r/emailprivacy

Advice

Does creating Gmails and earning money is worth it or it is a privacy issue or a threat recently I got a Offer of creating Gmails and earning money but I am curious is it worth to do is it safe and secure In future it may lead to big problem for me or not what's your opinion guys

reddit.com
u/Much_Contribution171 — 12 hours ago

Phone as an Email Server

Hi, I am building an application which will enable you to host an email server on your phone. Instead of relying on a centralized entity like Proton or Tuta, we would be able to directly send and receive emails in a decentralized manner. Currently looking for a non-tech co-founder from Germany. I primarily need assistance with social media marketing and fundraising, and you will get paid €2500 per month for the first 12 months.

What do you guys think of this idea and would you be willing to host an email server in the background on your phone?

reddit.com
u/NewtComprehensive176 — 18 hours ago

How to get rid of unwanted sexting/dirty talk spam mails

Recently I have started getting such spam mails a lot. I don't know where but ig my mail ID must have leaked somewhere, and no matter how many of these IDs I block or mails I delete, they keep on coming. I have a habit of checking my junk folder regularly as a lot of external client mails end up in that box, and I just want to know if there is a way to get rid of such mails in one go?

reddit.com
u/ScaryConcentrate284 — 1 day ago

i need A LOT of advice for a major OS, Email, and overall Privacy change

i want to do a clean Windows 11 IoT LTSC 2024 install without my microsoft account connected as it is right now, dual boot Linux Bazzite, install GrapheneOS on my Pixel, switch all of my Emails from Gmail to Proton Unlimited or anything similar, start using Mullvad VPN, Mullvad browser for private searches, Librewolf for daily use, but i dont know from what i should start😭

how should i even attack this massive change? in which order should i do any of these things? like, should i change my emails first before reinstalling my OS's so that there's no link or something? should i get the VPN after i also reinstall my OS's? i'm genuinely stuck and cant bring myself to do anything cause i dont know which order would be the best to do a clean transfer with no major links to my new private stuff.

if anyone could help me with making an order of action i'd be grateful🙏

Should i get Proton Unlimited or something else? It seems nice cause of the ecosystem but i've heard that separating your stuff is essential so i'd be willing to give that up.
are there any other email services that let you have infinite aliases? and should i even use aliases for most of my accounts? What does it do exactly?

how should i go about using my SIM and mobile data on aswell? i NEED my SIM but idk if using mobile data would make tracking even worse, would it? or do they already triangulate your position just by having your SIM in your phone?

and what about accounts that require a linked phone number for verification?

reddit.com
u/FroggyRaven — 1 day ago

Complete email setup overhaul iCloud aliases + Hide My Email looking for feedback

Hey,

I've been reading up on cybersecurity quite a bit these past few weeks, and I've realized my email setup is the weak link in my system, even though everything else is fairly solid.

Current situation:

- 1Password with ~250 accounts, all with unique passwords rated "fantastic," Watchtower looking great

Passkeys enabled everywhere possible

- But... almost all 250 accounts are tied to 1-2 Gmail addresses (a main one from middle school, and one dedicated to audio plugin licenses I created 3 years ago)

- I'm 100% in the Apple ecosystem (iPhone, Mac, Apple Watch, iCloud+ 2TB)

- For email I've used Spark for years: smart inbox, clean Ul, everything in one place - but they've added Al features I don't use plus some bugs since, and the subscription is starting to feel like a burden. Apple Mail recently added "Send Later, so I'm considering switching to something simpler

What I've figured out / where I'm at:

At first I thought I'd need to create a different email address for every single account (not feasible, I don't have a year to spare for that). Then I discovered aliases, Proton Mail, SimpleLogin, and especially iCloudt's Hide My Email, which I already have access to through my subscription.

The system I'm considering:

A main iCloud address (never exposed publicly, given only to close family), and stable Hide My Email aliases organized by life category: health, finance, government, music licenses, collabs, school, transportation, tech/ gaming, entertainment/streaming. For shopping and classifieds, a disposable alias per site or per transaction.

My questions:

1. Does this system hold up long-term? Has anyone used Hide My Email for several years and can share their experience ?

2. Is having this many categories overkill, or not granular enough?

  1. For migrating the existing 250 accounts — my plan is to actively migrate the ~25 critical ones, and handle the rest gradually whenever I naturally log into them, with Gmail forwarding running in parallel in the meantime. Is that the right approach ?

