Email aliases as Security Feature ???

Email aliases as Security Feature ???

This article is about a feature that not many of us have known or might have used previously. Also how it can help us to secure our online identity !

What is an Email alias ??

For those who don't know email aliases, they basically works as an email forwarder with custom word in the email address. This helps you to use the same email address without creating new gmail address for signups. This also helps us to filter spam content by filtering out the to email address from the inbox.

Why you should start using them?

Email aliases has a feature that has been not spoken much about. Let me put this straight into scenarios for better understanding:

  1. Imagine that you are using a service named vulnerable service. At some point in the future the company's database has been compromised and all the users credentials including your's were stolen by the attackers.

  2. Now, let's assume that I used the same create in a different service, let's say it is called super-secure service.

  3. Generally, we humans are not comfortable with remembering passwords, so most of the times we used to create online accounts with same password.

  4. The attacker who has our email and password compromised will try to access other services like Github, Facebook and Outlook to exfiltrate more information.

To avoid this we can create an email alias that won't be guessable normally, this reduces the chance of accessing your other services with the compromised credentials.

Dots and Plus are the best :p

Now we have talked about what is an email alias, we can start creating our own email alias. I'm using my domain for this example, this can be used in other email providers like Gmail, Outlook and Zoho mail.

My Actual email =>

Combinations of email addresses that I can use online are :

We can use as many dots as we want, but the only thing to keep in mind is that we have to use 'em before the @ sign in any email address.

Plus sign works differently, you have to use it once and you can add any random word following the + sign in email address.

You're right !!!

I know you might be thinking about using a password manager to solve this problem , you can create a complex password for the online accounts. Yes that solves the problem of getting PWNED with a compromised credential, but this article isn't about just securing your online presence but also about a feature that many of us aren't using till date, and also we can use email aliases along with the password managers for increased protection. You know what I mean :P


Did you find this article valuable?

Support Mohanraj R by becoming a sponsor. Any amount is appreciated!