Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Maskmail – anonymous email address service (maskmail.net)
110 points by dasil003 on June 26, 2018 | hide | past | favorite | 73 comments



Nice idea, but I suspect if it gets any traction, many services will just block maskmail addresses. That's why mailinator uses 100s of different domains and makes it really hard to get a list of all of them.


(co-creator of Maskmail here). That's in our plan for future updates, at the least allowing users to opt in to using many different domains. Many other features in the pipeline too, please feel free to send any ideas you have to support@maskmail.net, or tweet at us @mask_mail

Hope you find value in the service!


Will you add support for Bring-Your-Own-Domain? This HN commenter is definitely interested.


We hadn't considered it, but it's an interesting idea. We'd have to think through how to make it work, there'd be some interesting interplay with routing and mail servers.


Yea I would want this too. I think it makes more sense than Maskmail just adding a bunch of other domains that can get blocked too.


Many services block all mailinator domains by simply doing a live MX record lookup and noting the domain is pointed at mailinator (there are SaaS companies that offer this via an API). Another thing I've noticed is blocking email addresses on domains that do catch-all receiving. It's really frustrating.

I've used sneakemail for a very long time, but I've found that it's actually been resulting in worse things than simply having my registration blocked.

* Credit Karma banned my account (that I'd had for eight years)

* HP canceled my order for a laptop AFTER IT SHIPPED, recalling the package

I've had to switch to sneakemail only for things that I wouldn't provide my name to anyway.


I don't really know anything about MX records or email in general, but couldn't maskmail just always point to the forwarder domain (yahho, gmail, etc) instead of their own hostname?


No, the forwarder has to re-send the message with different envelope information.


Which also means users can't use them either. Sometimes I want to use a different mailinator domain, but loading the homepage usually only shows the known domains.


You could always point your own domain at it instead.


That's a good point. I'd let users pay for using their own domains.


That could be interesting, but then what do they need you for? I can already do that with gmail. I just set up a domain on google apps and then tell it to deliver any email address to my main email. In fact I do that already (see my profile).


The convenience factor is definitely there. A browser plugin that automatically creates an email address that you can later turn on/off with a couple clicks instead of going through the domain setup in gmail (or in my case fastmail)? I'd be interested in it.


Price, convenience. Google Apps is not free. For this particular use case you might be able to provide better user experience. Maybe integrate the custom domain registration and automatic DNS config to the UI.


Me and a a colleague discussed this just last week and even considered building something ourselves. Good thing you beat us to it, you seem to have done a marvellous job. The one thing we did some thinking about is how to avoid getting blocked. We run a SaaS and have blocked several hundred domains such as mailinator because of the high rates of fraud. Anyway, good luck!


A bit off topic but does anyone know of an email service that doesn't require a pre-existing email account, doesn't require ID, is TOR friendly and accepts cryptocurrency as payment? It seems like this should be an obvious service but I have a hard time finding one.


https://cock.li

tor friendly. free (runs of donations). no email or id required.

also has tons of cool domain names to choose from. some of my favorites: horsefucker.org, cumallover.me, nigge.rs, rape.lol, nuke.africa



> https://protonmail.ch

No IMAP/POP3 on free account is such a turn off


Have to pay the bills. If you value a service, pay for it.


I imagine they're worried about their service being used to send spam, which would trash their reputation as a sender.


You can’t spam using either of those protocols.


1. Sign up for an account to comment, using a free email account

2. POP3/IMAP your email to your bot, clicking any links

3. Write spammy comments


Sure, you have a point. But I've noticed that nobody blacklists new domains, so using existing providers would be a waste of time for most of such operations.


They're working on the crypto currency part and they're TOR friendly. http://tuta.io


Not everything listed but mailinator works in Tor Browser... Might be a starting point for the pre-existing email account...


Last time I tried, they blocked Tor.


Sharklasers.com works on Tor, don't know how it compares to mailinator feature wise though.


Great landingpage dude! Was building something like that a while ago for myself until I realized, I'd just use the email+something@gmail.com feature.

But anyways, great idea! Wish you all the success or at least some decent side money.


this +something neither anoymizes your real address nor prevents it someone to spam your real address forever


I've actually thought of this a while back and thought "wouldn't that be awesome?". Kudos to the ones who developed it!


Why not just append a unique marker to your mail address? Some services support this. For gmail i believe you can use "+" as the separator: I.e. your email address is victim8384@gmail.com and you want to give your email address to a party called "spammer", you give them victim8384+spammer@gmail.com instead.

Once you start receiving spam to that address, you block it.


Most spammers know about that trick, and their software automatically strips the + and anything after it. Their software has been doing that for about 20 years already, sadly. The + trick really only works with people you trust already. Also, + addressing is in the RFC, so pretty much every mail server supports it.

Gmail also added . (dot) as a non-counted character, so you can put as many of those as you want into the user field, but most spam software is catching onto that too.


My plus addressing with gmail is strictly a whitelist. Anything sent without a plus address is immediately deleted with an automatic filter. The issue I encounter is services that (incorrectly) treat a plus address email as invalid, preventing sign ups.


