Email addresses are no longer just for communication. It's the identifier you use to log in to dozens of apps, a channel for password resets, a connection point for accounts across services, and a trail by which the advertising industry and attackers can profile you. Then, when one of the services where you use that address experiences a data leak, it gets circulated as part of an „identity“ that can never be fully taken back.
Alias and proxy email services solve this problem with a simple idea: you give each service a different address, which you turn off if necessary. In this text, I'll look at the four most frequently mentioned services: SimpleLogin, Addy.io, Firefox Relay and ProxiedMail. I'll focus on how they work, what risks they add, how it is with deliverability and how users perceive them. I'm deliberately leaving ProxiedMail until last, as it is the youngest and least proven of the four.
How aliases work
The principle is the same for all four services. Instead of a real address, you enter an alias type when registering nakup@nejaka-maska.com. The message arrives at the alias service server, which figures out the real mailbox to forward it to, and delivers it to your regular Gmail, Proton Mail, Outlook or anywhere else. If you reply, the reply goes back through an alias service - to the other party it looks like it came from an alias, your real address doesn't shine through anywhere.
The practical difference from a regular mailbox provider is that the alias service does not store messages. It is an intermediate layer that receives, processes headers and forwards. This brings two advantages that a conventional provider does not: granularity (a specific address can be independently deactivated) and separation of identity from a specific mailbox (an alias on your own domain remains functional even if you move your mailbox elsewhere).
Aliases are sometimes confused with plus-aliases of the type jmeno+facebook@gmail.com. These have three significant weaknesses: they reveal the real address (just remove the +facebook), they do not allow to reply fully from the alias and many sites reject them outright. They are sufficient for normal mail labeling, but as a security measure they are a compromise.
What aliases solve - and what they don't
The first benefit is trivial but practical: when a particular site leaks data (and it will happen sooner or later), only the alias for that single site leaks. You can turn it off, unlike the actual email address, which you won't get back. At the same time, you can easily tell who has or hasn't sold your data by which alias the spam starts arriving.
The second benefit is breaking up profiling across sites. Ad networks and data brokers commonly use email address as a linking identifier between accounts. If each site has a different alias, this link is broken.
What aliases but does not address: do not encrypt content of communication. If the message is sent in plain text by the other party, it is read by their server, your alias service and your mailbox. PGP encryption before forwarding to the mailbox is offered by SimpleLogin and Addy.io, but it's an extra step and not every counterpart can send encrypted messages.
And they add one new risk that needs to be mentioned: another intermediary that technically knows the mapping between the alias and the real address. If an attacker gets access to your account with an alias service, they can change destination mailboxes, add recipients, and basically harvest everything that travels through aliases - including emails with password reset links. Microsoft's Defender documentation describes suspicious automatic forwarding to external addresses as a signal that may be related to account compromise. With an alias service, you don't add this mechanism yourself, but it's there all the time - so it makes sense to protect the alias service account with strong authentication, ideally with a FIDO2 key or at least TOTP, and periodically check the recipient list and forwarding settings.
Hence one recommendation, which she herself says Mozilla: for really critical communications - bank, doctor, lawyer, boarding passes, tickets - rather not use aliases and share your trusted address directly. For everything else, they are ideal.
SPF, DKIM, DMARC and the forwarding problem
Forwarding email disrupts the logic of SPF - the DNS record that the domain owner uses to determine which servers are allowed to send on his behalf. When a message passes through the alias service, it arrives in the destination mailbox physically from a different server than the one from which the domain owner allowed it. SPF will thus fail.
SPF failure alone may not mean non-delivery, but it does worsen the antispam score and, when combined with a strict DMARC-type policy reject may result in the message ending up in spam or being rejected. DKIM in particular plays a role here, as it relies on the cryptographic signature in the message, and the signature remains valid after forwarding unless the alias service modifies the signed headers or body. Additionally, there is an ARC (Authenticated Received Chain) that transmits the original results Authentication through the forwarding chain.
For the average user, this leads to a practical conclusion: if you use aliases with a shared domain (for example @aleeas.com or @addy.io), SPF, DKIM and reputation are taken care of by the service operators. If you are using your own domain connected to an alias service, you must have DNS records set up exactly according to the documentation for that service - i.e. SPF with reference to their infrastructure and DKIM keys passed to you by the service. The deliverability of important messages (password renewals, invoices, emails with attachments) should then be actively tested, not just assumed.
SimpleLogin
SimpleLogin is a Swiss open-source alias service that has been part of Proton since April 2022 and has since been integrated into its ecosystem, in particular into Proton Pass. The server, website, browser extensions and mobile apps are on GitHub, and the service can also be self-hosted. The servers run according to their own documentation on Proton and Finnish UpCloud infrastructure.
