[mkenyon]

Hi, one of the 1Password engineers who worked on this. Glad to hear that you like the idea!

One of the really nice parts of building this out with Fastmail is that you can create Masked Emails for your own domain. So, if you ever decide that Fastmail isn’t right for you, then you still receive all of those emails when you set up a wildcard alias with your new email provider.

Similarly, if you ever decide that 1Password isn’t right for you, that doesn’t stop you from receiving your emails. And the email addresses should still be part of your 1Password export.

[Teknoman117]

I've had this thought for a product multiple times. I run my own mail server, and for years I've created a random email for every service. Main reason was to figure out who is selling my email addresses.

The main thing that always held me up was, how do you plan to avoid getting blacklisted at the domain level if people start abusing the ability to create random emails? A few services I use even disallow Gmail addresses.

[throwawayboise]

I've had services refuse my fastmail.fm email address, with the reason that they don't allow "disposable" email accounts. But they accepted my gmail.com address....

[jiveturkey]

Not that this was their criteria (they seldom if ever think it through to this level), but gmail requires phone number after a certain point. And they only allow 4 accounts per phone number.

[mkenyon]

That's a good concern.

I can't fully speak for the Fastmail folks, but I know that there are a few upper limits for how many masked email addresses that one account can create. We tried to set them unreasonably high to allow for all manner of legitimate use while still preventing bad actors. They're also monitoring usage and tuning that limit. Plus, you can always email support and ask for a increase for your specific account, if you ever bump up against it.

[fragmede]

Sell private domains as an "enterprise" feature, and have different sets of IP blocks warmed and ready to go for when they eventually get blacklisted. But selling it as a service involves a higher level of effort due to that exposure. Configuring a private domain for just yourself to solve the problem just for you doesn't have the same risk exposure.

mailinator's been around providing this (as a recieve only) service for decades by this point.

[davzie]

Hang on hot potatoes. I use 1Password. So are you saying I can generate a login that uses

myaccount+alias@mydomain.com

automatically?

[mkenyon]

Those +plus aliases still make it easy for people find your actual email address.

We go one step further and generate a random email address for each new service you sign up with. It'll look something like "hot.potatoes4827@mydomain.com".

You can create a new masked email anywhere you have the 1Password browser extension, including our brand new iOS Safari extension.

[michaelmior]

This is nice in terms of hiding your actual address. However, it makes migrating away harder because now instead of setting a simple rule to strip the + for forwarding, you need to individually map each address.

[WA]

So what is it that you want? Either you want a masked email or you want an easy way to migrate away. You could still setup trashcan+randomdigits@yourdomain.com manually. Or you could setup a catchall rule for your new provider.

Unfortunately, way too many internet services don't allow the plus sign in an email address. It's weird, but it's true.

[josho]

Even worse I've had front end systems accept account creation with this address format, but their backend system fails when using some integrated service. The result is 3 months after setting up the account something breaks when I try some other functionality and I have had to contact their help desk and ultimately we stumble through and realize the problem may be my email address.

[michaelmior]

There are varying level of masking. I would consider an email myusername+random@domain.com as a masked address. Of course it is trivially unmasked. But assuming I am willing to accept that, it does offer a different tradeoff with respect to convenience. It's true though that is fairly trivial to manually add +random

[fragmede]

`sed s/[+].*@//` over the email list will get rid of enough "plus" email addresses. Better use a custom delimiter if you're relying on the + character for anything.

[ryanianian]

> you need to individually map each address.

How hard is that though? Export all email addresses from 1Password (trivial), extract generated emails (trivial), and add forwarding rules for each one in your mail server (trivial to easy depending on your setup).

Maybe not easy for non-savvy users, but neither is a custom domain or even knowing about the + trick.

[dewey]

Or you could just enable a catchall address and get all of them without doing any stripping or mapping.

[michaelmior]

True although this only works if you're the only user on your domain.

[yokoprime]

I have an extra domain attached to fastmail which I only use for junk. If you know the domain where my main email lives, you can pretty much guess a couple of aliases which will work. I want my junk mail completely separate from my useful mail

[jtdressel]

Settings -> Domains -> Team Settings -> Masked email domain.

Disclosure - I work at 1Password, though I had only tangential involvement in this effort

[capableweb]

I ended up at https://$mydomain.1password.com/integrations/directory and I can only see Fastmail as an option. Clicking there it asks me to Connect with Fastmail rather than that I can provide my own domain. I already have a wildcard domain setup so I'd like to use it as @davzie mentioned.

