I've just discovered SimpleLogin (currently using BurnerMail).

I prefer the idea that SimpleLogin is open source, and I've just seriously contemplated the possibility of self-hosting it.

One of my major concerns with BurnerMail is that it could just go away one day and leave me well up s**t creek with no paddle, or canoe.

Anyone else using their paid option or self-hosting it? Thoughts?

@gray this looks really cool as a self-hostable service. I already have this thanks to a catch-all mailbox on my private mail server, but for those who don't have that, this looks like a great solution!

@yarmo @gray Don't pretty much all mail hosters which allow you to use your own domain provide this anyway?

@edavies @yarmo Pretty much, although some do charge extra for catch-all service, even if you have a custom domain (ProtonMail is one example).

I considered using a catch-all, however my concern there was that if the address was leaked, I'd like to stop receiving mail to it completely, regenerate and assign a new one to the service (if they continued to be used after a breach/leak/sale ...)

Maybe I'm overthinking it and making it far more complicated than it needs to be.

@gray @edavies @yarmo you could always add a drop filter in your client for the leaked address, and generate a new one.

You could also include some unique nonce in each one to make them unpredictable. E.g. Realistically though just incrementing a number should be enough to stop mass mailers. E.g.

@gray @edavies @yarmo just remembered one caveat - emails you're bcc'd on don't include your email address

I implemented the wildcard approach about a month ago and have only had it come up with mailing lists (which I'd prefer to be able to filter to one folder without naming individually)

Afaict most ~legit marketing emails do include your address in the 'to', but pure spam might not.

Maybe there's a way to have the receiving mail server stash the bcc address in a header...

@sporksmith Good point. My service provider puts the envelope address in a received header and I use Thunderbird filters to fish the address out of there so never noticed that BCC could be a problem. If your provider doesn't do that they'd be a bit annoying.

@gray @yarmo

@edavies @gray @yarmo yeah, mine doesn't seem to by default. I'll check again if there's an option and if not put in a feature request.

@sporksmith I do the nonce thing, sort of: year and month plus two letters I make up when minting the address. http://localhost/2016/08/unique-email/

(And, yes, I do get a few messages a month for that example address in the post; it could be used as a bit of a honeypot, I suppose.)

@gray @yarmo

@edavies @gray @yarmo nice writeup, and good point about making it more difficult for others to check if you have an account on a given service

@edavies Thanks for that!

As you mentioned in your post, one of the huge pro's to this random identifier highlights exactly who leaked what and when.

Strangely, I hadn't considered filtering from to their own folders to keep them separated. However, I tend to keep myself at inbox zero, so it's never really been a huge issue.

I also hadn't considered the PGP signing aspect. Most are receiving only, but certainly something to think about!

@sporksmith @yarmo

Using their paid options. And I do like it, I belive they have a handy export feature if you plan on moving from paying them to self-hosting it.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.