A system for email privacy

How I use aliases to mask my identity online

A system for email privacy


Get two domains for use with Fastmail. The first one is a burner domain e.g. burner.com. Use this one with Fastmail’s email masking feature. Fastmail will generate masked emails like nice.banana1234@burner.com. As a bonus, use a password manager like 1Password which can integrate with Fastmail to generate masked emails easily whenever you are signing up for a new service.

The second one is your main domain e.g. main.com. Use this one for your main email address e.g. you@main.com, and create manual aliases sparingly.

I recognize that not everyone may have the means to afford some of the services mentioned in this post. However, I have made mention of some services that provide free tiers, I hope at the very least it provides you a starting point for your own research.


We are told that it’s good hygiene to have separate passwords for each service we sign up for, and store them in a password manager. This is because if one service is compromised, the attacker can’t use the same password to log into other services.

Less common is the advice to use a different email address for each service. This can prevent hackers and advertisers from tying together a profile of you across each service you use.

Here’s a nice video on the subject of advertiser tracking:

The video mentions that a shadow profile can be created that ties together our credit card transactions, our location data, and our social media activity. Personally I don’t think that we are going to be able to prevent this from occurring completely, but I do suspect that having a separate email address for each service can add a wrench in the works.

Emails and custom domains

Key to the system is the use of email tied to a custom domain. This is because 1) you can take your domain anywhere, even if the email provider/relay shuts down and 2) you can create as many aliases as you want.

There are two categories of services that can allow for custom domains with email:

  1. Email providers: this includes things like Google Workspace, Fastmail, Proton Mail, Skiff. They provide the mailbox, and you can use your own domain with them.

  2. Email relays: this includes services like AnonAddy, SimpleLogin, and Firefox Relay. They are a relay/router that can forward email to an existing mailbox. The benefit is that you can continue using your existing email address.

I tried SimpleLogin, however I found the UX too complicated. There are also some complications with responding to email. SimpleLogin creates these things called “reverse aliases” automatically for inbound email, but you have to manually create them when initiating an email to a new recipient.

Far simpler was Fastmail, which I ultimately chose and will now describe below.


Fastmail is a email provider that allows you to use one or more custom domains with their service. Their custom email domains feature comprises two parts:

  1. Aliases: these are email addresses that forward to your main mailbox. You can create as many aliases as you want, and they can be deleted at any time. You can also create catch-all aliases, which forward all email sent to your domain to your main mailbox. You can respond from these aliases.
  2. Masked email: These are a special kind of alias that are random words and numbers, like a burner email. One of the examples in the docs looks like this: dog.food3495@domain.tld. You are still able to respond from these masked emails.

So the system I am proposing is to use Masked Email as much as possible. Do this with a burner domain e.g. burner.com so that your masked email addresses look like cat.news1234@burner.com.

For anything else that requires a more permanent email address, use your main domain e.g. hello@main.com or an alias you manually created for that domain e.g info@main.com. This keeps the cognitive load low, and you can use your main domain for things like family, friends or government affairs.

As a concrete example: I’ll sign up for a newsletter with a masked email on my burner domain. However, when making a GitHub account, I’ll use an email with my main domain (GitHub has abuse prevention that can sometimes trigger when signing up with an address that looks like a burner).



It’s nice to be able to fragment my identity across different services, with the hope that it will make it more difficult for others to build a profile of me. It may not be much in the grand scheme of things if Instagram shows me a slightly less targeted ad, but hopefully it’s something! I like that I can easily delete aliases if I start getting spam, and that I can respond from them. This leaves my main domain for the truly important things, like family and friends. I hope this system is useful for you too!