybe see if you can prepay for email hosting for a
| few years as well.
| pylon wrote:
| Out of curiosity, is your customdomain in this case something
| without any personal info on it? I have a custom domain with my
| first name and last name initial .com, but now I'm thinking if
| I want this setup, maybe it's better off getting a domain with
| random words so even if email leaks, no personal data is
| leaked.
| WA wrote:
| Not OP, but same setup. I have a custom domain that has a
| generic name. Not entirely random just in case I ever have to
| spell it out or something, but no PII in the domain name.
| Also, Whois privacy service through my registrar.
| e12e wrote:
| I'm not currently using it (took down my opensmtpd server..
| Haven't replaced it yet) - but I used a subdomain on a vanity
| domain (in my case things like hn@s.hypertekst.net). If I
| need a "new" domain, I can just move to another
| (r.hypertekst.net - s for spam, r for registration... Etc).
| ryanjshaw wrote:
| Word of advice for anybody doing this: make sure you have a way
| to SEND email using one of your aliased addresses - because one
| day you will find a critical service provider can't process
| your emailed attachments unless sent from your registered email
| address (e.g. insurance claim document, bank documents, etc.)
| jlund-molfese wrote:
| And make sure you can easily fetch new emails on demand! I
| had a Migadu-Gmail setup, but the Gmail app and mobile site
| only pulled from the POP3 server every 30 minutes or
| something.
|
| Which was fine until I had to verify my identity in-person at
| a Verizon store to cancel service and had to explain why I
| wouldn't be able to receive a verification email to
| verizon@mydomain for a while. Also annoying for my 401(k)
| which uses SMS for 2FA and makes the codes expire after 2
| minutes.
|
| Since then I've switched to a custom domain with iCloud,
| which unfortunately doesn't support catch-all addresses at
| all, but is more reliable and faster.
| [deleted]
| depingus wrote:
| I do what OP does and your comment gave my cause for concern.
| I just checked with my email provider and, luckily, it seems
| I can create Send Identities to solve this issue. Thanks for
| bringing this to my attention though!
| nathancahill wrote:
| If it's handled by Google Workspace, it's easy to add
| additional "Send as" addresses.
| the8472 wrote:
| Thunderbird supports custom From: addresses in the mail
| compose window.
| e12e wrote:
| But, your mail might bounce without proper sfp setup.
| (preventing random from like in the good old days
| (president@whitehouse.gov) is pretty much the raison d'etre
| for sfp... For better or worse).
| the8472 wrote:
| That's not relevant for the discussion in this thread
| where we already assume you have a custom domain with
| catchall inbox setup. The custom From is still needed to
| be able to actually send from any address on that domain.
| e12e wrote:
| Yes, and part of that setup is proper sfp setup? Eg allow
| sending from Gmail with a from on your domain?
| the8472 wrote:
| I don't see how it's specific to sending from
| thunderbird. It's a general issue if you want to use a
| domain for mailing.
| greenail wrote:
| you can make unique addresses so they can be transparently
| replied to in any mail reader (including gmail/web). It takes
| a bit of work but is worth it. I've been using the system I
| built to do it for over 5 years.
| propogandist wrote:
| fastmail supports this, but only if using their [web] app or
| website.
| crossroadsguy wrote:
| I do this but on my main domain. I have another domain and I
| guess I might to move spam catching exclusively to that domain.
|
| Anyway the trouble is writing mail to those services or
| replying to those. I have 13 from email usernames in my
| Mail.app right now on my domain. Then I stopped it. It's just
| so tedious.
|
| I wish there was an app that would let me easily do it once I
| proved I'm the domain owner maybe - just let me send an email
| from <anything>@<my domain>.tld without having to add one
| separately. It should also allow me to reply from same email
| without hassle
|
| I tried Apple iCloud+'S HideMyEmail feature, but:
|
| - It's a harder lock-in into their ecosystem
|
| - Not available on custom domain
|
| - You can reply from that random email username if you get
| email username, but you can't start a conversation easily.
|
| - when you stop paying those randomly generated Hide My Email
| are gone
|
| - Not very convenient in the browser especially if you are not
| in Safari or a Mac.
| thmzlt wrote:
| You can do that in FastMail (web UI or mobile app). It
| supports multiple domains too.