The free plan offers 10 aliases, unlimited bandwidth and unlimited replies - making it usable for many people in the long term. Premium costs $36 per year ($4 per month) on SimpleLogin's website; new subscribers through select channels tend to be quoted $35.88 per year. Existing subscribers retain the original lower price in some cases. The plan includes unlimited aliases, custom domains, catch-all, PGP encryption before forwarding to the mailbox, and, as of November 2024, Proton Pass premium features. The reverse works the same way: those with Proton Pass Plus or Proton Unlimited get SimpleLogin's premium features for free. There's also a lifetime Pass + SimpleLogin (lifetime) option for $199 - but Proton only opens it occasionally in limited-time promotions, not permanently.
User feedback on forums and comparison servers repeatedly says: stable deliverability, friendly mobile apps for Android and iOS, good extensions for Chrome, Firefox and Safari and very convenient alias management. As a limitation, they sometimes mention that Proton Pass and SimpleLogin still exist as „two somewhat linked but not fully unified“ products - switching aliases between accounts is not trivial. And as a philosophical objection, it is sometimes voiced that the concentration of SimpleLogin, Proton Mail and Proton Pass under one roof implies a certain dependence on one provider.
Combined with the Proton ecosystem, SimpleLogin is probably the most convenient choice today for users who want a simple solution and are willing to invest in Proton. If you reject Proton for some reason, the higher annual premium price is a disadvantage compared to cheaper competitors.
Addy.io
Addy.io (AnonAddy until 2023) is an open-source service under the AGPL-3.0 license, developed by British developer Will Browning. Again, the server is on GitHub and self-hosting is a realistic route - the community around Addy.io is more active in this regard than SimpleLogin.
The free plan offers 10 aliases on shared domains (@addy.io, @anonaddy.me), unlimited aliases on a personal subdomain of the type cokoli@uzivatel.addy.io and 10 MB monthly throughput. The Lite plan costs $12 for an annual payment and adds a custom domain, 5 recipients and 50 aliases on shared domains. The Pro tariff at $36 per year extends limits to 20 custom domains, 21 usernames, unlimited throughput, regular expressions for alias generation, webhooks and bulk operations. Among the features worth mentioning are GPG/OpenPGP encryption of forwarded messages, anonymous replies, and official integration with Bitwarden, which the manufacturers jointly announced back in June 2022.
User reviews on Trustpilot are unusually personal for Addy.io. A recurring review is that Will Browning himself answers any query, and usually within a few hours - one reviewer mentions that he replied over the weekend. Similarly, it is noted that the developer manages to keep the service true to its original purpose without „messing it up“. On the other hand, a number of people have run into the bandwidth limit on the Lite plan (it's very low on the free plan) and the inability to buy extra bandwidth - either upgrade to a higher plan or the messages stop coming. One experience worth noting: a deleted additional username on the Lite/Pro plan cannot be recovered and counts towards the limit even after deletion. This is a security measure to prevent an attacker from recreating the alias, but it doesn't help the user who has overwritten themselves.
Addy.io gives the impression of a service managed by one developer - this is both an advantage (personal approach, openness) and a risk (dependence on one person). For more tech-savvy users who want finer control, regular expressions, OpenPGP and the cheapest entry between custom domains, it is currently the most flexible option.
Firefox Relay
Firefox Relay is an American Mozilla service that works with the concept of an „e-mail mask“ - an anonymous mask that forwards mail to a real mailbox. It has a paid plan from November 2021 and is available in the Czech Republic from 2023.
The free plan, after the update delivered with Firefox 150.0.1 in April 2026, offers up to 50 email masks (previously it was only five); the attachment size limit remains 10 MB (increased from the original 150 KB in March 2022). Premium is now usually quoted at around $1.99 per month, or $0.99 for an annual payment, but prices vary by region and it's a good idea to check with Mozilla directly for the actual figure. The paid plan includes unlimited masks, a custom subdomain type nakup@vasedomena.mozmail.com, blocking promotional emails and the ability to reply to forwarded messages. Crucially, you can only reply in Premium, only 3 months after receiving the original message and a maximum of 100 replies per day.
Firefox Relay has the best of the four most documented limits, which is good to know in advance.
The 10 MB limit only applies to attachments - embedded images in the body of the message are not forwarded at all. Some sites mask the domain @mozmail.com are not accepted; users repeatedly complain in comments on addons.mozilla.org that the server accepts the registration, but the confirmation email does not arrive. In addition, some public lists of disposable email domains evaluate these masks more strictly than regular addresses, which is worth checking for important accounts. You cannot add CC/BCC for replies - if you do, you expose your real address to the recipient. Neither PGP encryption nor self-hosting is supported.