I use a different delimiter (using the option recipient_delimiter in postfix on my mailserver) and have yet to see a spammer figure it out. YMMV.


That works great if you control your own mail server, but most people don't these days. :)


The reason for this is of course that it's a complete pain to work with the large email providers (say, you want to send an email to gmail) if you have your own service. Email has been far from truly decentralised for a while now.


It's not that bad really. Been doing it since more than a decade.


If you enjoy the administrative work that comes with it (removing yourself from "you exist and you are therefore banned" blocklists, trying to convince gmail/hotmail/etc that you're really a real person, etc) then yes, it's not hard. If you use email, want it to work and don't enjoy extra administrative duties on top of your day job, I'd say it is that bad.


For non-important stuff I can recommend mailhero.


I have also been using mailhero.io since it has first been mentioned on HN.

Lately I do however have issues with mails not being forwarded / blocked at the service. I contacted the developer but as of today no feedback. Obviously this is a free service, which also means that I sadly cant rely on it. I am willing to pay for such a service and will try Maskmail / Othermail, but actually I would prefer an open source solution on an own (micro-)server...


As a spammer, wouldn't it be trivial to just run a regex on email lists looking for that pattern and then harvesting the results? Or is this like the old joke where you don't have to outrun the bear, just your friend?


Well, one more reason not to use gmail i suppose. If you have your own mailserver you can configure a different delimiter.


Sure, but then you get 100 other problems that come with self-hosted e-mail servers that might not be worth the hassle.


At least some years ago this did not work out so well due to broken email validators that did not accept + in the address.


Some sites and systems won't accept email addresses with a plus sign in them - I've found most do tho.


This looks extremely similar to https://burnermail.io. And they're free


It kinda looks like it's almost a 1 to 1 clone of burnermail.io lol


I try to create an account, put in a username and matching passwords, but the "create account" button gives me a circle-bar "you can't do that" pointer, with no explanation. Chrome on OSX.


Good feedback, I'll make it clearer, this is a confusing state


It's fixed now, thanks for trying it out!


Sorry your password needs to be 8 characters or more


I think it is a good way to only register in sites. For collaborating is not good, because "reply-to" header is set to the real sender. This a only one way to `mask` email. Answering thought masked mail is not possible.


There is as well anonbox.net[1] from the CCC which is pretty useful too, even if its functionalities are a little bit different

[1] https://anonbox.net/


Correct me if I am wrong, but this is the same idea as spamgourmet.com, right?


I love this service, whoever runs it: thank you!


Blur by Albine[1] has been my preferred anonymizer.

Though my main appeal is the burner credit cards.

[1] https://www.abine.com/index.html


We also do the same thing at https://theothermail.com except you have 100 emails for free


I don't understand one thing: the whole point of a disposable e-mail address it's that you just can use it instantly and never reveal your real e-mail addresses to anyone. That's why Mailinator got so popular. But in order to use Maskmail I have to register - what's the point? I was thinking I could give it a try because it's new so it will work for a while for sites that for some strange reason block disposable e-mail addresses, but registering simply defeats the purpose.


Note it says "anonymous", not "disposable".

> the whole point of a disposable e-mail address it's that you just can use it instantly and never reveal your real e-mail addresses to anyone

For you maybe. For others the point might be "never reveal my real e-mail address to the sites I give disposable addresses to, be able to keep receiving e-mails for some of them long-term and not having them publicly exposed to everyone that knows the address".


Why not create a Gmail account for that purpose then? (Or Yahoo/Outlook if you're concerned with data collection.) The amount of hassle is the same. With Mailinator I just type khdgfkasjdhfg in the register field, then then type Ctrl+L "maili" [Enter], paste khdgfkasjdhfg in the (already active) "Check Any Inbox" field and bang! - I'm already there, always. Maybe there's something I don't see here.


If you create a new Gmail account, as many people do, you can still be tracked with that. Using the same email address on multiple sites allows data aggregators to match your profiles from each site to build a very comprehensive picture of you. Of course, you could create hundreds of Gmail accounts, but then you have to manage hundreds of inboxes, which you won't do well leading to you missing lots of emails.

Maskmail essentially does this for you with extreme convenience.


Creating a new gmail account isn't a one-click thing, adding a new address to Maskmail is, at least according to their website.


Another approach is a service I built called veropost (dotcom) that is an email paywall so the sender needs to send a tiny tiny bit of Bitcoin in order to reach you.


Good job, mate! Seems pretty useful. Who would you name your top competitors?


33mail probably...


Looks like Trashmail but more $


dnt.abine.com


Complete anonymity you say? Please show me how you bypass "lawful search".


Cool, another domain name to add to my list of disposable email services. Done.


But why?


To thwart low-effort drive-by anonymous abuse.

(I also block TOR. Pure anonymity is not a service I choose to offer, because it is inevitably abused and I don’t have the time or resources to deal with it.)


not OP, but I imagine it might be one of: it's valuable (sellable) information, fraud is more likely to come from anonymous/disposable email address sign-ups for services, tracking is more valuable when tied to a (semi-) verified/verifiable identity, valid email addresses can be enriched via other sources of information people might have access to?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: