Email Address Hygiene: Should You Use Aliases?

Email aliases are a useful tool that some users overstate and others ignore. The honest read is that aliases solve one specific problem (attribution: which service leaked or sold your address) and do not solve a different problem (filtering: stopping the spam from reaching you in the first place). This post is the realistic guide.

What an Alias Actually Is

An email alias is an alternate address that forwards to your real inbox. You give the alias to a service. The service sends mail to the alias. Your mail provider forwards the mail to your real inbox. You read the mail in your usual client.

The structural value is attribution. If you give the alias service-x@youraliases.com to Service X and only Service X, then any mail you receive at service-x@youraliases.com came from a chain that started with Service X. If that mail is spam, you know who leaked or sold your address.

The structural limit is that an alias is just an address. It does not stop the mail from arriving once a sender knows the alias.

Method One: Plus Addressing

The simplest form. Most major email providers (Gmail, Outlook, ProtonMail, FastMail) support a feature where mail sent to “you+anything@yourdomain.com” arrives at “you@yourdomain.com.” The “+anything” part is the tag.

Practical use:

• Sign up for Service X with the address you+servicex@gmail.com.
• The mail arrives in your normal Gmail inbox.
• You can then filter on “to:you+servicex@gmail.com” to identify mail from this service.
• If the address ever shows up in spam from a different sender, you know Service X leaked or sold the address.

The catch: most spammers strip plus tags before sending. The original purpose of plus addressing was tracking, and as spammers learned about it, they began removing the tags so the recipient would not know which alias they were using. In 2026, plus addressing is still useful for legitimate-service tracking but is not reliable for catching spammers in the act.

We covered this specifically in the plus-address trick and why it no longer works (forthcoming).

Method Two: Service-Specific Aliases (SimpleLogin, AnonAddy, etc.)

Dedicated alias services generate unique random addresses for each signup. Examples:

• SimpleLogin (now part of Proton). Generates aliases like apf9j2k4@simplelogin.io, forwards to your real address. You can disable any alias instantly.
• AnonAddy / addy.io. Open-source alternative with similar functionality.
• Apple Hide My Email. Generates random @icloud.com aliases for users on Apple’s ecosystem.
• DuckDuckGo Email Protection. Generates @duck.com aliases that strip tracking pixels and forward to your real address.
• Firefox Relay. Mozilla’s offering, similar to the others.

Practical use:

• Each service you sign up with gets a unique alias.
• You can audit your alias list to see what you signed up for.
• If a specific alias starts receiving spam, you know exactly which service leaked it. You disable that alias and the leak is contained.
• If you ever want to fully cut ties with a service, disabling the alias breaks all communication with them in one click.

The trade-off is added complexity. You depend on the alias service for the forwarding. If the alias service goes down or shuts down, your aliases break. The risk is real but limited because most major alias services are operated by reputable providers (Apple, DuckDuckGo, Mozilla, Proton, Firefox).

Method Three: Custom-Domain Aliases

If you own a domain (like yourname.xyz), you can configure unlimited aliases without depending on a third party. Most modern email hosts (Workspace, Microsoft 365, Fastmail, ProtonMail) support catch-all addressing or wildcard aliases on custom domains.

Practical use:

• Set up your domain with a catch-all forwarder to your primary inbox.
• Give each service a unique address: amazon@yourdomain.com, github@yourdomain.com, twitter@yourdomain.com.
• Mail to any of these arrives in your primary inbox.
• You retain full control because you own the domain. No alias service to depend on.

The trade-off is setup complexity. You need a domain, you need email hosting that supports catch-all, and you need a way to send from those aliases if you want to reply with the alias as the From address.

This approach is the most durable and the most work to set up. For privacy-aware users with technical comfort, it is the gold standard.

What Aliases Do Not Do

Aliases solve the attribution problem. They do not solve the filtering problem.

If you give Amazon the address amazon@yourdomain.com and Amazon’s marketing list gets leaked, you will start receiving spam at amazon@yourdomain.com. You will know it came from Amazon. The alias does nothing to stop the spam from arriving. It tells you who to blame.

You can then disable the alias, which stops future mail (good) but also breaks legitimate communication with Amazon (less good, you may need to update your account email there).

The key insight is that aliases are post-incident attribution. They are the tool for finding out who leaked your address. They are not the tool for preventing senders you have never given an address to from reaching you.

Where Aliases Help and Where They Do Not

Aliases help with:

• Knowing which services leak data. When a leak happens, you know the source.
• Compartmentalization. You can disable the alias for a service you no longer use, breaking the relationship cleanly.
• Limiting blast radius. A breach at one service does not propagate to everyone who has any of your addresses.
• Privacy. Your real address is hidden from services that do not need it.

Aliases do not help with:

• Stopping unsolicited mail. Cold outreach senders harvest addresses from public sources, prior breaches, and social media. They get your alias just like they would get your real address.
• Reducing inbox volume. Aliases route mail to the same inbox; the volume is the same.
• Filtering by sender intent. Aliases work on the address, not on whether the sender has paid a cover charge or is on your guest list.
• Phishing prevention. A phishing email sent to your alias address arrives at your inbox identically to one sent to your real address.

The structural pattern: aliases manage where mail comes in. They do not change what gets in.

How Aliases Compose With Other Defenses

A reasonable layered defense:

Layer one: aliases for service signups. Use aliases for any new account, especially for services you do not fully trust. Catch attribution post-incident.

Layer two: native spam filtering. Gmail and Outlook native filters do real work on mass-volume mechanical fraud and known-bad domains.

Layer three: structural inbox filtering. A filter that asks unknown senders for a small cover charge reduces the volume of cold outreach reaching the inbox, regardless of whether the sender is using an alias address or a real one.

Layer four: out-of-band verification for sensitive transactions. Wire transfers, payment changes, banking updates verified by phone.

The layers do not interfere with each other. Aliases handle attribution and compartmentalization. Filters handle volume. Verification handles high-value transactions. Each layer addresses a different aspect of the threat.

What Rythm Does With Aliases

Rythm is an inbox-layer filter on top of Gmail or Outlook. It operates on the inbox where mail arrives, regardless of whether the mail came in via a primary address, a plus alias, a SimpleLogin alias, an Apple Hide My Email, or a custom-domain catch-all.

The cover charge gate applies to unknown senders reaching the inbox, whatever address they used. If a sender starts emailing apf9j2k4@simplelogin.io and they are not on your guest list, they pay the cover charge or wait in the held-for-review folder. The mechanism is identical to the primary-address case.

Aliases and Rythm compose well because they target different layers. Aliases tell you who leaked your address. Rythm filters whether the resulting mail reaches your inbox at zero cost. The combination is stronger than either alone.

A Specific Honest Note

Aliases are a useful tool. We recommend them for service signups, especially if you are in a privacy-aware group or have already had an address compromised in a breach.

What aliases cannot do is reduce the volume of unsolicited mail reaching the inbox. That is a different problem requiring a different mechanism. Rythm is that mechanism: cover charge gate for unknown senders, regardless of which address they are sending to.

For the related guides, see why am I getting so much spam, the newsletter bloat problem, and the complete guide to Gmail filters in 2026. For the broader frame, see what is an email paywall. Rythm is $1.65 per month, cancel anytime.