A more philosophical point that some users on the forums mention is service stability. Mozilla has throttled several products in the past - Firefox Lockwise, Persona, Firefox Send to. There's no reason to assume the same will befall Relay, but dependence on one particular organization with a divisive product strategy is a factor that's fair to consider, especially if you wouldn't have your own domain as an escape route.
For the average user who wants a few-click solution within Firefox for newsletters and less important registrations, Relay is functional and trustworthy. For more advanced use - full custom domain deployment, PGP, self-hosting, broad alias management, reliable attachment delivery - it is significantly less flexible compared to SimpleLogin and Addy.io.
ProxiedMail
ProxiedMail is a proxy-e-mail service launched in February 2020 by Oleksiy Yatsenko, a Ukrainian developer living in Porto. The goal is to separate publicly used email addresses from a specific email client so that a user can switch from Gmail to Proton or Tuta without losing „their“ addresses. According to the site, the servers run in the EU on DigitalOcean.
The pricing policy is significantly lower compared to established services. ProxiedMail sells lifetime plan for $30 on your own site and $10 as part of an AppSumo promotion, Functionally, it offers proxy addresses, custom domains without the need for separate mail hosting, replies from proxy addresses, contacts to initiate communication, API and integration with Zapier.
User ratings on AppSumo have long held near 4.7 stars out of dozens of verified reviews; those repeatedly praise the personal customer support from the founder - he responds below the reviews and in the contact email. Reviews on Trustpilot are more mixed. Specific complaints include: the mandatory „via ProxiedMail“ label in the From header, which cannot be removed; the inability to set a Display Name for the proxy address against external recipients; and the inability to forward a message to multiple real mailboxes at once. The lack of a mobile app has also long been heavily criticised; this was released in October 2025 (Android via Google Play on October 5, iOS via the App Store), which removes one of ProxiedMail's most cited handicaps - but the app is still evolving in terms of function and design, and early user feedback mentions that the interface needs tweaking.
Skeptical voices on technical forums (LowEndTalk) point out two things. First, ProxiedMail not open-source, unlike SimpleLogin and Addy.io - which means that neither code nor traffic can be independently audited. Second, the domain's DNS records show a reference to Mailgun alongside DigitalOcean, which the founder explained is because Mailgun is used for outgoing mail from aliases on users' own domains, while the main web and delivery infrastructure runs on DigitalOcean. For users, this means that the service's trust model is demonstrably less transparent compared to established open-source alternatives.
What makes ProxiedMail attractive is the price - a lifetime plan for $10-30 USD is unique in this category, especially for users who want to avoid recurring annual payments with SimpleLogin or Addy.io. The risk is proportional: shorter history, lesser-known team, closed source, and less robust customer infrastructure than established alternatives. For experimental deployments or less critical registrations, this may be a reasonable compromise; for a key role in digital identity, I'd prefer to go with a more proven service for now.
Practical recommendations
Alias services are useful for almost everyone who registers regularly on the Internet. But the most important thing is not to use them in the same way everywhere.
For newsletters, e-shops, forums, test accounts, plugin licenses and similar less critical services, aliases work great and the risk is minimal. For accounts where deliverability and identity verification are critical - banks, domain registrars, hosting, tax advisor, doctor, lawyer, boarding passes - it makes more sense to use a directly trusted main address, or an alias, but with its own domain that you can move elsewhere if problems arise.
If you are using your own domain, make sure you have SPF, DKIM and DMARC set up correctly and test the deliverability of important messages (password recovery, invoices, attachments) proactively. For an alias service, protect the account with strong authentication - TOTP minimum, FIDO2 key ideal - and periodically check the forwarding settings and recipient list.
From my position, I'd put the foursome like this: SimpleLogin for Proton ecosystem users and anyone who wants a solution that „just works“ with mobile support; Addy.io for the more tech-savvy user who appreciates finer control, OpenPGP, regular expressions, and a personal developer approach; Firefox Relay for the casual Firefox user who wants simple masking for non-critical registrations and doesn't expect any more advanced scripting from it; ProxiedMail for whoever is tempted by the price and who accepts that they are buying from a service with a shorter history, closed source code, and a mobile app that is just maturing.
Regardless of the choice, one thing is true: the alias service is another of the identities entrusted to you. The trust placed in it should be commensurate with how open the service is, how long it has been running, and how you will use it - and for critical things, it's wise to have an escape route to the alias.
The information and ratings in this article are based on publicly available sources as of the date of publication and are subject to change over time. I recommend checking the current prices, limits and features of individual services directly with the operators before making a decision.
Čeština
English
Deutsch
Español
Français