
Show HN: I made an open-source anonymous email forwarding service - willbrowning
https://anonaddy.com/
======
geocrasher
Delivering mail services on the Internet is hard. Really hard. It's even
harder to do correctly, and harder yet to prevent abuse. It is quite likely
that you're going to end up in a game of whack-a-mole with abuse issues, and
that's going to be your primary fight. The moment somebody abuses the system,
your IP gets RBL'd or DNSBL'd and it's game over until it's fixed.

It's a cool product that has a lot of great legitimate uses, no doubt. I just
hope you've baked in security at the core, and that you have a contingency
plan for when your IP's get blacklisted. I fear for your sanity, but wish you
the best!

~~~
willbrowning
I agree there may well be some challenges along the way but I'll do my best to
prepare and prevent them. I'm always reading and learning more about the best
measures to have in place for the server.

Thank you, hopefully I'll be able to stay sane!

~~~
mratzloff
It really doesn't take much at all to get blacklisted by Gmail or others.
Companies like MailChimp have agreements in place with Google.

Unfortunately, mail delivery is far, far harder than it should be.

~~~
piotrkubisa
> Unfortunately, mail delivery is far, far harder than it should be.

However, we still receive spam e-mails to our inboxes.

~~~
judge2020
Anecdotal but I never receive spam in Gmail, neither in my GSuite inbox nor
Gmail.

~~~
Semaphor
Also anecdotal, but I get maybe 1 spam/month in my GMail inbox and the same
amount in my fastmail inbox.

------
albertgoeswoof
Looks nice.

I already made this: [https://idbloc.co/](https://idbloc.co/)

Good luck! It's unlikely you'll be able to keep it free for long due to the
volume of spammers who will dive in once they discover it (speaking from
experience).

------
pdonis
"Anonymous email forwarding" is probably a bad way to describe this service,
since it is likely to make many people think (as it made me think) "isn't this
just a more efficient tool for sending spam?".

What this really is is an easy way of setting up email _aliases_. I think that
should be the tag line.

~~~
55555
Yeah but only geeks like us know about alias files

~~~
pdonis
I didn't mean email alias files. The article explains what it means by "email
aliases", and it's something different.

~~~
55555
I meant the files that contain aliases which are used to configure MTAs, which
thus create email aliases.

~~~
pdonis
Still not what either I or the article is talking about. Yes, the person
designing the service has to know about alias files (or whatever other back
end is being used), but the user doesn't have to know or care. I'm talking
about what the user sees.

------
imglorp
There's a much harder problem, granted, but the world needs a throwaway SMS
service. Even Imgur needs a phone to sign up now :(

There _are_ already some services like this, however it seems they have a
smallish pool of phone numbers. Eventually everyone uses those to sign up, one
time, somewhere (like Imgur) and that number is then useless for that site.

Is there a better way?

~~~
estromlund
I’m the founder of Unlisted
([https://www.unlistedapp.com](https://www.unlistedapp.com)) and this is
exactly the problem I was aiming at when building our private number service.

Unfortunately today, however, many sites will detect VoIP numbers and refuse
to send messages to them. There are two reasons: 1) The app detects that it is
not a “real” number and blocks its entry, or 2) the number is accepted but no
message is ever received. In the second case, the “call with a code” option
does usually work though. The reason is that short code providers negotiate
delivery outside of the normal framework that long code (“normal”) numbers
use. Most apps like Unlisted are using Twilio as a provider and these
agreements just aren’t in place.

