[tmarice]

One concrete vulnerability is mentioned in a linked thread and described here https://news.ycombinator.com/item?id=37791500

I have created a ticket with the Fastmail support asking them more details about the vulnerability you mention in your thread, I’m curious to see their response.

[chrisjj]

There FM said:

> When forwarding an email as an attachment and later checking the headers of the attached email, I could not find the X-resolved-to header

this is odd, no? This header field should remain.

And regarding that FM Privacy First declaration, this is now 404.

[tmarice]

Well they still claim it is impossible to connect different masked emails together. If you as a sender can reliably determine the target email address, then that claim is untrue as well.

[chrisjj]

Where are they still claiming that?

[tmarice]

On their Masked Email feature page https://www.fastmail.com/features/masked-email/

> Companies have no way of linking different Masked Email addresses together to track you.

I have received the Fastmail support response, and since they do not consider this a vulnerability, I'll post it here:

- You have a Masked Email

- You have set up forwarding from your Fastmail account to another email service

- The other email service rejects the mail for some reason

- The bounce message goes back to the original sender, and may include the email addresses along the chain after the Masked Email address.

I'm assuming the bounce message contains the X-Resolved-To header mentioned in the other HN thread linked above.

[chrisjj]

Thanks. I agree. The privacy claim is contradicted by Support's "may include the email addresses along the chain". I note though that I got the opposite answer from Support.

Did you request escalation?