Privacy

43368 readers

448 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

How to skirt websites that block known domains of email forwarding services? [SOLVED] (slrpnk.net)

submitted 2 days ago* (last edited 20 hours ago) by curious_dolphin@slrpnk.net to c/privacy@lemmy.ml

34 comments fedilink hide all child comments

Solved: Thanks to all who commented, especially those who took the time to respond to my follow-up questions. Your responses were enough to convince me of the value of buying a custom domain in order to keep one's true email address private w/ the added benefit of working on websites that block known domains of temp/forwarding service providers.

Key takeaways:

Forwarding services' shared domains are useful for blending in w/ the crowd. (credit to @Cricket@lemmy.zip)
Custom domains are handy when you don't care about blending in and you want to use a website that blacklists known domains of disposable/forwarding service providers, including the paid-tier domains.
Deciding whether to enable catch-all:
- Enabled: You can make up new addresses without having to configure the alias manually each time, but it's also easier for spammers to guess valid addresses.
- Disabled: It's more difficult for spammers to guess valid addresses, but you'll have to configure your aliases manually unless you have regex matching for automatic creation of new aliases. With regex matching for automatic creation of new aliases, disabling catch-all has few if any downsides.
- Regex matching: Seems to provide the best of all worlds by making it harder for spammers to guess valid addresses without having to configure aliases manually each time.
For aliases, including a string of random characters after the company name makes it harder for spammers to guess your other aliases and/or learn where else you have accounts by spamming emails to every $companyname@example.com and seeing which ones bounce back. (credit to @erebion@news.erebion.eu)

Original post:

I've recently signed up for an email forwarding service w/ aliases so that I can keep my true email address private when I sign up for new websites and services. I should clarify that I'm less concerned about concealing my identity as I am about protecting my real email address, identifying who leaked my info when my email address is compromised, and being able to stop the spam by turning off that alias.

While updating my existing profiles to point to aliases instead of my real address, I've hit a snag - some sites (Steam, Slack, etc) won't allow me to update my email address to any known domains from my email forwarding service.

On these sites that block email forwarding addresses, for now I'm either updating my existing email address w/ a plus sign if the website allows it, otherwise I'm just leaving my existing email address unchanged. It's not the end of the world, they already have my real email address, and I can probably go a Very Long Time without needing to check those inboxes anyway, but I'm still miffed that I can't completely migrate my existing accounts to my new scheme.

I've read numerous posts about the benefits of custom domains to enable portability of email service providers, and I'm wondering if custom domains are the answer to these sites that disallow forwarding addresses, but I have questions:

How do other people deal with this situation?
Do these websites that block known email forwarding domains typically work on a whitelist or blacklist model? If the former (whitelist), then I'm thinking a custom domain will have the same problem, but if the latter (blacklist), then I reckon a custom domain with catchall might work.
Particularly owners of custom domains, do you find your custom domain is allowed more often than not or do you run into the same problem?

EDIT: Clarified my objectives.

you are viewing a single comment's thread
view the rest of the comments

[–] Cricket@lemmy.zip 3 points 1 day ago (1 children)

I also use an email alias service and have dealt with this a handful of times. Here's how I've been able to address most of them, in order of what I tried which worked, meaning that items lower on the list were more rarely required but also more likely to work than items higher on the list:

Instead of using the free-tier alias domain names (like freealiasservice.com), I used the paid-tier ones (like paidaliasservice.com).
Instead of the common domain names shared by everyone (like aliasservice.com), I used a custom subdomain, (like cricket.aliasservice.com).
Instead of either of the above, I used a custom domain name.

So the above is the answer to your first question. The answer to your second is that in my experience the majority of sites that block certain email domains are using a deny-list instead of an allow-list. The answer to your third is that custom domains should work for the vast majority of sites. I think it would be silly for sites to use allow-lists for this, but I've heard of some doing it.

One other thing to keep in mind about my list is that it's also more or less in order of most private/anonymous to least private/anonymous. Item 1 hides you in the crowd, while 2 and 3 can be more easy to associate with you if you have enough of them for someone interested in finding this out to do some matching to determine if you use services a, b, and c, for example.

I hope this helps.

[–] curious_dolphin@slrpnk.net 2 points 1 day ago* (last edited 1 day ago) (1 children)

This is very helpful - thanks a lot!

[–] Cricket@lemmy.zip 1 points 20 hours ago

Glad to hear! You're welcome!