I’ve been running Unlisted for over 6 years so have a bit of experience around
this space. Am happy to answer any questions!

~~~
deskenergy
Hi, I have some questions regarding your privacy policy. It appears that
Unlisted maintains records of IP addresses, calls, texts, contacts, voicemails
and lots of other metadata.

I admire the goal of trying to provide a convenient way to increase privacy
when using SMS, but this feels a bit invasive. That's a lot of collected data.
Unlisted has access to the entire history of all my conversations and calls.
Why not encrypt most of the at-rest data with the user's password and decrypt
it client-side? This is common practice for the more privacy-leaning email
providers, such as ProtonMail. Similar SMS services have taken this approach
as well, like crypton.sh.

You are leaving a lot of the privacy enthusiasts on the table (myself
included). It may seem like a small market, but communities like
/r/privacytoolsio are very active and constantly on the lookout for privacy
preserving products.

------
newfeatureok
One feature I'd love to see is automatic grouping, combined with the
functionality you offer already.

So for example if you have an email (using a custom domain): email@example.com

You obviously will receive emails as you give out your email. Say for example
you get emails from the following senders:

\- mail@google.com

\- azure@microsoft.com

\- notice@azure.com

\- ok@imgur.com

\- hello@startup.com

It would be nice if the dashboard had something like the following (almost
like meta emails):

    
    
      Email Address                       Enable
      email-mailgooglecom@example.com     [x]
      email-azuremicrosoftcom@example.com [ ]
      email-noticeazurecom@example.com    [x]
      email-okimgurcom@example.com        [ ]
      email-hellostartupcom@example.com   [ ]
    

The reason for this is that rather than deal with the flaky "unsubscribe" you
can just disable emails from that sender. With what you have now you could
accomplish the same thing by creating aliases for each service, but the issue
is that sometimes you receive emails from unexpected address (e.g. you give
your email to Microsoft for billing but start receiving from their marketing
department).

The above, combined with intelligent grouping of emails and a uBlock Origin
like curated list of "bad" emails could truly eliminate all spam.

You should introduce a 4th tier of payment if you have the above
functionality, by the way as it's not that trivial.

The end result of this would probably look something like:

Your email (custom domain): mail@example.com

    
    
      Group                                Enabled
      Microsoft                            [o]
       - Azure Emails                      [ ]
       - Microsoft Store                   [x]
    
      Google                               [x]
       - Google Cloud                      [x]
    

And you then would allow people to customize what emails constitute
"Microsoft", "Azure Emails", etc.

~~~
willbrowning
That's a really good suggestion!

I agree it would be great to be able to create a per alias blacklist of
senders who the alias will block emails from.

That way like you said you don't necessarily have to deactivate the entire
alias if you receive a couple of emails from an unexpected source.

I'll definitely add this to my to do list, thank you.

~~~
vezycash
Clone Outlook's SWEEP feature. It's a simple but powerful tool for creating
email rules.

~~~
willbrowning
I've not heard of that as I normally use Mozilla Thunderbird. I'll look into
it.

------
Fabricio20
Awesome idea!

I've been doing this exact same thing since march this year with my own domain
using MailGun (Free) and custom forwarding rules.

Really amazing to see someone turn it into a product that can easily be set-up
by the general folk. (And for a nice price!). Loved your UUID-alias idea.

May I ask however, how do you expect to handle a blacklist of your domains?
I've had trouble in the past signing up to some websites that block any sort
of custom domains (really bad) in an effort to block throw-away email, what
happens if your domain gets blacklisted/categorized as a throwaway email?
(Also forwarding to Google and such ends up in "email limbo").

~~~
willbrowning
Nice! I also plan to add random word aliases soon e.g.
yellow.biker57@anonaddy.me etc. just because some people think UUID aliases
stick out a bit and look odd.

To be honest the only true solution to that problem is to use your own domain.
I will be adding more generic domains to use in the future so hopefully will
be able to evade the majority of these blacklists.

~~~
johnkarahalis
A friend of mine was considering building an anonymous forwarding service and
ran into this same question. He also considered allowing custom domains, but
if a custom domain is used, is it really anonymous? Couldn't services
coordinate to realize that all email addresses under whatever.com are owned by
the same person?

~~~
willbrowning
Yes that's true you could be linked if using a custom domain and someone can
determine that nobody else is sharing that domain with you.

That's why I added the additional username feature to compartmentalise aliases
and also the UUID aliases.

The UUID aliases all share the same domain e.g anonaddy.me so it is not
possible to link ownership of these to any particular user.

------
gadders
Anyone here remember anon.penet.fi or whatever it was called?
[https://en.wikipedia.org/wiki/Penet_remailer](https://en.wikipedia.org/wiki/Penet_remailer)

It was shut down in the end, but I think some of the legal challenges it faced
might be better handled now.

~~~
peter_d_sherman
I remember penet from the early Internet, although I never used it...

I agree that the OP / Service Provider - should read up on the legal issues
surrounding a service like this... The Wikipedia link above is a good place to
start. Ideally get a good lawyer and give that link to them...

If I had to make a choice, I would choose any other SaaS business, due to the
historically contraversial nature of this type of service -- but that being
said, I wish the OP good luck in his endeavor!

~~~
peter_d_sherman
One other thing... before users sign up, perhaps you could tell them what will
happen to their data if you are ever served by Law Enforcement with a Warrant
to give them some user's data... If the answer is that you're going to give
your users' data to Law Enforcement (the right answer, as far as I know), then
your "private" / "privacy protecting" service -- really wasn't all that
"private" / "privacy protecting", now was it?

It would be far more honest and up-front to tell prospective users that their
data will not be private in/under all conditions/circumstances...

If you lose would-be users because of this, well, at least you showed honesty
and integrity...

~~~
willbrowning
Thanks for your suggestions, I agree. In the privacy policy on the site I do
state that "information will not be provided under any circumstances to any
parties other than when compelled by law." Logs are rotated daily and deleted
after 7 days.

I'll do some more research on the legal issues you've mentioned above too.

~~~
peter_d_sherman
You might very well have created the best anonymous email service out there,
which will be used and cherished by many thousands of happy users who use it
legally, ethically, morally, etc.

But then one day, you might get that one user, that one user, that just abuses
all of that, and causes nightmarish legal problems...

So forewarned is forearmed, as they say...

Also, I would point out that your service is the only way to truly manage
rogue emailers that don't respect unsubscribe requests. In other words, it has
a very legitimate/lawful purpose other than mere privacy.

While rogue emailers might not exist so much in the U.S. due to laws, the rest
of the world is open game -- there is no way (short of using your service!) to
manage them appropriately.

If you should ever go to Court, that should be at least one of your
arguments... basically ask the court/jury, "OK, well if a recipients email
address can't be anonymized, then how else does someone manage spammers from
other countries that get their real email address and keep mailing them from
different addresses (and with different content) such that it bypasses their
spam filter?" Simple answer: They can't! No one can! Done!

Disposable email addresses (for the recipient, when subscribing to various
things on the Internet) are the only solution.

See, that's your legitimate/lawful purpose...

Anyway, wishing you luck!

------
tamasnet
Congrats willbrowning, this looks lovely!

I've been using Mailinator for this sort of thing but I'm finding most of
their domains have been increasingly blacklisted on many lead capture forms.
And their paid plan that allows custom domains is not priced for this kind of
use case.

(Frankly I'm worried your pricing is too low.)

Looks like it's time to go dust off one of those domains I've been sitting
on... :)

~~~
zinxq
As a data point.. Mailinator lets you point ANY domain to it (for free). Email
sent there will go into the public Mailinator system.

[https://mailinator.blogspot.com/2008/01/your-own-private-
mai...](https://mailinator.blogspot.com/2008/01/your-own-private-
mailinator.html)

------
tzs
From the FAQ:

> Will people see my real email if I reply to a forwarded one?

> No, your real email will not be shown, the email will look as if it has come
> from us instead. Just make sure not to include anything that might identify
> you when composing the reply, i.e. your full name.

How does that work? Do replies actually go through your servers, so that to
the outside world they appear to be a proper mail from someone at AnonAddy,
with SPF and DKIM all in order?

> How do you prevent spammers?

> The following is in place to help prevent spam: [list of six things it does
> to fight incoming spam]

Can someone with an AnonAddy address send an outgoing mail to someone who has
not previously sent a mail to that AnonAddy address? If so, how will you try
to prevent outgoing spam?

If outgoing mail is limited to mail to people who have sent you mail, can you
initiate new mail to those people, or must each outgoing mail be in reply to a
previous incoming mail?

~~~
willbrowning
Yes replies have to be routed through the server in order to remove any trace
of the real email address sender. They are currently sent from the domain
anonaddy.me.

I will be adding the ability to send replies so that they come from a user's
own custom domain soon. This will involve having to add an SPF and DKIM record
as well as the MX one.

At the moment it is not possible to initiate an email conversation using an
alias although it is a feature I would like to add. I'll have to think about
the best ways to prevent spam when adding this.

Yes you could use the same Reply-To: name and email to reply to the same
person more than once if you have already received a forwarded email from
them.

------
degraafc
Nice job! This looks really well done.

I'm just getting started on something quite similar that will let you create
disposable email addresses that forward mail to multiple recipients (for
shared hotel/flight bookings, etc.). I see you have this feature to a lesser
extent too, which is super cool.

Again, great work and good luck!

------
rinchik
This looks great!

The only note would be pricing? Margins look too low for the tech product? You
need to sustainably acquire and maintain a very large user base in order to
make it work, the larger the base the more expensive maintenance will be, can
potentially be dangerous. Let me know if I'm missing something.

~~~
willbrowning
Thanks, to be honest the expenses for the service are quite low. It is just
the server and domain costs at the moment and of course my time.

You're right as it scales I may need to upgrade the server etc. but I think it
will cover its expenses quite easily.

~~~
cddotdotslash
I went through a very similar process when building a product as an engineer
(albeit B2B, but I think the same ideas apply here). When I first started, I
wanted to undercut the market and charge what I felt was an extremely fair
price (I was charging $8/month when competitors were charging $500/month).
After scaling the product for a few years, it was eventually acquired, but one
of the biggest regrets I've had is not charging more sooner, especially
because the market could clearly support it.

Anyway, it's a bit unsolicited, but I could definitely see this being at least
$4.99/month for Lite and $9.99/month for Pro. Congrats on the launch!

~~~
willbrowning
That's an interesting story and has some good points.

My main concern would be the fact that complete email solutions such as
Tutanota, Posteo are very cheap at 1 euro a month or so.

So I'm not sure users who aren't as concerned about their privacy would think
it was worth it for $4.99 per month+

