Just chiming in, if you’re using + aliases for privacy some people can just remove the plus and see your email
For example if you sign up with [email protected] the service can remove everything between the + and the @ and see your real email is [email protected]
It kinda isn’t, however I found that some websites refuse to acknowledge that plusses are valid. I see this one uses dashes which might have a similar issue. Only thing I think is universally accepted are periods
As a kid I had an email address that started with a dash. Back then I regularly encountered websites that flagged it as invalid (but only if it started with it)
The format of an email address is local-part@domain, where the local-part may be up to 64 octets long and the domain may have a maximum of 255 octets.[5] The formal definitions are in RFC 5322 (sections 3.2.3 and 3.4.1) and RFC 5321—with a more readable form given in the informational RFC 3696 (written by J. Klensin, the author of RFC 5321) and the associated errata.
Local-part
The local-part of the email address may be unquoted or may be enclosed in quotation marks.
If unquoted, it may use any of these ASCII characters:
I don’t want to try to escape the following for Markdown, so I’m just gonna dump it in a blockquote:
uppercase and lowercase Latin letters A to Z and a to z
digits 0 to 9
printable characters !#$%&'*+-/=?^_`{|}~
dot ., provided that it is not the first or last character and provided also that it does not appear consecutively (e.g., [email protected] is not allowed).[8]
If quoted, it may contain Space, Horizontal Tab (HT), any ASCII graphic except Backslash and Quote and a quoted-pair consisting of a Backslash followed by HT, Space or any ASCII graphic; it may also be split between lines anywhere that HT or Space appears. In contrast to unquoted local-parts, the addresses ".John.Doe"@example.com, "John.Doe."@example.com and "John..Doe"@example.com are allowed.
It is plus aliases*. It’s got additional features for them that other providers don’t have though. Like for each label (alias) you can toggle whether to get notifications, mark as unread, screen new senders, and show them in the “aggbox”. The aggbox is like an inbox, but since you don’t ever use your “bare address”, it just shows the labels you want. Your bare address autoresponds with a list of your public addresses.
* It’s technically subaddressing, using either a dash or a plus as a delimiter.
From what I can tell, not much. They use dashes “-” instead of pluses “+”.
But neither of these two options provide you with much privacy. Plus addresses, as others have pointed out, can be automatically stripped (just delete everything after the plus sign) and you get the real email behind it.
This service specifically I dont know the details, but it seems there is a unique prefix per user, but no “real email”.
So for instance if you use gmail you can have “[email protected]” as your real email. You then use “[email protected]” for your lemmy account. If that email gets leaked out somehow, people can easily tell your real email address is “[email protected]”
This service seems to do something very similar with the difference there is no base email, so there isnt a “[email protected]”, there will only be “[email protected]”. It is worth pointing out you might still be tracked because all your emails will be prefixed with “sunny”. So although spammers wont be able to figure out your real email address they can just try something like “[email protected]”, and if multiple of your addresses leak it will be easy to link them all up to the same person.
This also creates A LOT of lock in. Because if the service shuts down you now have dozens of services for which you don’t have means to access the emails anymore.
Thank you for the feedback. These are all really good points that I’d like to address.
The vendor lock in part I agree is very important. I’m working on adding support for custom domains, which would let you migrate to another provider if Port87 ends up not working for you.
Regarding the privacy part, a long term goal is to let you create private aliases for your labels that are randomized addresses on a different domain. I haven’t started working on that yet, and supporting enterprise features will take priority.
How’s this different from plus aliases?
Just chiming in, if you’re using + aliases for privacy some people can just remove the plus and see your email
For example if you sign up with [email protected] the service can remove everything between the + and the @ and see your real email is [email protected]
It kinda isn’t, however I found that some websites refuse to acknowledge that plusses are valid. I see this one uses dashes which might have a similar issue. Only thing I think is universally accepted are periods
I haven’t found any place that doesn’t accept a dash.
As a kid I had an email address that started with a dash. Back then I regularly encountered websites that flagged it as invalid (but only if it started with it)
But then again, that was almost 25 years ago
I’m not saying that they won’t, but they’re non-compliant then.
https://en.wikipedia.org/wiki/Email_address#Local-part
I don’t want to try to escape the following for Markdown, so I’m just gonna dump it in a blockquote:
Oh I concur, it’s super annoying. I want to track who sells my info to spammers dammit
It is plus aliases*. It’s got additional features for them that other providers don’t have though. Like for each label (alias) you can toggle whether to get notifications, mark as unread, screen new senders, and show them in the “aggbox”. The aggbox is like an inbox, but since you don’t ever use your “bare address”, it just shows the labels you want. Your bare address autoresponds with a list of your public addresses.
* It’s technically subaddressing, using either a dash or a plus as a delimiter.
From what I can tell, not much. They use dashes “-” instead of pluses “+”.
But neither of these two options provide you with much privacy. Plus addresses, as others have pointed out, can be automatically stripped (just delete everything after the plus sign) and you get the real email behind it.
This service specifically I dont know the details, but it seems there is a unique prefix per user, but no “real email”. So for instance if you use gmail you can have “[email protected]” as your real email. You then use “[email protected]” for your lemmy account. If that email gets leaked out somehow, people can easily tell your real email address is “[email protected]”
This service seems to do something very similar with the difference there is no base email, so there isnt a “[email protected]”, there will only be “[email protected]”. It is worth pointing out you might still be tracked because all your emails will be prefixed with “sunny”. So although spammers wont be able to figure out your real email address they can just try something like “[email protected]”, and if multiple of your addresses leak it will be easy to link them all up to the same person.
This also creates A LOT of lock in. Because if the service shuts down you now have dozens of services for which you don’t have means to access the emails anymore.
Thank you for the feedback. These are all really good points that I’d like to address.
The vendor lock in part I agree is very important. I’m working on adding support for custom domains, which would let you migrate to another provider if Port87 ends up not working for you.
Regarding the privacy part, a long term goal is to let you create private aliases for your labels that are randomized addresses on a different domain. I haven’t started working on that yet, and supporting enterprise features will take priority.
Thats really nice. I appreciate your concerns with privacy and user experience!
Ill be sure to keep my eyes on the project