What is a single-use email address
Single-use email address is a generated email address that is used only once when signing up for a service. It makes impossible for attackers to predict which email address was used for which service. Additionally, using the single-use email address in combination with a non-personalised domain increases privacy protection.
For example, john.doe@gmail.com
unintentionally exposes your name. On the other hand, aniaf872a@duckduckwho.com
doesn't expose any data other than an assumption you might be an owner of duckduckwho.com. Domain owner data are protected by most domain registrators.
As online privacy is becoming more of a luxury, purchasing a cheap domain that is used exclusively for anonymous single-use email addresses is a considerable investment.
When to use single-use email addresses
You should consider the usage of generated single-use email addresses as it increases your privacy on the internet. However, single-use email addresses shouldn't be the only thing in your arsenal. In short:
- Always use a strong and unique password for each service you sign up for.
- For storing passwords and single-use email addresses you can use password managers such as LastPass or 1Password.
- You should have Two-factor authentication (2FA) turned on.
- Don't forget to always take everything on the internet with a grain of salt.
How does single-use email addresses work
For single-use email addresses to work, you need to own a domain and configure a catch-all email address. Catch-all email address receives all incoming email messages. This allows using anything in the local part (the part before @) of an email address and still receive the incoming email messages.
For example, assuming a functional email address is hello@example.com
and the catch-all email address is not configured. An email message sent to hello@example.com
will be received. An email message sent to the does-not-exist@example.com
will not be received and will bounce. If a catch-all email address is configured for the example.com domain, the same email message sent to does-not-exist@example.com
will now be received.
The catch-all email address can be configured to forward any email messages that it receives to your primary email address. Once your catch-all email address is configured, there is no further manual work required.
How to set up catch-all email address
To set up your own catch-all email address, you'll need to own a domain. The domain you choose to be your catch-all domain shoudn't be use for anything else. For example, to use a personal domain as catch-all domain is not recommended. Buying a brand new domain that will be used just as a catch-all domain might be the best practise.
The most straightforward way to set up the catch-all email address is to buy your new domain with Namecheap (this website is not affiliated with Namecheap). You can in a few clicks set up email forwarding from your catch-all email address right from their dashboard for no additional cost.
Visit https://www.namecheap.com/domains/ and purchase a domain, then follow this official Namecheap guide to configure email forwarding from your catch-all emaill address.
Generating single-use email addresses
A single-use email address can have anything in the local part of an email address as long as it is sufficiently unpredictable and unique. A randomly generated string is a recommended practice. You might use your password manager's password generating function to generate the local part of your single-use email address or come up with something random manually. The local part of an email address cannot be longer than 64 characters as stated in RFC 3696 (page 6).
For ease of generating single-use email addresses, you can use the official Protect IID Google Chrome extension.
Made by @pkrupar. Wait! There's more where this comes from. Get behind the scenes of hustling maker by subscribing to my mailing list. I'm making cool projects you might like, for example, sidemail.io. Thanks!
Subscribe to @pkrupar's mailing list