I mean I could be completely wrong, just my thoughts from some of the feedback
I've received so far.

~~~
madamelic
You aren't selling to techies. This is super easy to set up for almost any
engineer (beyond a few fantastic features you added).

What you need to do is effectively twist the knife, make the reader feel the
pain. "Don't you think $10 / mo is worth your sanity and a clean inbox?"
essentially.

$10 is basically nothing to your modern professional. That's 1 - 2 coffee
runs.

$1 or free (!!!) is way too cheap for an indie maker. Ignore the people who
complain about price. There are always going to be people complaining, fire
them. Those types will always find something to complain and twist your arm
about.

Even $10 / mo for me, someone who has set this up myself, might be worth it
just for additional features and being able to easily add more domains.

EDIT: Save free forever for the VC-backed companies who are burning other
people's money in the hopes of hockey stick growth.

Free trials are fantastic, but free forever is a losing gambit in my opinion.

------
willbrowning
Hi all, creator here. I've been working on AnonAddy (short for anonymous email
address) for the past few months with the vision of creating a privacy
friendly, transparent and easy to use email forwarding service.

The web app is built using Laravel, Vue.js and Tailwind CSS. Source code is
available on GitHub[1], also mirrored on Gitlab[2]. The server is running
Postfix, MariaDB, Nginx and Redis.

I know that there are already a number of other services available that do a
similar thing, but I wanted to address a few issues with them, such as:

\- Proprietary source code

\- Adverts, analytics and trackers used on the sites

\- No option to encrypt emails using a GPG/OpenPGP key

\- No option for multiple recipients

\- No API

AnonAddy protects your real email address from spam and allows you to identify
who has sold your data by using a different unique email address for every
website.

Here's a highlight of some of the features so far:

\- Add your own GPG/OpenPGP key per recipient to encrypt all forwarded emails

\- Custom domains

\- Anonymous email replies

\- UUID aliases that look like -
94960540-f914-42e0-9c50-6faa7a385384@anonaddy.me

\- Add multiple recipients per alias

\- Add additional usernames to compartmentalise your aliases

\- Browser extension for Firefox and Chrome

\- API

New features are added regularly, here are some potential future features:

\- Tags/folders to help organise aliases

\- Random word aliases e.g. yellow.biker54@anonaddy.me

\- More brower extension functionality to manage existing aliases etc.

\- Send from aliases e.g. initiate email conversation

\- Send replies from custom domains as opposed to from an AnonAddy domain

One of the most frustrating challenges was sorting out CORS issues with the
API whilst building the browser extension. I noticed that only Firefox seemed
to be enforcing the policy and not Chrome (Brave) which caused some confusion.
In the end I looked at this awesome package by Spatie - laravel-cors[3] and
was able to solve the issue. An important thing to note is that the Cors
middleware needs to be included in Laravel's global middleware stack for it to
work.

I've learnt a lot about Postfix, DAME, DNSSEC etc. whilst building this but
I'm always looking to improve things so I'd love to hear if you have any
suggestions or feedback at all.

Thanks, Will

[1] [https://github.com/anonaddy](https://github.com/anonaddy)

[2] [https://gitlab.com/anonaddy](https://gitlab.com/anonaddy)

[3] [https://github.com/spatie/laravel-
cors](https://github.com/spatie/laravel-cors)

~~~
itake
I am not a huge fan of the name just because it stands out too much. Companies
will see that in their db and think its a fake temporary email.

~~~
willbrowning
That's a fair point. I've already added an additional domain to the site and
will add more that look "generic" soon too.

~~~
ppadron
And custom domains already cover that. This looks really great and thorough,
congratulations!

------
baggachipz
Fantastic looking product, and the first year of service for the price of a
beer is a great value. Just hooked it up with my own domain to track spam
offenders and eventually migrate off gmail entirely.

~~~
cipherzero
I agree. I will say the price was at a point that I didn’t even have to think
about it at 1$/month. I looked at the features, signed up promptly, and wired
up a custom domain. The only thing I’m not excited about is rotating all my
emails...

Thank you for putting this together. I love that you even have 2fa support.

------
naveen99
I am surprised the people sending me physical junk mail haven’t lobbied the
post office to provide all their customers with email boxes along with
physical mail boxes and then stuff then with junk email along with important
governmental notices only going through post office email boxes that have tiny
storage quotas so you have to manually delete all the junk email, otherwise
they will stop delivering the email that you actually care about and
refreshing the junk email...

~~~
jrootabega
USPS' "informed delivery" service is headed in that direction. They email you
attached advertisements along with the scanned mail pictures. Sometimes they
just send you an advertisement when you're not even getting mail that day.
It's atrocious

------
apankrat
Got to compliment you for not having any external dependencies on the site. I
really wish this were more commonplace.

~~~
willbrowning
Thanks a lot, on the landing page the only javascript included is on the blog
and help pages for searching.

I have no idea how big the traffic spike is from this post but the server
appears to be coping very well so far!

------
mrchess
Do you have a plan for when the anonaddy.com domain is added to the
blacklisted emails? For example, I know on some websites will just straight up
reject addresses from Mailinator or Sharklasers. Is there a way to prevent
this from happening to you as well?

~~~
willbrowning
As I mentioned in another comment the only true solution to that problem is to
use your own domain name. I will also be adding more generic domains to use in
the future for users to choose from.

~~~
dboreham
Which will all be blacklisted as will the subnets within which your IPs sit
and then your hosting provider or ISP will terminate service.