  2. I'm planning to stick with 1Password for now (cross-platform, passkeys, Watchtower), and switch to Apple Passwords once it's more feature-complete in a few years. Any thoughts on that transition ?

5. Has a got a similar setup that works well ? What would you change ?

Thanks in advance I'm looking for something simple, secure, and that l'Il still be using 20 years from now.

And yeah I'm considerating yubikey, but i want to have advice before investing in it, thanks for all of you, thanks geek:)

reddit.com
u/Positive-Rub4930 — 2 days ago

Looking for any spare old/aged Gmail accounts (free, not buying)

I'm looking for any spare old or aged Gmail accounts that people are no longer using and are willing to give away for free (not buying or trading anything).

If you have extra emails sitting unused and don't mind sharing one, please DM me. It would help a lot.

Thank you!

reddit.com
u/Gyanu_Flow — 2 days ago

I built a temporary email service focused on privacy — I'd love honest feedback from this community

>Hi everyone,

I'm the developer of Temp Mail Box: https://tempmail-box.com/en

I built it because I was frustrated with disposable email services that:

  • Require sign-ups
  • Have cluttered interfaces
  • Make it difficult to manage inboxes
  • Don't offer much control

My goal was to keep everything simple while adding features I personally wanted:

  • Instant disposable email generation
  • Custom username support
  • Multiple domains
  • QR code access
  • One-click copy & refresh
  • Multiple inboxes (Pro)
  • Optional notifications and sound
  • Clean interface without unnecessary clutter

I'm not here to advertise—I genuinely want feedback from people who care about email privacy.

What features would make you choose one temporary email service over another?

Any criticism or suggestions are welcome.

reddit.com
u/Low-Construction8483 — 3 days ago

Woke up to a nightmare. Yahoo deleted 10+ years of important emails due to inactivity. Is there ANY hope?

Hey everyone,

I’m honestly devastated right now and just need to vent, but also desperately looking to see if anyone has managed a miracle in this situation.

I had a Yahoo email account that I hadn't logged into for a long time. It contained incredibly important emails, records, and memories. Today, I finally logged back in, only to find a notification from Yahoo stating that they have completely wiped my inbox because the account was "inactive."

Years of data, completely gone. Just like that.

I didn't know their official policy says after 12 months they purge the servers, but it feels like such a massive gut punch. It’s incredibly frustrating that there is absolutely no warning or way to download an archive before they pull the trigger on a permanent delete.

Has anyone ever found a workaround for this? Is there a specific support channel, a data request route, or an offline caching trick that worked for you to get anything back?

If not, let this be a warning to everyone else: go log into your old archive accounts right now before they wipe your history too.

Thanks for listening. 💔

reddit.com
u/Desperate_County4185 — 4 days ago
▲ 561 r/emailprivacy+2 crossposts

Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

A vulnerability in Apple’s “Hide My Email” tool lets almost anyone discover a person’s real email address that is supposed to be hidden by the feature, and Apple has failed to fix it for more than a year, according to a security researcher and 404 Media’s own tests.

404 Media is not revealing the exact details of the vulnerability because it can still be exploited as of Monday, when 404 Media verified the issue with one of our own hidden email addresses.

”Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media.

“Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy added.

Hide My Email is part of Apple’s paid iCloud+ product. It lets users generate an anonymous email addresswhich they can then use to sign up to services or email people with instead of their personal email. These email addresses are often two random words and a number ending in the @icloud.com domain.

This can be useful for all sorts of reasons: to reduce spam; to create an account you may not want linked to your personal address and identity; and to not have your personal information held by a site that may later suffer a data breach. I personally have generated more than 400 email addresses with Hide My Email, for example.

To test the issue I generated a new Hide My Email address and provided it to Murphy. Around five minutes later, he replied with my real email address linked to my Apple account which was supposed to be hidden.

“We don't know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy said.

Murphy first reported this issue to Apple in June 2025, according to a copy of Murphy’s messages with Apple he shared with 404 Media. A month later, Apple replied and said it was looking into the issue. In March of this year, Apple said it had “addressed the reported issue in a recent system change.” But Murphy found the issue had not been fixed. He provided more information, and later that month Apple said again it was looking into it. Apple said it was still investigating in May.

“We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products,” Apple wrote in May.

“It seems that ending new sales of Hide My Email until the problem is fixed would be an effective way to limit the number of customers at risk. Is that an option?” Murphy wrote back.