|
| The compose view looks like this: https://imgur.com/a/qULeL5a
| voltaireodactyl wrote:
| For what it's worth, MailMate on mac allows for responding
| via the received address in just the way you describe. It's a
| large part of why I ultimately landed on using it
| exclusively.
| depingus wrote:
| This is very similar to how I setup my (paid) Fastmail email
| with my own domain. But Fastmail goes one step further: When
| signing up for things I use an email address like:
| shopping.newegg@depingus.mydomain.com. Fastmail will
| automatically deliver any messages addressed to the above email
| into the Shopping folder of my Inbox. I don't have to create an
| alias or any rules in my email account. Fastmail will handle
| that when a message arrives.
|
| This is great for categorizing messages. And you can still
| blacklist aliases that have been leaked to abusers.
| chrisjc wrote:
| > of course they still use names, address, credit card info,
| etc
|
| I haven't used this service, only heard about it. It might
| cover your missing piece for credit card info.
|
| https://privacy.com/
|
| Of course, privacy.com ends up being the one that can aggregate
| your CC information together.
| stavros wrote:
| I've been using this service for years and love it.
| encryptluks2 wrote:
| I ended up choosing Abine Blur. The interface isn't as nice,
| but it seemed more security-focused. Privacy.com seemed to
| actually collect a lot of information and prevent you from
| removing it later on.
| vxNsr wrote:
| > _Abine Blur_
|
| So, I just googled them, they look interesting but their
| website seems intent on obfuscating what they do, it uses a
| lot of marketing speak but doesn't tell me how it works.
|
| Are you able to use your own domain for the "email
| masking"?
|
| Are you giving them your bank info for the credit card
| masking or are they billing the credit card on file?
| encryptluks2 wrote:
| I'm not sure om the first question because I use
| SimpleLogin for email masking instead, but the second one
| it is advised to use your bank info so there are no fees.
| The plan I am on I get unlimited masked cards as long as
| I use a bank. There is a fee to use a credit card. There
| is a minimum amount per masked card of $10 but you can
| immediately request a refund once you use whatever amount
| or if they just pre-authorize something.
| neogodless wrote:
| This is almost identical to my approach. One minor difference
| is that I got on the free Google Apps for Business plan a
| decade or so ago. So deliverability is there, which does come
| up from time to time. i.e. Occasionally you need support, and
| the service wants you to email them/reply to their email from
| the email you use with their service. So in Gmail, I have to
| set up an account/alias so I can send the email.
|
| I did self-host this way back, using MailEnable on Windows
| Server. It... worked. But I don't recommend it!
|
| The other downside is that the catch-all sometimes gets a lot
| of [gibberish]@[customdomain]. It's not too bad now, but there
| was a period where gibberish hexidecimal aliases were spammed
| regularly.
| Vinnl wrote:
| Heh, I work on Relay and I do the same :) While the approach is
| great, especially in situations away from my computer where I
| can't generate a new alias in advance, working on it I
| discovered that using Relay still has a couple of advantages:
|
| - My other addresses are unguessable.
|
| - It's far easier to block emails sent to a single alias. With
| my own domain, I'll have to go and add a filter into which I
| copy-paste the particular alias I want to block. With Relay, I
| can just open the dashboard and hit the toggle next to the
| alias labelled with the domain I used it on.
|
| - I was looking for ways to give Mozilla money for a long time
| (though now I'm working there, so I guess I'm also taking its
| money).
|
| In general, my setup now is to keep using my old setup for
| long-term accounts with somewhat more reliable services, and
| use Relay for e.g. requesting a quotation or having a single
| thing shipped to me.
| VTimofeenko wrote:
| On the unguessability of other addresses - I rotate several
| schemas making the mask of the address something like
| [service].[username].$(pwgen -1 | tr '[:upper:]'
| '[:lower:]')@customdomain.
|
| Sometimes "[service]" is also shortened like "hackernews ->
| hn" to dodge the ban on service name in the e-mail address
| that some service providers apparently have.
| Vinnl wrote:
| Ah, I don't necessarily mean guessability of which other
| addresses I use, but of how you can reach me. If I block
| yourservice@mydomain.com, you can still attempt to reach me
| at totallynotyourservice@mydomain.com and it will work.
| You'll also be able to link my different addresses on
| different services. If I throw away the Relay alias for
| your service, that's it - there's no way to lead that back
| to me anymore.
| VTimofeenko wrote:
| Gotcha.