~~~
threwawasy1228
I know this is kind of a disparaging comment, but I would really like to hear
their response to it. There have been numerous good services similar to them
in the past and all have been placed on spam listings and blocked by most
major services. Mixnet solutions have worked for over 30 years, they aren't
particularly novel, what is novel is having an email service that allows
reasonable privacy whilst not ending up on a spam listing.

~~~
willbrowning
I'll do my best to prevent spam being sent by the service and therefore avoid
being placed on a blacklist in the first place. I know it may be difficult to
avoid landing on any blacklists but the server does currently have some
reasonably strict anti-spam measures in place and I'm constantly looking for
ways to reduce any spam to a bare minimum.

All forwarding addresses (recipients) on the site must be verified in order to
receive forwarded emails.

------
Improvotter
This looks interesting. For now I've been using the + suffix on my G Suite
account: name+alias@example.com. The only downside to this is the fact that
some websites don't have proper email validation and say that this email
address is invalid.

~~~
willbrowning
Thanks, I wrote a blog post[1] recently about the benefits of using different
aliases as opposed to plus-addresses and that was one of the issues I
mentioned.

[1] [https://anonaddy.com/blog/why-you-should-use-a-different-
ema...](https://anonaddy.com/blog/why-you-should-use-a-different-email-
address-for-every-site/)

------
ccleve
Beautiful site. Can I ask how you made it?

I see some mention of a Tailwind template for the landing page, but how did
you do the secondary pages and the admin interface? The blog?

Also, I see some mention of Vue. Did you do the admin interface differently
than the main site?

~~~
willbrowning
Thanks a lot.

The other pages e.g. the blog, FAQ, posts etc. are just very simple layouts
along with the nav bar and footer.

I'm using Jigsaw[1] which is a static site generator that allows you to use
Laravel's blade templating engine, it's awesome.

The admin interface I made myself using a few Vue components, it is a
reasonably simple layout to be honest.

Yes the account site where you login (everything at app.anonaddy.com) is
completely separate from the landing page (anonaddy.com).

The first is a Laravel app, the second is a static site. They both have
different repositories on GitHub. Feel free to browse through all the source
code to get a better understanding of how it works. Just let me know if you
have any more questions about it.

If you are looking for some help or inspiration with UI design I highly
recommend the Refactoring UI book[2] by Adam Wathan and Steve Schoger.

[1] [https://jigsaw.tighten.co/](https://jigsaw.tighten.co/) [2]
[https://refactoringui.com/](https://refactoringui.com/)

------
simonhamp
This is great! Props for getting it polished and putting it out there. Also I
was really pleased to open the GitHub repo and immediately recognise it as a
Laravel app! :D so I’m looking forward even more to giving this a good go

~~~
willbrowning
Great stuff! Let me know if you have any questions.

------
acoomans
Love the idea. However, what happens if the anonymous email forwarding service
disappears (e.g. shuts down)? Does it mean users won't be able to access any
online service they signed up for with an anonymous email address?

~~~
acoomans
Nevermind, it's all on github and seems pretty well documented. Great work!

~~~
crispyporkbites
That won't help though, as emails will still go to the old domain.

~~~
thestepafter
Which is exactly why you use your own domain so that you have the control.

------
abathur
Cool. I've had a similar idea kicking around in my head for a few years. How
do you think about the compromise/disclosure risk of the data you keep that
associates the subscriber account with aliases?

~~~
willbrowning
I encrypt as much sensitive information in the database e.g. recipient email
addresses, descriptions etc.

Someone suggested the idea of creating hashed aliases, that are generated and
hashed on the client side so that even I do not know what they are, then
incoming emails are compared against this hash to determine where to forward
emails.