At the end of May, Apple said it was planning to address the issue in a future security update “expected in the coming weeks.” Murphy then contacted 404 Media on Monday and provided details of the issue and his statement saying, “We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer.”

Apple did not respond to multiple requests for comment from 404 Media.

In June, TechCrunch reported Apple plans to make changes to Hide My Email that will make it significantly less effective. It will change generated email addresses from using the @icloud.com domain to @private.icloud.com, which means websites or services will be able to more easily block signups from those addresses.

404media.co
u/redditproha — 5 days ago

I want to make the best one time email service

I recently purchased OneTimeEmail.com - If that sounds familiar, the previous owner posted about it here recently (Ref: https://www.reddit.com/r/emailprivacy/comments/1syl2w0/i\_launched\_a\_temporary\_email\_site\_10\_days\_ago\_i/)

I rebuilt everything from the ground up, with the probably mad goal of making this the best one time email service there is. I have always wanted to make one, and when I saw this amazing domain name for sale, I thought this is the sign for me to do this.

Here are some of the things that I believe makes this different from all the other similar websites:

Simple and minimal. No blinking banner ads, no Captchas, no adtech spyware. Not even tracking cookies.

You choose how long your inbox works for. Do you want your inbox to automatically delete after 10 minutes, one day or one month? The timer resets every time you access it. Or do you want to press a big red button to delete it yourself when you are done? You can do all that. It's your inbox, you choose.

Access your inbox from anywhere. When you create an inbox, you get a special link that you can use to access your inbox from any device. And you also get a 12-word recovery phrase. You can memorize that and access your inbox again from any device.

Smart parsing. When you use this service to receive verification codes or links, you don't need to open your email like a caveman. Your verification code is parsed and shown to you on screen with a copy to clipboard button.

One Time Persona. Since I believe if something is worth doing, it's worth over-doing. So, I noticed that OneTimePersona dot com was also available, I bought that, too, and made it into a service that works alongside OneTimeEmail dot com. One Time Persona allows you to generate an entire fake identity with data that sounds correct, including a full name, street address, ZIP code and a matching one time email address. These can be used with those annoying websites that force you to enter your full name and address.

Natural-looking email addresses. Many one time email services create you email addresses that have long strings of random characters such as xt1x7o+f853sl9yvxx74 at somedomain.com. We create email addresses that look natural, john.doe69 at somedomain dot com etc.

EU-based. We are based in Estonia and bound by GDPR privacy laws. Maybe it's not much in the grand scheme of things, but it's something.

Hamsters. Our website has hamsters. Literally no other one time email website has hamsters.

Next on the pipeline is to create Chrome and Firefox browser extensions, to allow users to automatically fill in a one time email or entire fake one time persona to a form and catch the email to your one time email box. Basically the convenience of email relay service, but without having to fetch those verification codes or links from your actual inbox.

The reason why I posted here was to ask for your suggestions, such as is the website currently missing some critical features or do you see any clear UI/UX problems?

reddit.com
u/JouniFlemming — 3 days ago
▲ 4 r/emailprivacy+1 crossposts

🚨 Attention to my fellow email marketers, especially the ones marketing to Europe.

France just made your open rate illegal. Italy is next.

Not the tracking email itself. The tracking pixel inside it.

On April 14, 2026, France's data authority (CNIL) ruled that email tracking pixels are treated like cookies. The pixel needs its own consent, separate from the consent to send the email. Italy passed a binding version three days later.

France's deadline is July 14. That is 11 days away. ⏰

Italy's lands on October 28.

What actually changed:

You can still send a cold email to a business contact in France or Italy.

What you cannot do is silently track whether they opened it.

The email is legal.

The pixel is not, unless you have explicit consent.

One thing most marketers will get wrong:

Sending a bulk re-permission email in July, counting the opens, and assuming silence means yes.

That fails twice. Silence is not consent. And the re-permission email itself fires a pixel before the recipient can respond. Consent must come before the first email, not inside it.

What to do instead:

→ Turn off open tracking for French and Italian contacts who have not explicitly consented to it.

→ Replace open-based triggers in your automation with click-based triggers.

→ Collect tracking consent at the sign-up form level, before any email is sent.

→ Shift your reporting to clicks, replies, demo requests, and form fills.

The truth underneath this is simpler.

Open rate has been a broken metric for years.

Apple killed its reliability in 2021.

This ruling finishes the job in two European markets, and the rest of the EU is likely to follow.