|
| > you can still attempt to reach me at
| totallynotyourservice@mydomain.com not if the catch-all
| address is actually /dev/null and the
| totallynotyourservice@ has to be mined from somewhere
| because it's random.
|
| Overall, I think it depends on the obfuscation strategy.
| It's true that having a unique @mydomain.com part is a
| big giveaway and someone could theoretically track one's
| activity by searching for all e-mail addresses coming
| from the domain.
|
| My use-case is more to use unique e-mail addresses to
| throw off credential stuffing attacks, not become
| untrackable/avoid all spam. For the tracking use-case I
| generally think several times if I want to register
| somewhere at all and try the usual routes first
| (mailinator, random old addresses on public e-mail).
| mike_d wrote:
| What is Relay going to do when the domain ends up on one of
| the many "disposable email address" blocklists?
| mattlondon wrote:
| Similar here.
|
| Instead of using the same email address and different password
| per site, I use my "burner" domain so foo.com@burner and just
| use the same password for everything. Nothing to remember for a
| login - just the domain name and the usual password.
|
| For "important" things (anything with money or PII etc) I use a
| unique password + bitwarden
| MrksHfmn wrote:
| You can only hope that the service will last long enough and not
| be discontinued like Firefox Send. Otherwise you have created
| online accounts with dead alias emails. I create the alias mail
| addresses in my postfix installation under /etc/aliases
| paleogizmo wrote:
| I'm cautious, but IIRC much of the issue with Firefox send was
| it being abused for huge/illegal files, which seems like less
| of an issue with a receive-only email address.
| bambax wrote:
| I have domains with catchall so every email is different, can
| be created on the fly and can be easily revoked. This is the
| simplest solution I think.
| checkyoursudo wrote:
| If you rely on catchall, doesn't that make it more difficult
| to eliminate spam from breaches or bad actor
| companies/services? With aliases and no catchall, I just
| delete a one-time-use alias and all spam goes away. Can you
| do something similar even if you are using catchall?
| newhotelowner wrote:
| instead of domain, use subdomain. You can use forwarding
| service like improvmx to filter out bad actors. Also,
| forward email to Gmail. Gmail will reject standard spam
| emails.
| the8472 wrote:
| With a catchall you can just setup a filter rule that auto-
| deletes mails to certain destination addresses and add more
| to the filter as they get compromised. Which doesn't even
| happen all that often in my experience.
| EMM_386 wrote:
| This sounds interesting, and I'd pay for it, but it seems to be
| dependent on a Firefox extension.
|
| Sadly, after literally 20+ years of using Firefox, I recently
| switched to Brave. The performance of FF was wearing on me.
|
| I realize it would seem to be very strange if Mozilla were to
| create a Chromium extension. But in this case, it is a paid
| service separate from the browser.
| Vinnl wrote:
| (Relay engineer here.)
|
| While we provide a Firefox extension with which generating an
| alias is just a click away, you're not dependent on Firefox
| specifically: you can generate and access your generated alias
| through the web interface at https://relay.firefox.com in any
| browser.
|
| (Also, I'm sure you've already tried a lot of things, but in
| case you didn't: perhaps refreshing Firefox helps? See
| https://support.mozilla.org/en-US/kb/refresh-firefox-
| reset-a....)
| notRobot wrote:
| Not dependent on extension:
|
| https://relay.firefox.com/
| antihero wrote:
| This is cool, however, personally I feel like for my use case
| that integration with 1Password and Fastmail is better because I
| don't want to depend on a browser that I cannot use everywhere to
| manage this.
|
| In the same way that I avoid Sign in with Apple - what am I
| supposed to do when I need to Sign in without Apple?!
|
| I find 1P+FM is a much more cross-platform solution.
|
| However, I commend Firefox for creating this functionality for
| people that don't use a separate password manager or Fastmail!
| Lio wrote:
| Right with you on Fastmail, it's excellent. Just wondering
| though where do you feel you can't use Firefox? As far as I
| know it runs on all major platforms even if the rendering
| engine on iOS is still Safari.
| adamkochanowicz wrote:
| You can use Apple's solution even if on Linux and using any
| browser.
| Vinnl wrote:
| (Relay engineer here.)
|
| While we provide a Firefox extension with which generating an
| alias is just a click away, you're not _dependent_ on Firefox
| specifically: you can generate and access your generated alias
| through the web interface at https://relay.firefox.com in any
| browser.