The only thing is there would probably need to be an additional column on the
hashed alias that is client side encrypted so that the user can still view the
actual alias in their dashboard.

~~~
abathur
I was interested in hashed aliases as well, though I haven't had any terribly
bright ideas about how to mesh platform-blindness with a revenue model that at
least covers costs.

I've thought about tokens or credits that get consumed by checking/sending on
the hash, but I imagine they'd be most-used for fire-and-forget stuff...

------
ludditetech
Spamgourmet been doing this for free for must be about 10 years I think
[https://www.spamgourmet.com/index.pl](https://www.spamgourmet.com/index.pl)

~~~
Rebelgecko
Spamgourmet is amazing and has been really responsive when it comes to fixing
the sorts of issues that come up when running an email service (e.g.
blacklisted IPs, messages getting shunted to spam, etc). I've been using it
since 2007 and it's kept more than 10,000 junk emails out of my inbox. I think
it actually started almost 20 years ago.

Unfortunately the operator of the site is really sick and has talked about
shutting the site down. Last I heard he'd found someone who seemed trustworthy
to run the site when he isn't able to, so we'll see.

------
g105b
Great product and clear marketing website. I particularly like how focused the
product is.

One thing that really stands out for me is the detail and effort you've put in
to the help and privacy documents. Good job!

~~~
willbrowning
Thank you! The help centre is still a real work in progress, I have a load
more help articles I need to add there.

I based the help centre on Mullvad's as I really love how simple and easy to
navigate their website is!

------
ReXeVyPho
Just got your email:

First "As a thank you for being an early beta tester..."

After that "If you have any more than 20 UUID aliases they will be
deactivated"

Should I go with you anymore? Never treat your customers as beta testers. My
data come with UUID are gone.

A picture is worth a thousand words

[https://framapic.org/FLlGZzLBLQ9x/n4QO1aGPDt7V.png](https://framapic.org/FLlGZzLBLQ9x/n4QO1aGPDt7V.png)

~~~
willbrowning
I apologise if there has been some sort of misunderstanding. When I first
launched the site I publicised the fact that it was in open beta whilst I was
ironing out any obvious bugs and testing things out. I also had a banner
message in the settings page stating this.

The message stated: "You are currently on a Free Pro Subscription as a thank
you for being a beta tester. This free subscription will come to an end on 5th
December 2019. You can still start a subscription now if you wish to support
AnonAddy."

When the site's open beta came to an end I sent an email to all those who had
signed up. As a thank you, this email let all users know that they would have
an additional 3 months to continue using all the Pro features of the site for
free.

I then sent 2 more emails shortly before this free subscription came to an end
which is shown in your screenshot, giving users the choice to update their
emails if they didn't wish to subscribe.

I have also offered all beta users a discount on both Lite and Pro plans.

Let me know if you have any other questions.

Best, Will

~~~
ReXeVyPho
Thanks for your reply and your service. Done.

------
wp381640
I wish 1password integrated this so that I could have both random email
addresses and random passwords for accounts all stored in one place

------
tnolet
As a small SAAS owner I’m always very ambivalent about these things. I use
throw away email addresses myself but there is nothing more annoying than
seeing the same users sign up over and over again for trials.

I think 1/4 of my signups are anonymous accounts.

Only upside is that they are a dead giveaway for non converting users so
there’s that.

------
eashman
I’ve been using Inbucket[1] for a few years as a self hosted temp mail
service. I wouldn’t use it for permanent addresses but for testing and burner-
like uses it works well.

[1] [https://www.inbucket.org/](https://www.inbucket.org/)

------
mehrdadn
> Our system will then silently discard any further emails and you won't be
> forwarded anything else for that alias.

Be careful you don't run into legal issues here. I remember reading somewhere
recently that silently dropping emails isn't allowed in some jurisdictions.

~~~
krackers
Isn't that what spam filters do though? Or is there some technicality since
they're technically not silently dropped but instead in a folder that you
don't care about.

~~~
mehrdadn
Yeah I think it's something like that. Actively rejecting on an SMTP level is
fine too, since the sender is now aware. Just dropping it completely silently
seemed to be the problem from what I recall.

------
willyyr
Awesome! I wanted to have something like this for ever and planned to build it
myself using a combination of gmail and Flow or something. Now LastPass ,
1Password etc. need to integrate it so every time you generate a new password
you can add a random email to the mix.

