Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disposable e-mail addresses #529

Open
x80486 opened this issue Aug 18, 2018 · 11 comments
Open

Disposable e-mail addresses #529

x80486 opened this issue Aug 18, 2018 · 11 comments

Comments

@x80486
Copy link

@x80486 x80486 commented Aug 18, 2018

Disposable e-mail addresses are a randomly generated string of characters that are used to create a unique alternate e-mail address:

  • e7cdd5980fe842e9bf3031e9f3f5a42f@tuta.io
  • 2ad3fdb18d1842d5826824c78b9338ae@tuta.io

The difference between regular e-mail aliases and disposable ones is that the latter are intended to be temporary, for instance, you can use them for a short-term purpose before deleting the address to prevent your real address from being sold and added to Spam lists.

Additionally, a description field (or something similar), along with the e-mail address itself is a nice-to-have in order to associate/know the service or Web site in question.

Disposable e-mail addresses are just for receiving e-mail – they should not be used to send e-mails.

It's important to emphasize that this is completely different from the usual disposable e-mail address services one can find out there.

@charlag
Copy link
Contributor

@charlag charlag commented Aug 20, 2018

@x80486 the idea to only use them for receiving is great IMO, thanks for the proposal

@armhub armhub changed the title [Feature Request] Disposable e-mail addresses Disposable e-mail addresses Dec 6, 2018
@armhub armhub added this to the Roadmap milestone Dec 11, 2018
@charlag charlag added this to Planned in Roadmap Project Jan 30, 2019
@jflattery
Copy link

@jflattery jflattery commented Feb 27, 2019

I 100% agree that these email addresses should be exclusively used for receiving and not sending. However, I believe it should be up to the user to determine how long the said address is valid for. I could see using this for signing up for a web-service and keeping this email associated with that account. If I start receiving emails to this address by anyone other than the intended site, I know my information was either stolen or sold. It kind of makes me think of the Privacy.com credit cards.

@tiritto
Copy link

@tiritto tiritto commented Mar 1, 2019

The only issue with this idea is the fact that some websites and ban lists might blacklist the domain, which would hurt standards users. Shall this feature be implemented, we will need some new Tutanota domain dedicated to this task.

@jflattery
Copy link

@jflattery jflattery commented Mar 2, 2019

This is a good point. I had not thought about it, but I suppose there is potential this could be an abused feature. Perhaps it should only work with custom domains.

@jflattery
Copy link

@jflattery jflattery commented Apr 27, 2019

Another thought on this subject: Perhaps you should be able to reply using the address. For example, I have recently been dealing with GoDaddy to try to get back into my account. They will only correspond with the email that is associated with the account. If this feature was available, and I setup e7cdd5980fe842e9bf3031e9f3f5a42f@mydomain.com for GoDaddy, I would have to reply to their emails sent to that address from that address for them to help me.

@snaggen
Copy link

@snaggen snaggen commented Apr 27, 2019

That doesn't sound like a disposable adress, but an alias.

@jflattery
Copy link

@jflattery jflattery commented Apr 27, 2019

Perhaps. My thought is that 99% of that time I would never use that "alias" only in these rare use cases.

@4jNsY6fCVqZv
Copy link

@4jNsY6fCVqZv 4jNsY6fCVqZv commented Oct 5, 2019

@charlag How can the feature be realized in such a way that the domains are not constantly blacklisted?

@JimmyCushnie
Copy link

@JimmyCushnie JimmyCushnie commented Oct 6, 2019

Plenty of throwaway email services currently exist, I don't see why Tutanota's needs to do anything different from them

@User486375
Copy link

@User486375 User486375 commented Jun 8, 2020

They're both "anonymous" aliases and disposable emails in my opinion, as I would say the primary goal should be to hide your actual email from a service to avoid spam and inevitable data breaches, whether or not you temporarily use the email address is irrelevant.

While I of course agree that at least non paid users, should not be able to directly send emails with disposable emails to avoid people using Tutanota to easily spam. I think the best way to implement this for free users (if they even get this feature?) would be like how Abine's Blur does for free users. In that they can only reply to emails, so you can easily reply to support without having to confirm your identity with your main email as well as defeating the purpose of hiding it in the first place.

I think something lost on anonymity would be the human readability of these anonymous emails, I see no reason to use a randomly generated string to get entropy, a random set of words and maybe a few numbers on the end would easily suffice, see EFF's Dice-Generated Passphrases. Also keep in mind we don't actually care about how random our "public" disposable emails are, only that they're unique like any other email address has to be. It might even be beneficial to give people the ability to directly choose or randomly generate one, as you don't necessarily want a service to know you're using a disposable email (also making their job blocking it based on the length and complexity very easy). Obviously you could have this as optional I suppose, but the usability lost in having to always copy and paste or in the case of mobile be forced to type out a random string of characters isn't worth it. And as a personal anecdote, having a randomly generated email you can't possibly remember and being asked for it when returning a product in person, isn't a seamless experience.

@ccannell67
Copy link

@ccannell67 ccannell67 commented Jul 13, 2021

I dont think disposible email functionality for any tutanota owned domain is wise. It will get blacklisted. Someone will use it to create bogus accounts that will get flagged. ie create 1000 twitter accounts for creating a twitter bot army that twitter will eventually detect and ban. and possibly report to be blacklisted.

i would say any disposible email func would be for accounts under a custom personal domain. That way bad actors will just get their domain banned/blacklisted.

Or just tell folks that want random/disposible email addrs, to get their own domain, and add a Catch all address and use inbox rules as needed.
You basically can do it now that way.

$.02

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Roadmap Project
  
Planned
Linked pull requests

Successfully merging a pull request may close this issue.

None yet