Anonymizing isn't new. For instance Craigslist generates an anonymized e-mail address through which people interested in your ad can contact you. (Of course, if you reply to it, then you reveal your real address.)
People who run their own mail domains do this kind of thing on their own.
I have the following system: the local part of the e-mail address has a four digit security code. If I give such an e-mail address to some vendor, it serves two purposes: the address bypasses spam checks, so I'm sure to get the e-mail. (Usually transactional e-mails are important and not easy to re-send.) Secondly, I can change the code to shut down senders who abuse the the address.
Some banks offer throwaway one-time-use credit card numbers linked to your real credit card. That is very similar to this.
Do you ?
I am pretty sure it redirects everything through the CL email proxy and the only way for them to know your real email address is for you to give it to them (or they guess it from your "Name" which the CL relay copies from your email).
CL performs a decent, two-way anonymization. When you reply to a listing's anonymized e-mail, your own e-mail address is anonymized (just not your name, which I think comes from your From: header or SMTP envelope address? In any case, you control that).
Furthermore, the originating SMTP paths are mutually concealed by CL. You don't see how the mail arrived into CL, just how it came from CL to you; i.e. it's completely remailed.
Lastly, even the Message-ID is rewritten. The originator's message ID could contain clues about the mail domain and such; CL replaces it with their own.
Quite probably, they strip away the signatures from bodies as well; those could inadvertently leak identity bits.
[Source: I searched my inbox for some CL interactions, several years old, and examined the headers.]
It doesn't take much to be marked as a bad actor, so companies will quickly remove you from their lists if you're jeopardizing their ability to get into the inboxes of their other users.
Source: I've worked at a couple of companies that used email as a significant part of their strategy to keep in touch with users.
Most of them will require warming up the account/IP you're sending the emails from in order to increase the quota of emails you can send per hour/day.
This product seems like a good candidate for a free trial period. Users will become invested to some degree during the trial and may be reluctant to stop using it.
I like the idea but given the obvious problems and the fact that they want four bucks a month and no trial, I'm inclined to avoid. Shame because I would use something like this.
e: seems like "how it works" is meant to link to the video
Edit: It does have the slight downside to making some human conversations awkward. "Just to confirm, the email address we have for you is... wait, what?"
An open source version would really be handy for people who
host their own domains.
I could use a FireFox extension which lets me click next to some e-mail field to generate an address by talking to some web shim on my server at home, which generates the alias and binds it to my e-mail address via /etc/aliases, and restarts Exim.
The generated e-mail could actually be a cookie which contains not only some random ID but an encoded version of the domain name of the site against whose page it was generated. So later, when that address is being abused, you can tell where it came from without looking up any association in any file or database.
I have had problems with Vimeo for years now across multiple desktops, multiple browsers, multiple mobile devices in multiple locations (across Europe and Australia). It happens on both popular videos and videos in the long tail which aren't being linked to at that moment by popular sites. It happens on free Vimeo accounts and on premium Vimeo accounts. I give Vimeo a pass when YouTube HD videos aren't working either but most of the time YouTube HD videos are working just fine on these connections and it's just Vimeo can't stream video reliably.
In this case the video wasn't even full motion, the background is static and the keyframes and audio should have been a large slice of the bandwidth. But it was stuttering at the start and now even after letting it load in the background on a 70Mbps connection while typing this comment it's still stalling near the end of the video. What are the Vimeo alternatives besides YouTube?
All this would give something better than promise that I would not look at private emails, but I would have to build client application that would be SMTP server inside. Handling LE automatically and all other seemingly unrelated things.
Main use would be to use generated by application unique addresses for registration purposes.
-Combine mass mailings in to a single daily digest email (Unrollme)
-Find out who tries to sell your email address (Using email@example.com)
I have my own "yourdomain.com". I pay to keep it registered and keep a server running also. Most people don't have this; their mail domain is "gmail.com" or whatever. Sure, a lot of problems could be solved if everyone just had their own domain!
Speaking of "gmail.com"; I'm surprised Google doesn't just make this a feature of gmail. It would be fairly trivial for them to implement for the benefit of all gmail users.
Occasionally you'll run into a form with broken email validation that won't let you use a + character, but I've been doing this for years and it works the vast majority of the time.
This type of thing can work, but only for a small-time service provider whose plaintext encoding scheme is not widely known. (Security thorugh obscurity.) Even the hard-core spammers won't sift through millions of e-mail addresses to crack some plain text scheme that is used by two or three of them.
Also, you need the option to permanently destroy one of these, so that you never see mail from it again. No filtering bullshit. Google should control the exact set of anonymized addressees attached to your account. When you destroy any one of them, any further attempt to send to it should result in a non-delivery notice (SMTP bounce).
Suppose I have two users in my domain: bob@mydomain, alice@mydomain.
How can alice just make up a new @mydomain address which goes to alice@mydomain? Okay, that part is simple: we can have an entire space of these generated by a rule, like gmail's firstname.lastname@example.org.
But then how does alice invalidate such an address that is misused?
I want it so that any address that is not valid generates an SMTP bounce; I don't want an infinite space of aliases that map to an address to all be considered valid, but a specific set, controlled by the user. When an element is removed from that set, then further attempts to send to it generate SMTP bounces.
Furthermore, I want it to be completely anonymized, just like Throttle are doing, as in:
<random-chars>@mydomain -> alice@mydomain
To solve one of these problems, what we can do is assign to each user some random identifier of fixed length, from which further addresses can be generated. For instance alice@mydomain also gets "xZa3f@mydomain" when the account is created. To this local part, arbitrary characters can be appended: "xZa3f4abPspamming.dickheads.com@mydomain" such that this still routes to alice@mydomain. Doesn't handle the SMTP-level invalidation requirement though.
As people have pointed out, it now seems possible to use the + functionality of gmail which I was not aware of, but the above setup avoids the issue of forms not accepting + in a valid email address.
This only works with a catch-all email forwarding as I mentioned, so if you want bounce on non-valid addresses it will not work, but like I said it has served me very well.
The problem with this solution is that many email harvesting widgets incorrectly see +xyz as invalid, even though it satisfies the rfc just fine.