~~~
willbrowning
Yes a few other users have mentioned integration with password managers. I
agree that would be extremely convenient, but this would obviously be up to
the password manager to integrate it using the API.

------
missmadeleine
Hey, been using this for a few weeks now. Been an absolute game-changer. So
refreshing to have something open-source with privacy at the heart of it.

Super user friendly, great dashboard. Considering upgrading to the pro version
- how long is your black friday offer available?

~~~
huhtenberg
Welcome to HN, an account created 9 minutes ago.

~~~
CathedralBorrow
Do you find it impossible that someone would read a thread without an account,
find a topic they want to comment on, create an account and then post a
comment?

~~~
huhtenberg
Given style and contents of the comment - yes, I think that's very unlikely.
The comment looks orchestrated.

------
chrismaeda
This is pretty cool. Do you have any info on how you set up all the email
infrastructure?

~~~
willbrowning
Thanks, I do have a small number of instructions for self hosting[1] they're
still a work in progress and you'll need to know how to manage a server from
the command line etc.

A few users have asked for me to create a Docker image that can easily be
deployed, however I'm not familar with Docker so I'll have to learn how to do
this first.

[1] [https://github.com/anonaddy/anonaddy#self-
hosting](https://github.com/anonaddy/anonaddy#self-hosting)

------
iampims
Really polished, congratulations!

I agree with the anonaddy.com alias, and saw that you added another one for
people on lite/pro plans.

I'm just unclear on how the bring-your-own-domain feature works.

~~~
willbrowning
Thank you very much.

When you create an account there is a page called domains, it provides
instructions on how to add the correct MX record to your custom domain in
order to allow the server to handle inbound emails.

------
stilisstuk
Can I pay with monero (privacy friendly crypto currency).

~~~
willbrowning
Yes you can, although at the moment it is done manually as I haven't got round
to implementing a proper crypto checkout flow!

There are instructions on the subscription page of your account.

------
kkarpkkarp
nice, looks better than [https://www.maskmail.net/](https://www.maskmail.net/)

------
Jeremy1026
Each pricing tier lists "everything is free" in the top line. Do you mean, "no
usage fees"?

~~~
willbrowning
It actually says "everything in free" meaning you get everything that is in
the free plan plus the rest of the items in the list.

Perhaps I could make this more clear?

~~~
justusthane
Perhaps "Everything in the Free plan"? I read it correctly, but it would be a
pretty easy mistake to make.

------
ITB
How are the monthly limits on bandwidth calculated? Does it include images and
attachments?

~~~
willbrowning
Each time a new email is received Postfix calculates its size in bytes. A
column in the database is then simply incremented by that size when the email
is forwarded or a reply is sent. At the start of each month your bandwidth is
reset to 0.

Yes the size does include images and attachments.

------
Pete-Codes
I saw this in WIP. Looks good!

~~~
kaffee
Is WIP [https://wip.chat/](https://wip.chat/) ? First I have heard of it. Are
there other well-known communities doing this sort of thing?

------
chrisweekly
Other than being OSS (w00t!) how does this differ from inboxalias?

~~~
willbrowning
I've never heard of inboxalias to be honest with you, so can't comment on
that.

------
boynamedsue
I want a service like this for credit card numbers.

~~~
willbrowning
I haven't used it myself but I think Privacy.com[1] does this.

[1] [https://privacy.com/](https://privacy.com/)

------
seanph
Nice lot of features! :)

~~~
huhtenberg
Welcome to HN, an account created 17 minutes ago.

~~~
seanph
Thanks.

~~~
seanph
I just got to do my first real world use of an on-the-fly created anonaddy
alias, with this website's account.

~~~
willbrowning
Haha, awesome!

