Does Google Plan to Create Email Aliases for Apps to Fight Spam? (androidauthority.com) 21
Google appears to be working on an email-forwarding alias system, according to the blog Android Authority, giving users a new way to "shield" their main email address.
The site performed a teardown on the newest Google Play Services' APK looking for work-in-progress code , and spotted "a whole boatload of strings referencing and in support of something called 'Shielded Email'." Just from that text, we're able to infer quite a lot about what we're looking at here, and it appears that Shielded Email consists of a system to create single-use or limited-use email aliases that will forward messages along to your primary account. And while we could imagine that something like this might be pretty useful in Chrome, here it looks like Google is building it specifically to address apps that ask for your email address. The messages in there touch on a couple reasons beyond spam that you might want to keep your main email private, like reducing the extent to which your online activities can be tracked, and mitigating your personal risk from potential future data breaches.
They also sighted a reference to "Shielded Email" in the Autofill settings menu — though their article acknowledges that even features hinted at by work-in-progress code may not ultimately make it into a public release.
But Forbes suggests that the idea sounds similar to Apple's Hide My Email service, which "provides an automated random email address creator to help keep your personal email address private when subscribing to services."
The site performed a teardown on the newest Google Play Services' APK looking for work-in-progress code , and spotted "a whole boatload of strings referencing and in support of something called 'Shielded Email'." Just from that text, we're able to infer quite a lot about what we're looking at here, and it appears that Shielded Email consists of a system to create single-use or limited-use email aliases that will forward messages along to your primary account. And while we could imagine that something like this might be pretty useful in Chrome, here it looks like Google is building it specifically to address apps that ask for your email address. The messages in there touch on a couple reasons beyond spam that you might want to keep your main email private, like reducing the extent to which your online activities can be tracked, and mitigating your personal risk from potential future data breaches.
They also sighted a reference to "Shielded Email" in the Autofill settings menu — though their article acknowledges that even features hinted at by work-in-progress code may not ultimately make it into a public release.
But Forbes suggests that the idea sounds similar to Apple's Hide My Email service, which "provides an automated random email address creator to help keep your personal email address private when subscribing to services."
Free service (Score:1)
Good idea (Score:3)
Plus addressing (Score:2)
This already partially exists with + addressing. You can create disposable addresses by inserting a +;after the local part and before the @. Will not fool a human but useful for random list sign ups.
Also works with Office 365.
Re: (Score:2)
The + on the LHS is RFC 2822 permitted. If folks are rejecting it, they are running borked MTAs.
I see some chatter that it's a "security risk". It isn't on Sendmail or Postfix, as I've run many thousands of servers with those two software packages and never did have even one server hacked. Accounts, yes, but that was always traced to the MUA and not the MTA.
Don't know about Exchange. Never dealt with that hot mess as an MTA.
one wonders why
Standard answers:
If asking "why" for a business, the answer is almost always "money"
Re: (Score:2)
You mean like mailinator [mailinator.com]? I usually md5sum a file I have on my HD which I know is not going to change and use so many characters of it@mailinator.com. Some places have caught on, so they won't accept @mailinator.com, but they have over 200 other domains that can receive mail.
There's a more important use for this (Score:2)
Here's an idea: (Score:2)
Don't deliver misaddressed emails.
If I have the address newcastle@gmail.com, I will get emails sent to new.castle@gmail.com and similar. Every. Single. One. is spam.
Here's another idea: don't reward bad app behaviour.
If an app asks for my email address for no reason and won't work until I confirm it, it gets uninstalled.
Re: (Score:2)
One of the reasons I run my own MTA: gmail sucks.
fundamental theorem of software engineering (FTSE) (Score:4, Interesting)
Hide my email (Score:2)
The downside is it's not free, but rather bundled with other things. I'm fully sucked into the ecosystem, so for less important uses I find it very handy.
Like Yahoo Mail's temporary addresses (Score:2)
This appears to be very much like Yahoo Mail's "Temporary email addresses". There, you choose a single prefix (that's different from your primary address) that is followed by a dash and anything you choose, followed by @yahoo.com. E.g. myprefix-xxx@yahoo.com. You can have multiple addresses each with a different string in place of the xxx. Mail for all of these aliases is sent to your normal inbox but you can filter them to different folders if you wish.
If you start to get spam on one of these addresses, yo
Re: (Score:2)
I have my own domains so I like to generate unique emails for each merchant or other resource I sign up with. I also add a numeric code at the end.
Most of them hate it when you use their own name in YOUR email address, so I just reverse it. Yahoo would become oohayxxxxx@mydomain.com.
But the numeric code isn't random. I grab today's Julian day number and use that so I can also see how long it took for my address to be compromised.
oohay24322@mydomain.com is what I would use if I had to provide a "permanent" e
Re: (Score:2)
Optimally, your email server would silently drop the connection and waste the spammer's time waiting for timeout. You don't want to return a code for "bad email address", since that just helps the scumbags.
Re: (Score:2)
You don't want to return a code for "bad email address", since that just helps the scumbags.
Talk to John Levine [johnlevine.com] He had a bit to say (in contravention to your point) at CAUSE in 2005 (if memory serves).
You could talk to me, but I only did a few thousand servers from 1996-2012, and at that time, I never noticed that a 5XX ever did anything to change a spammer's tactics.
SWAT teams at their home, yes.
Hit squads [wikipedia.org], yes.
But rejects? Not once in the time frame above. Of course, they may have gotten more civilized, considerate, and compassionate since then.
Ulterior Motives (Score:3)
The difference (Score:3)
While services like HideMyEmail provide a similar service, the domain of a dynamically generated email gives away the important fact that it's an alias. This allows email validators to very easily disallow aliases and weed out any "shielded" addresses. If Google proceeds with this service, all emails, shielded or not, would be in the same domain which would prevent validators from discriminating against aliases.
Aliases should have been there from the start. (Score:2)
Too little, too soon. Aliases should have been a part of the email service design from the start. Replacing your real email address with an alias doesn't bring the use any benefit since the company already knows what your real email address is. Would only affect future accounts
1-to-1 (Score:2)
I've been using aliases for years. Initially with a homegrown email server, later with Proton for reduced maintenance. Currently, every single online account of mine is linked to an exclusive email address, on a 1-to-1 basis. When your data leaks and/or you start receiving spam, you know exactly which company leaked/sold your data and you can cut the wankers off.
Fastmail (Score:3)
One email service I use, Fastmail, has had this kind of alias capability for over 20 years. It makes spam management a lot easier and (by hiding your account name) also contributes to security.