3 minute read

I am not a fan of tracking by private companies. I don’t want any sufficiently motivated person to be able to buy every physical location or web site I’ve visited from a data broker. Cybersecurity is a shambles anyway, so even if they “anonymize” their data, they’re one breach away from hackers knowing all sorts of useful data they could use to impersonate me or something. One way that web sites track me across sites is to get my email address. They can sell their user list to advertisers so that they get paid more for hosting ads, and the ad servers compare email addresses across different web sites from which they buy ad space. Even if they weren’t doing this, sites can leak my email address and then spammers start blasting me with spam. Most of the time my spam filter catches it, but I’d rather just not get the emails.

My solution is to give a different email address to every site that asks me for one. There’s no single address to track across sites, and if I start getting a ton of spam at one of the email addresses, then I can see what site I gave it to and stop going there or at least block any mail to that address. I have two tools which make this easier. One is an email masking service which allows me to generate random email addresses which forward to me. The other is a wildcard domain, where email sent to any address that has the @whatever.something domain at the end will be forwarded to me. If I have fifteen seconds to generate an email address, I prefer to do that, because then I can easily reply from that email address. There’s no way to reply to email to the wildcard domain without either revealing my forwarding domain or manually recreating the email address that I gave out. But if I don’t have easy access to my phone or I need to put in an email address to send a receipt to or something, I just make up an email address on my wildcard domain and know that the stuff will get to me. In theory, if trackers knew I was doing this, they could just treat all of the email addresses with a particular domain as one person and consolidate the data, but I doubt enough people do this in practice to make it worth doing. On the other hand, they literally use the pixel size of your web browser windows to fingerprint you and track you across sites, so I may be underestimating them.

Aside from all of that, having an email address with a custom domain is cool. Why have the same gmail.com domain as everyone else?

You can host wildcard email forwarding at no additional charge from many domain registrars, or the service is included with basically any email host plan. There are several reputable email hiding services. You can also self-host email, but it’s a terrible idea because spam filtering is hard, your uptime will be less than a dedicated cloud provider, and your emails won’t get to the people you’re sending to because none of the big email hosts will trust email from an unknown server. I recommend iCloud for both email hosting and masking if you have any Apple products. I give Apple a dollar every month, I get 50 extra GB of cloud storage for my phone backups, and they host my email. There’s an option to choose hide-my-email any time you check out with Apple Pay, which makes it very easy to give throwaway addresses to any site when I’m buying stuff (and Apple Pay remembers to use the same email address if I go to the site again). I have concerns about ecosystem lock-in, but I guess I might as well take advantage of cheap email hosting if I’m going to use an iPhone anyway. As long as I’m paying for iCloud+, I can also use a feature where they’ll hide your IP address from the sites you visit while web browsing.

Updated: