Does Google Plan to Create Email Aliases for Apps to Fight Spam?

Google appears to be working on an email-forwarding alias system, according to the blog Android Authority, giving users a new way to "shield" their main email address.

The site performed a teardown on the newest Google Play Services' APK looking for work-in-progress code , and spotted "a whole boatload of strings referencing and in support of something called 'Shielded Email'." Just from that text, we're able to infer quite a lot about what we're looking at here, and it appears that Shielded Email consists of a system to create single-use or limited-use email aliases that will forward messages along to your primary account. And while we could imagine that something like this might be pretty useful in Chrome, here it looks like Google is building it specifically to address apps that ask for your email address. The messages in there touch on a couple reasons beyond spam that you might want to keep your main email private, like reducing the extent to which your online activities can be tracked, and mitigating your personal risk from potential future data breaches.
They also sighted a reference to "Shielded Email" in the Autofill settings menu — though their article acknowledges that even features hinted at by work-in-progress code may not ultimately make it into a public release.

But Forbes suggests that the idea sounds similar to Apple's Hide My Email service, which "provides an automated random email address creator to help keep your personal email address private when subscribing to services."

Free service

[africanrhino]

Come use our service for free, develop a dependency with it that we absolutely promise we won’t bait and switch with a paid service. You can trust us, my little crack addict.

Good idea

[Kernel Kurtz]

Having my own domains and the ability to create and manage virtually unlimited addresses, I've been doing this for decades. I'm actually surprised it has taken this long to make it easier for everyone. I probably have hundreds of addresses transparently forwarding to my main one, and they can be deleted at will. It also makes it a lot easier to see which ones end up with spammers, and thus where they got it from.

Plus addressing

[klubar]

This already partially exists with + addressing. You can create disposable addresses by inserting a +;after the local part and before the @. Will not fool a human but useful for random list sign ups.

Also works with Office 365.

There's a more important use for this

[Arrogant-Bastard]

Some of us started deploying this tactic on our email servers back in the 1990's, and provided it's done correctly, it's does help out quite a bit in stopping spam from being delivered. (But of course it doesn't stop it from being sent, and spammers can/will continue to attempt delivery to no-longer-working addresses for years, and even decades, because there's no reason for them not to: it would cost more money, time, and effort to trim their lists than it does to just keep hammering away.) Note that par

Here's an idea:

[newcastlejon]

Don't deliver misaddressed emails.
If I have the address newcastle@gmail.com, I will get emails sent to new.castle@gmail.com and similar. Every. Single. One. is spam.

Here's another idea: don't reward bad app behaviour.
If an app asks for my email address for no reason and won't work until I confirm it, it gets uninstalled.

Re:

[gweihir]

One of the reasons I run my own MTA: gmail sucks.

fundamental theorem of software engineering (FTSE)

[CyberSlugGump]

"All problems in computer science can be solved by another level of indirection" (A famous aphorism of Butler Lampson that is attributed to David Wheeler)

Hide my email

[Paradise Pete]

Apple's Hide my email works really well. It offers to create an address for you on the spot any time you're entering one, and the service has been flawless.

The downside is it's not free, but rather bundled with other things. I'm fully sucked into the ecosystem, so for less important uses I find it very handy.

Like Yahoo Mail's temporary addresses

[MLXXXp]

This appears to be very much like Yahoo Mail's "Temporary email addresses". There, you choose a single prefix (that's different from your primary address) that is followed by a dash and anything you choose, followed by @yahoo.com. E.g. myprefix-xxx@yahoo.com. You can have multiple addresses each with a different string in place of the xxx. Mail for all of these aliases is sent to your normal inbox but you can filter them to different folders if you wish.

If you start to get spam on one of these addresses, yo

Re:

[pepsikid]

I have my own domains so I like to generate unique emails for each merchant or other resource I sign up with. I also add a numeric code at the end.
Most of them hate it when you use their own name in YOUR email address, so I just reverse it. Yahoo would become oohayxxxxx@mydomain.com.
But the numeric code isn't random. I grab today's Julian day number and use that so I can also see how long it took for my address to be compromised.
oohay24322@mydomain.com is what I would use if I had to provide a "permanent" e

Re:

[pepsikid]

Optimally, your email server would silently drop the connection and waste the spammer's time waiting for timeout. You don't want to return a code for "bad email address", since that just helps the scumbags.

Ulterior Motives

[organgtool]

E-mail addresses serve as a unique identifier for users and can be cross-referenced across entities within a conglomerate, or among third-parties who share PII with each other. This service that Google is offering will make it more difficult for these organizations to correlate data among accounts on different platforms, while ensuring that Google remains the primary entity capable of connecting those dots. While Google may not have as much data about the details of the third-party accounts as the organiz

The difference

[devslash0]

While services like HideMyEmail provide a similar service, the domain of a dynamically generated email gives away the important fact that it's an alias. This allows email validators to very easily disallow aliases and weed out any "shielded" addresses. If Google proceeds with this service, all emails, shielded or not, would be in the same domain which would prevent validators from discriminating against aliases.

Aliases should have been there from the start.

[devslash0]

Too little, too soon. Aliases should have been a part of the email service design from the start. Replacing your real email address with an alias doesn't bring the use any benefit since the company already knows what your real email address is. Would only affect future accounts

1-to-1

[devslash0]

I've been using aliases for years. Initially with a homegrown email server, later with Proton for reduced maintenance. Currently, every single online account of mine is linked to an exclusive email address, on a 1-to-1 basis. When your data leaks and/or you start receiving spam, you know exactly which company leaked/sold your data and you can cut the wankers off.