AnonAddy: what is the point of it, if all *@<username>.anonaddy.com emails are valid, until explicitly blocked by user?

Since it is now listed on the site, I took a look their service, I am not a user yet though. Here is the question about the service, that puzzles me (judging from the description on site): once you sign up for the service you get .anonaddy.com (or .me) domain, which you can use for registration on various sites by just prefixing it with anything you like (i.e. something@.anonaddy.com). By default all addresses *@.anonaddy.com will be valid, and will redirect mail to your account. If some spammer finds out one of your aliases (e.g. something@.anonaddy.com) you can then block emails sent to this particular alias. What I do not understand is what is the point of it all, if any *@.anonaddy.com email is valid (until explicitly blocked by user), because if this is the case, then it is enough to know any of your *@.anonaddy.com emails, to spam the hell out of you (by just sending emails to @.anonaddy.com).

What am I missing here (if anything)?

P.S.: I have also posted the same question on reddit.

i did not use it but

  1. im sure its not just *@.anonaddy.com it must be something like *-randomword@anonaddy.com to avoid one user take all of good words so it will be hard on guessing which one is actually valid or actually yours

  2. we use (or i use) aliases to stop companies\hackers from guessing other emails and/or know its real me so spam thing was not in my thought actually

1 Like

First time I visited Decathlon to buy stuff it asked me for my email. Guess what I gave them? Yup an email catcher like anonaddy. I give unique emails each time a service that doesnt actually need it asks for one.

Also useful during conventions where if you want those freebies, you have to signup your email as well. During conventions, they dont seem to mind me using these.

Whats nice about this kind of service is that you see which services honor the unsubscribe button and which ones dont.

I think the point is that you can name all addresses by service without thinking about it more, even if they didn’t support subaddressng and there is an assumption that all spam is automated and doesn’t explicitly start guessing your anonaddy addresses.

I am not a user of AnonAddy either, but judging from the info on their site they give you aliases for @USER_NAME.anonaddy.com domain. And any email (e.g. privacytools@USER_NAME.anonaddy . com, someservice@USER_NAME.anonaddy . com) is valid, until explicitly blocked. This is kind of similar to the plus sign trick (one where you postfix your email username with something via + e.g. your email is addy@mymailservice.com when signing up to this forum you can enter your email as addy+privacytools@mymailservice . com, then the email you actually shared is not the ‘real’ one, though it is pretty easy to figure it out) the only difference is that AnonAddy protects your actual email address. The issue (rather point you should consider when using AnonAddy) is that it won’t completely protect you from spam (because if in a spamlist there is an email SOMETHING@whatever.anonaddy . com it is known that addresses ANYTHING@whatever.anonaddy . com will all be valid) but only guards your actual email address.

This is how it works. You create an alias for every account you register, if you use random and non-guessable names for them (I personally prefer UUIDs) the better, this way hackers or other attackers that want to gain access to your real inbox cannot social engineer them. If one or more of those addresses becomes compromised, and you start receiving spam, you will receive an e-mail that says something along the lines of “This e-mail was sent to amazon@anonaddy.com, if you want to stop receiving messages to this address click here or go to your aliases section in Anonaddy”. This way, you can know which website has sold your e-mail to third parties for advertisement purposes, and you can choose if you want to keep that account, or delete and its alias with it, or block the alias but activate it when you need to use that account.

Note that using different receivers for different purposes is still a good practice if we follow the rules of compartmentalization. You don’t want to have a single e-mail for job hunting, job, e-shopping, entertainment, etc.