The email can still be sent. The tracking cannot.

If you email France or Italy, open rate is now a consent-gated metric. Start measuring what buyers actually do, not whether their email client loaded an image.

reddit.com
u/bigedediki — 3 days ago

are AI scam detectors for email actually useful or do you still need something broader

so i've been getting hit with a pretty ridiculous volume of phishing and scam emails lately and i started looking into whether dedicated ai scam detection tools are worth using or if they just duplicate what a good security suite already does.

i've seen a few standalone tools that claim to analyze emails in real time and flag suspicious links or spoofed senders using ai but i honestly can't tell if that's meaningfully better than what a broader security tool with email protection built in would catch anyway.

my concern with the standalone approach is that scams don't just come through email anymore. i get dodgy links through texts, social media, even calendar invites. so i'm wondering if something that only covers email is too narrow to actually be useful in practice.

has anyone used an ai scam detector specifically for email and found it caught things that their existing security setup missed? or did you find that a more complete security tool handled it just as well without needing a separate app for email alone.

reddit.com
u/Iva7_Alessandro_231 — 3 days ago
▲ 17 r/emailprivacy+1 crossposts

Month two of measuring DMARC, MTA-STS, DANE, and BIMI across the top 1M domains. DANE adoption fell, and it came down to a single provider.

Last month I posted the baseline for this: a monthly measurement of how the top million domains actually deploy the four standards-track email-security protocols, DMARC, MTA-STS, DANE-for-SMTP, and BIMI. This is month two, so for the first time there are month-over-month deltas. I expected the change to be the interesting part. It was, in a way I didn't predict.

DANE was the only one of the four that went down. And it wasn't operators giving up on it. One provider, Migadu, removed the TLSA records for its entire customer fleet sometime in June. Around 500 domains that had DANE in June don't in July, still pointing at the same Migadu MX hosts, just with the TLSA records gone. Nobody on those domains touched a thing, and I doubt most of them know. Take Migadu out of the numbers and DANE grew like the rest.

That turned out to be the theme of the whole month: email security moves in provider-sized blocks, not one domain at a time. ALDI Süd switched on MTA-STS for eleven of its country domains in what was clearly one change. Of the 488 domains that gained DANE, 466 got it just by moving to a mail host that publishes it by default, mostly Cloudflare Email Routing. My favorite piece of that: about 60 of those domains are low-effort throwaways that clearly never gave email security a thought, and they picked up DANE the moment they switched hosts. The provider decided, not them.

The month-over-month changes, counting only domains present in both months (more on why in a second):

DMARC valid records: +2,282, and domains tightening their policy outnumbered those loosening it 2,488 to 567

DANE: down 249 as measured, but +258 once you remove the Migadu deletions

BIMI: +346

MTA-STS valid policy: +163, with 76 domains graduating from testing to enforce against 10 going the other way

On method, because the obvious objection to a monthly top-1M study is that the list itself churns: it does, about a quarter of it turns over every month. So I only compare domains that appear in both months. I also checked whether "leaving the list" means a domain actually changed something, and it doesn't. 48,000 domains dropped off the list in June and came back in July, and 98.5% of them had the exact same mail provider across the gap. Leaving the top 1M is a popularity-ranking dip, not a provider migration. Everything else from last month still holds: unfiltered resolvers only, a second resolver in a different region has to agree before anything is recorded, and the run is paced so we never throttle anyone.

One number I keep chewing on. If the current pace held, DMARC would reach nearly every domain by the early 2030s, while the two protocols that actually secure the connection between mail servers, MTA-STS and DANE, stay on a track that runs into the 2040s and beyond. Authenticating who sent the mail is on its way to universal. Protecting how it travels is more than a decade behind it. Real adoption curves flatten near the top so I wouldn't bet on the exact years, but the gap between the two is the thing worth watching.

Happy to get into the method, that's usually where these threads go. I run an email infrastructure company and this is our own research.

reddit.com
u/Ok_Philosophy_9766 — 4 days ago

Third-party client with Tuta support is coming

We are happy to announce that Tuta Nota native support is coming to Epistles Mail, meaning you'll be able to have your Tuta email alongside company emails, proton, gmail, IMAP, and whatnot, all in the same app. Think "Newton Mail, but it speaks every provider's native protocol and runs everywhere."
One app across iOS, Android, macOS, Linux, Windows, and web, from a single codebase.
Unified inbox, snooze, send-later, triage swipes, calendar, per-account notification rules.

