AnonAddy: what is the point of it, if all *@<username> emails are valid, until explicitly blocked by user?

Since it is now listed on the site, I took a look their service, I am not a user yet though. Here is the question about the service, that puzzles me (judging from the description on site): once you sign up for the service you get (or .me) domain, which you can use for registration on various sites by just prefixing it with anything you like (i.e. By default all addresses * will be valid, and will redirect mail to your account. If some spammer finds out one of your aliases (e.g. you can then block emails sent to this particular alias. What I do not understand is what is the point of it all, if any * email is valid (until explicitly blocked by user), because if this is the case, then it is enough to know any of your * emails, to spam the hell out of you (by just sending emails to

What am I missing here (if anything)?

P.S.: I have also posted the same question on reddit.

i did not use it but

  1. im sure its not just * it must be something like * to avoid one user take all of good words so it will be hard on guessing which one is actually valid or actually yours

  2. we use (or i use) aliases to stop companies\hackers from guessing other emails and/or know its real me so spam thing was not in my thought actually

1 Like

First time I visited Decathlon to buy stuff it asked me for my email. Guess what I gave them? Yup an email catcher like anonaddy. I give unique emails each time a service that doesnt actually need it asks for one.

Also useful during conventions where if you want those freebies, you have to signup your email as well. During conventions, they dont seem to mind me using these.

Whats nice about this kind of service is that you see which services honor the unsubscribe button and which ones dont.

I think the point is that you can name all addresses by service without thinking about it more, even if they didn’t support subaddressng and there is an assumption that all spam is automated and doesn’t explicitly start guessing your anonaddy addresses.

I am not a user of AnonAddy either, but judging from the info on their site they give you aliases for domain. And any email (e.g. privacytools@USER_NAME.anonaddy . com, someservice@USER_NAME.anonaddy . com) is valid, until explicitly blocked. This is kind of similar to the plus sign trick (one where you postfix your email username with something via + e.g. your email is when signing up to this forum you can enter your email as addy+privacytools@mymailservice . com, then the email you actually shared is not the ‘real’ one, though it is pretty easy to figure it out) the only difference is that AnonAddy protects your actual email address. The issue (rather point you should consider when using AnonAddy) is that it won’t completely protect you from spam (because if in a spamlist there is an email SOMETHING@whatever.anonaddy . com it is known that addresses ANYTHING@whatever.anonaddy . com will all be valid) but only guards your actual email address.

This is how it works. You create an alias for every account you register, if you use random and non-guessable names for them (I personally prefer UUIDs) the better, this way hackers or other attackers that want to gain access to your real inbox cannot social engineer them. If one or more of those addresses becomes compromised, and you start receiving spam, you will receive an e-mail that says something along the lines of “This e-mail was sent to, if you want to stop receiving messages to this address click here or go to your aliases section in Anonaddy”. This way, you can know which website has sold your e-mail to third parties for advertisement purposes, and you can choose if you want to keep that account, or delete and its alias with it, or block the alias but activate it when you need to use that account.

Note that using different receivers for different purposes is still a good practice if we follow the rules of compartmentalization. You don’t want to have a single e-mail for job hunting, job, e-shopping, entertainment, etc.

AnonAddy, actually, answered to the TC’s question on reddit:

This is true for any domain that behaves as a catch-all.

The server has reasonably strict anti-spam measures in place which should block the vast majority of spam ever being forwarded to you.

No users so far have mentioned that this has happened to them.

You could always just keep your username private and only generate UUID / Random Word aliases that use the shared domains.

In addition I can share my experience as a user of the service: the standard alias (i.e. are indeed working as plus sign trick (which is “supported” by most, if not all, email providers), mentioned by @eyrougzacefAkdedHeos, but your actual email is hidden (i.e. it is not known where emails from … are forwarded, even though, theoretically, it is possible to spam a user by sending emails to As a free user you can also generate up to 20 UUID Aliases, which look something like this: (notice it does not have a part with username, thus it can belong to any AnonAddy user).


  • Standard Aliases (… are indeed, kind of like plus sign trick

  • You can use UUID Aliases instead, even with a free account

1 Like

I think SimpleLogin is worth mentioning here.
It is recommended in the email cloaking services section of PTIO.
I think, it was created by Son Nguyen Kim aka @SimpleLogin.
For free accounts they offer up to 15 aliases that look like:
Address contains no username and part before @ is editable (unlike UUID Aliases of AnonAddy), so maybe @Tall_Amoeba could try them, instead.