Spoiler: it’s not about security.
Security? No, not really.
Privacy? Sure, some.
Spam management? Definitely.
Become a Patron of Ask Leo! and go ad-free!
Disposable Email Addresses: Privacy Tool, Not Security Shield
Disposable email addresses provide minimal security benefits, but they’re excellent for privacy protection and spam management. You can create them through subaddressing, aliases, or forwarding services. Just remember, securing your main email account with a strong password and two-factor authentication remains essential.
Disposable email addresses
Disposable email addresses come in various forms.
They start with your main email address. I’ll use “you@randomisp.com” as my example. This email address would be your “real” email address where you receive your email.
Subaddressing
Subaddressing allows you to add an arbitrary string to your email address. Those characters are ignored by your email service.
If you were to subscribe to a newsletter with the email address you+askleo@randomisp.com, the newsletter would still be delivered to you@randomisp.com, ignoring the “+askleo” part.
You can create as many of these as you like in services that support it. Create one for every store you visit online, for example: you+amazon@, you+walmart@, you+costco@, and so on.
If any get abused, are inappropriately shared, or fail to respond to an unsubscribe request, you can create a filter to route that specific subaddress to Trash (or Spam), and never have to see email from that source again. In the meantime, the other subaddresses, as well as your real email address, continue to work just fine.
The catch is that not all email providers support subaddressing. Check with your provider. (If they do support it, check which character they use. Most, but not all, use “+”.)
One downside of subaddressing is that it exposes your real email address to anyone who understands the syntax, and it’s another complication for you to keep track of.
Aliases
Aliases are other email addresses you create that deliver to your real email address. They differ from subaddresses in two important ways:
- You must create them before using them. Usually, you do this with your email service if they support it.
- They need not have any relationship to your real email address.
So even if your email address is you@randomisp.com, you might set up an alias costcoshopping@randomisp.com to use when shopping at Costco online. All email sent to it would arrive at you@randomisp.com.
Like subaddresses, if any alias accounts get abused, you can then disable them completely. In the meantime, the other aliases, as well as your real email address, continue to work just fine.
The catch is that few email services provide this feature. (Though if you own your own domain name, like I own “askleo.com”, it’s quite easy to set them up. I do this a lot myself.)
Forwarding services
Forwarding services are like aliases but are provided by a third party. You register a new email address — say you@somerandomservice.com — and forward all email sent to that address to your real email, you@randomisp.com.
The terms, lifespan, and possible cost vary depending on the service you use.
Like aliases, if any get abused, you can just turn the forwarding off.
Multiple free email accounts
These aren’t quite the same thing, but I need to include this to be complete, especially since it’s what you’re comparing against.
You could create a completely new free email account instead of a subaddress, alias, or forward. This is quite a bit of work per address, of course, but it ensures there’s no relationship between your real email address and the free email accounts you set up.
You also have to check a lot of email accounts unless you forward all these email accounts to your email address or fetch email from all these accounts to a central location, perhaps a desktop email program.
And, of course, they are ultimately disposable when you’re tired of them: just stop checking email at whichever free accounts you no longer find useful.
Security, Privacy, and Spam
There are many reasons you might set up a disposable email address. I’ll address the three most common reasons — security, privacy, and spam — and how well they accomplish the desired result.
Security
Disposable email addresses don’t do much to increase your security. I suppose disabling an email address that’s become a magnet for spam and malware helps a little, but in the long run, disposable email addresses aren’t particularly helpful. That most are tied to a single real account and password seems a negligible risk.
Privacy
Disposable email addresses can help improve your privacy. Providing disposable email addresses limits how much information you’re sharing about yourself. Coupled with other fake information, it can be a part of keeping more of your information out of the hands of strangers.
Spam
I view disposable email addresses primarily as a spam-management technique. If you’re about to hand over an email address to someone you don’t (or don’t yet) trust, a disposable email address allows you to quickly and easily avoid the spam they might send if they turn evil.
One disposable catch
Here’s one possible disadvantage of using a disposable email address. Let’s say you have an account at a major retailer, using something like you-retailer@randomisp.com. Email they send to you will land in your real you@randomisp.com email inbox.
What about email you then send to them?
Remember, to the rest of the world, you@randomisp.com and you-retailer@randomisp.com are separate and unrelated email addresses. If you reply to email sent to you-retailer@randomisp.com, but your reply comes from you@randomisp.com, you may have issues. Or you may not, since it all ultimately depends on the specifics of who you’re contacting.
But it’s important to be aware that it might matter.
After setting up one of my retailer@askleo.com-style addresses, I discovered that I then had to configure my mail program to be able to send from that email address as well in order for “retailer” to pay attention to me.
A couple of words about email security
Those words are: it’s critical.
Regardless of whether you use disposable email addresses, you must keep your email account secure. It’s the gateway to so much you do online that you don’t ever want to risk it being compromised.
That means the usual checklist:
- Long, strong passwords: for example, 20 random characters.
- Unique passwords: every account gets a different password.
- Two-factor authentication whenever possible.
- Add recovery information and keep it up to date.
Do this
Investigate the capabilities of your email provider and see if it supports any form of disposable email addresses. If you’re interested, experiment with one or two, particularly when registering with sites you might not completely trust.
Heck, test one out right here! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Using separate, free, email accounts and not using an email client program, seem the easiest. This depends on the user. You could still treat many of them as disposable if this is practical.
There’s no additional security, privacy, or spam risk from using an email client. I have 2 disposable accounts. One is for newsletter signups and companies I trust. The other is for signups I’m not sure about such as puchases from online companies I don’t trust not to spam.
The reason I have two throwaway accounts is so I won’t lose all my newsletters and correspondence from trusted companies if I’m getting too much spam from my real throwaway account and have to create a new one. I don’t get much spam at my newsletter account and I get a lot from my real throwaway account.
I have Thunderbird manage both accounts.
A separate account for each company I deal with would be way too much work to set up and manage.