| marcellus23 wrote:
| Sign In with Apple is a regular OAuth service and works fine in
| a browser.
| ssalazars wrote:
| Correct me if I'm wrong, but you would still need to pay $3
| USD/mo for Fastmail even if you use 1P. Whereas with Relay,
| it's 0.99 USD/mo, and no need to migrate my existing email to
| any other service.
| unicornporn wrote:
| What the f. Do they even want users. I can _not_ create a Firefox
| Account. Every register page is a login page. When I enter an
| email and a password it expects an existing account (which I do
| not have). This is beyond belief.
| abraham wrote:
| If it's asking for a password then you do have an account. Try
| triggering a password reset.
| llampx wrote:
| I just signed up and sent myself a test email. It took a couple
| of minutes but it came through with banners above and below the
| content.
|
| Pretty nice service however again I am afraid that one day the
| plug will be pulled and the email addresses will be orphaned.
| sebow wrote:
| Hell no I ain't touching this with a 10feet pole.
|
| Would rather try and struggle to live email-free than create a
| profile of addresses which mozilla would have.Don't get me wrong
| still a step above google, zuck & cook, but people who think this
| is the solution are delusional, even if this service is for non-
| critical emails.
| endisneigh wrote:
| simplest thing is to create a gmail, which will never be blocked.
| then forward certain types of emails to your regular email.
| akdor1154 wrote:
| Urgh, on one hand i love the idea and i think its a good business
| venture for mozilla.
|
| On the other hand, they are injecting little scare bubbles into
| everybody's website to advertise this, and that rubs me up the
| wrong way so much i want nothing to do with it.
| groovecoder wrote:
| Howdy. I'm an engineer on both Facebook Container and Relay.
|
| We fixed the original bug in Facebook Container that was
| showing the prompt on every website - now it only shows the
| prompt on websites where Facebook trackers are detected.
|
| Facebook Container is something that inspired and influenced
| the development of Relay in the first place. Facebook Container
| users reported that they used websites and still saw ads from
| those websites in their Facebook feed, even though they were
| using Facebook Container. Because Facebook lets anyone create
| custom audiences for re-targeting, we need to give users a way
| to protect themselves from "back end" data sharing & tracking.
|
| (https://www.facebook.com/business/help/744354708981227?id=24..
| .)
| opencl wrote:
| You only get the bubbles if you install the extension.
| funOtter wrote:
| See competitors like https://simplelogin.io/
| vxNsr wrote:
| Also https://www.33mail.com/
| encryptluks2 wrote:
| Some notable differences:
|
| * SimpleLogin can be self-hosted and is open source * Has an
| open source app available in the F-Droid open source app store
| oftenwrong wrote:
| also https://anonaddy.com/
| one_off_comment wrote:
| I like this idea a lot, but I don't trust it to stick around.
| Mozilla is going to pull a Google and this will be a very painful
| thing to undo.
| newhotelowner wrote:
| I created a subdomain, and create email on fly based on the
| domain name example ycombinator@subdomain.com
|
| I use https://improvmx.com/ to forward all subdomain email to my
| main email (gmail) account. It has a option to forward emails to
| a black hole too.
|
| From that I have learned that big companies like adobe &
| lendingtree gets hacked too. Or they sell your data.
| newscracker wrote:
| This looked interesting when I explored it, but the 150KB
| attachment size limit is too low. I also checked the GitHub
| issues list for this project and found some open issues with
| respect to attachment sizes lower than this not getting through
| (maybe because of inflation with encoding, which end users may
| not know about or can't predict).
|
| The premium paid subscription is said to be only available in
| specific countries, but the payment form seems to appear in other
| places too. So I'm not sure how the service allows or disallows
| subscriptions.
|
| A quick thought also occurred to me comparing this with iCloud
| email aliases from Apple, which is available for all paid iCloud
| subscriptions starting at the same price as this one ($0.99 per
| month) and allows the user to use their custom domain (Firefox
| relay premium gives you one custom subdomain under mozmail.com).
| And for the same price, Apple also provides 50GB of storage and
| supports the iCloud Relay hop service for Safari (and apps, if
| supported).
|
| I'd like to support Firefox monetarily, assuming the revenue from
| this service goes to Mozilla Corporation (not Mozilla Foundation)
| and to Firefox. But the attachment size limit is currently
| unacceptable for me.
___________________________________________________________________
(page generated 2021-11-17 23:02 UTC)