Instead of forcing everything through lowest-common-denominator IMAP, each provider gets a real adapter: JMAP for Fastmail, the Gmail API for Gmail, Proton's protocol for Proton, and so on. It's local-first: your mail lives in an encrypted database on your device, and a lightweight relay only handles push notifications and a zero-knowledge settings vault. The relay never stores your email content.

If you want to follow along or kick the tires when the Tuta adapter lands, the waitlist is at https://epistles.com.

u/EpistlesMail — 4 days ago
▲ 25 r/emailprivacy+1 crossposts

Moving away from Gmail. Best EU email hosting?

Trying to move away from Gmail and Outlook and looking for a proper European alternative for email hosting. Preferably something based in the Netherlands or at least with servers in the EU. What are you all using and why did you go with them?

reddit.com
u/ggpelupessy — 5 days ago

Help with understanding aliases

So I started searching for alternatives to Gmail and Outlook, and found Runbox, and started a free trial. I got curious with the domains and aliases it provides, but since I am a bit new to this, I want to understand what's the actual purpose for this. My understanding is that you create them in order to differentiate between your services, but I am unsure how is that going to help me if everything is funneled into 1 email account, since I have been using 4 for different purposes, trying to distinguish them between entertainment and government/financial services. Am I overthinking it or I am on the right track for it?

Thank you in advance.

reddit.com
u/001VI — 4 days ago

Should I stay with Tuta or move on?

Hello my fellow redditors✌️

I love Tuta. It is my second year as revolutionary subscriber, and I joined Tuta with passion, to enhance my internet privacy. I was amazed like a little child to see that my emails are not going to be read by the provider, used to sell me "better" ads, or analyzed my personal stuff to build AI models.

Since Tuta has been here for quite some time, I am unpleasantly surprised, that many suggestions from other users are not taken with more caution, or falling behind. Some of them have been here for even months.

\- The UI for me is really outdated. No customization for folders like colours, rearrange the position (until you rename your folders alphabetically or add numbers before the name), red and blue tint + dark mode and thats it.

\-The UX is horrible for me. Navigating in the settings menu was a nightmare, untill I finally got use to it. Some ppl here were even asking, how to add more aliases...

\-No options to change swipe option on mobile app

\-If you got locked out, you need another paid account to reach the support with higher priority.

\-Why having 2 separate apps to maintain when you have a Calendar in Tuta mail app? The only reason I have it both installed is the calendar widget. Having this option available in main app would save resources. I get that some ppl just want to have an encrypted Calendar, but why would you pay just for a Calendar app, when there is lot of nice FOSS alternatives, and you can even add tasks when in offline mode. As well I sometimes am out of connection for various of reasons, and not being able to add an event is just unfortunate.

\-Many of your requests are vaguely responded to by Tuta, and some I feel like are avoided completely.

\-Recent folders missing issue should be a pinned post by Tuta. Instead you need to browse this subreddit and ask for a help.

\-I have an impression that Tuta mostly post topics like: Google bad, We are better than Proton, Tuta is part of this and that, chat control, etc... Dont get me wrong. Being informed about privacy is a good thing, but it seems it is recycled over and over again.

\-I see lot of topics/questions posted in other subreddits because they were not approved in their own.

\-Lot of time I got off-line status

\-I had a problem to delete emails from trash - got an error

\-Problems to pickup the contacts when writing new email - got an error

\-Composing new email - I got an error

\-Received emails are not renderred properly on mobile. (Images are in wrong positions- I have this issue since I joined Tuta)

\-It looks like to me as a startup project, than a stable service.

\-I dont know what to expect from Tuta Drive when I see Mail and Calendar app not being polished enough.

Please, don't take this as a hate post. I loved Tuta. Now it seems that I want to like Tuta again. So I am thinking to switch to another provider if things got worse.

Originally this post should be on r/tutanota, but it seems they dont want to approve it, shame.

I apologize for my EN, and the structure of this post (I'm not good at it)

Thank you in advance for reading this, and I look forward to hearing from you.

If some statements here are not true, please feel free to correct me. Thank you <3

reddit.com
u/VioletChair — 5 days ago

Fastmail

Would you consider FastMail a private and secure email, calendar and drive service? Does Proton own the market when it comes to convenient private and secure email, calendar and storage?

reddit.com
u/paranoidandroid4284 — 5 days ago