[brongondwana]

You need to OAuth to Fastmail (the service) to hook it up, then as was mentioned above, you can go into the settings in your Fastmail account to choose which domain your Masked Email addresses are created in:

Settings -> Domains -> Team Settings -> Masked email domain

It will default to fastmail.com, but easy to change it.

[capableweb]

Oh, I completely misunderstood then, I thought I could do this with just 1Password. I already have email setup myself and don't need Fastmail, so then it seems I cannot use this feature. I'll just continue myself to randomly generate my addresses then...

[maverwa]

Well, as I understand it you'd have to do this manually. As in, pick a random alias for the site, use that as you email address there and enter the same one in 1password (or any other credential store).

The full "it just works" integration seems to only work between 1password and fastmail directly.

[pionar]

With fastmail, you can do that already. I do that. I have addresses like some_random_list_I_joined@mydomain.com

[mkenyon]

True! I've been doing wildcard.company.name@mydomain.com for a few years now with Fastmail. This makes it one step easier to generate that email address, as well as one-click blocking any alias that starts receiving spam.

[smcleod]

You can also do things like a wildcard on a subdomain like dodgywebsite@auto.yourdomain.com.

Otherwise subaddressing with + works well with most mail hosts other than Microsoft Exchange / Office365 (which have had endless problems).

[amadeusw]

That's the way to go. I set up a rule where everything going to *@a.mydomain.com goes into a folder which I largely ignore. Every website gets a unique prefix, e.g. ycombinator@a.domain.com.

The advantage of Masked Emails is that third parties won't even know about mydomain.com. The disadvantage is that you need 1Password to recall which email address you used with a particular website.

[dolmen]

You also need to be a Fastmail customer.

[isaack]

Yes, but if you goal is to hide your identity, this really wouldn't work. Everything is still tagged to your identity, i.e. @mydomain.com.

[capableweb]

> Yes, but if you goal is to hide your identity, this really wouldn't work

It still could.

> Everything is still tagged to your identity, i.e. @mydomain.com.

If your domain is tied to your identity, then yes. But to be extra clear, this should have said "Everything is still tagged to your domain" as not everyone has their domain tied to their identity. I for example have my domain setup njal.la with zero personal details attached to the domain itself, either publicly or at njal.la.

[geerlingguy]

Except now this comment ties your username to that domain ;)

[capableweb]

To njal.la? I guess that's fine, I'm not their only user ;)

[rattray]

Maybe not the best idea to provide that info in searchable plaintext tied to an account you own?

[capableweb]

Neither my identity here, my domain or my account on njal.la is connected to anything in my real life so not sure why it would be a bad idea?

[rattray]

A comment you made in the past or make in the future could reveal something; simply changing the text to "njal dot la" would prevent a google search of the domain from finding this.

[Aeolun]

Doesn’t that rather defeat the point though? I can set up a wildcard for fastmail and use any account name I want to sign up to services without any intervention from 1password.

Edit: saw someone point out this only works for one user per domain.

[mkenyon]

I've been a happy Fastmail customer for years prior to working on this feature. I've used a wildcard with my Fastmail account, created a new email address for each service I sign up with, and stored that email address in 1Password. All by hand. It's a tiny hassle, but one that I think is worth it.

The Masked Email integration makes that entire process automatic. It's even easier than before. It's enough to convince a few Fastmail-using friends to start doing it.

[wcerfgba]

Yeah I also do this: I own my domain and I use a catch-all setup at my email provider so <anything>@jpreston.xyz goes to my inbox.

I suppose the advantage with a non-custom domain is you leak no info about yourself, the masked email is 'just another Fastmail email address'. But doing it for a custom domain feels like it defeats the point, isn't it just like catch-all at that point?

[fragmede]

The value is in knowing who leaked your email address, and being able to take action based on that. If you use a unique address for every service then you can know for certain random Internet store got hacked, or sold their database. In either case, you kill the credit card you used (privacy.com) for that store before it gets used elsewhere, saving you additional time and money on having to deal with your banks.

[gonehome]

It lets you migrate without having to update your email across every account.

It’s what I do with a custom domain (though only have a handful of custom aliases currently).

Having this integrated in a first class way is a nice surprise and a really great feature imo.

It’ll make it easy to see who leaked your email and kill the alias while also not locking you into to fastmail forever as a provider.