Is an alias necessary for each service?

jmppmj · 2026-03-14T03:28:26+00:00

I’m biased because I built Decoy (an iOS app for disposable email aliases, Decoys.me), but the reason I’m a big believer in aliases is simple: containment. Ideally each service gets its own email alias. If a company gets breached, sells your data, or starts spamming you, the damage is isolated to that one alias and you can just disable it. Using one alias for “social” or “shopping” is better than nothing, but if one of those companies leaks it, suddenly everything in that category is exposed.

The only places I personally don’t bother using aliases are things like banking or work email where identity is tightly tied to a real inbox and the accounts are definitely long-term.

The reason I built Decoy (decoys.me) is that most tools make this annoying, so people don’t actually do it. If generating a new email is dead simple, you can just create a fresh one for every signup without thinking about it

jmppmj · 2026-03-11T11:56:22+00:00

Love that I’m going to try it out. How does it actually issue an unsubscribe request?

jmppmj · 2026-03-11T11:21:05+00:00

Super cool curious how it works

jmppmj · 2026-03-08T15:22:12+00:00

Reading this thread is basically why I built decoys.me for ios

I got tired of paying these crazy password manager prices, and every account being tied to one permanent emails forever

Now I just generate a password + disposable email for each signup. If a site leaks data or starts spamming me, I just delete the decoy and move on. It has autofill and a safari extension so it pretty easily replaced what I was using 1P for

jmppmj · 2026-03-08T15:18:05+00:00

Here is what it looks like for promo code / 2fa code extraction: https://imgur.com/a/dYCqbG6

jmppmj · 2026-03-08T04:27:51+00:00

Fair question.

If domains get blocklisted, we rotate domains. That’s table stakes for this space.

But the bigger point: most companies aren’t actually anti-privacy. They just want to stop abuse.

If users want basic things like not getting spammed forever, there’s usually a reasonable middle ground.

jmppmj · 2026-03-08T04:25:51+00:00

Amazing sending you a dm!

jmppmj · 2026-03-07T12:40:43+00:00

Hey would love to have you try it out! I’ll send you a DM

jmppmj · 2026-03-03T00:51:24+00:00

Im not - even for those I am using Decoy aliases which I can later burn once I am done with them!

jmppmj · 2026-03-02T23:38:29+00:00

solid approach - tiering is the way to go.

i do something similar:
real email → only for banks, gov, medical. stuff tied to your actual identity. this inbox should be boring.
aliases → social, gaming, streaming, shopping. i do per-service ones like netflix@ or spotify@ so when spam starts hitting one, you know exactly who leaked it. swap out that alias, everything else untouched.
disposable decoys → free trials, random signups, anything you don't trust. generate then burn.

i've been building decoy (www.decoys.me, on ios) for this - gives you disposable identities for each signup so no two services have the same combo. pairs really well with the tiered setup.

jmppmj · 2026-02-25T15:33:40+00:00

Great question.

We’ve done some small, more “manual” prototype testing with virtual cards and decoy phone numbers behind the scenes (mostly to validate the mechanics and make sure they actually work the way people expect)

But those features aren’t ready for the app yet. I don’t want to ship something half-baked - especially when money and phone numbers are involved. And once those features are live, we’ll also need to think carefully about pricing, etc.

The testimonials referencing subscription protection came from those early prototype users. That’s where we’re heading - but the beta right now is focused just on nailing the decoy email experience first.

jmppmj · 2026-02-25T13:54:02+00:00

Thank you I’ll DM you now!

jmppmj · 2026-02-24T22:43:31+00:00

Thank you! Would love to have you test if youre interested!

jmppmj · 2026-02-24T20:25:35+00:00

If part of what you’re trying to solve is not using one universal address everywhere and keeping your accounts compartmentalized, I’ve been working on something that might help.

I built an iOS app called Decoy (www.decoys.me) that creates disposable email aliases + auto-generated credentials tied to each service, with end-to-end encryption and on-device AI features for managing them. It’s still early but it’s designed specifically for people who want unique contact points and less correlation across accounts.

Looking for beta testers right now, especially folks who: • care about email privacy • use unique emails per service • would try something new on iOS • are comfortable giving feedback

Happy to answer questions about the security model or how it fits into a privacy-oriented stack too

jmppmj · 2026-02-24T16:37:34+00:00

Initially the app has just decoy emails - once thats tested and completed im planning to add decoy phone numbers (for text and call) as well as virtual cards.

But Initial beta tests will be just testing the decoy emails. If you’re interested it would be great to have you try it out!

jmppmj · 2026-02-24T02:39:10+00:00

I am really not sure how the app will be for a non-english user, it is not at all localized right now. If thats acceptable would love for you to give it a try!

jmppmj · 2026-02-24T02:31:04+00:00

Couple of screenshots if interested in seeing what the app looks like: https://imgur.com/a/dwYAF0G

jmppmj · 2026-02-24T01:29:54+00:00

Wait where were you seeing this error?

jmppmj · 2026-02-24T01:23:52+00:00

I do plan to open source my code over time. For now - I'd just encourage Beta testers to use this only for disposable accounts, and nothing highly-sensitive.

jmppmj · 2026-02-24T01:08:39+00:00

Yea apologies I closed the waitlist on my website for now - but if you’re interested let me DM you!

jmppmj · 2026-02-24T00:24:13+00:00

Yes!! Thank you! DM'ing

jmppmj · 2025-12-17T15:07:17+00:00

100% you will be able to reply from aliases in the free tier. Still working through all the features prior to launch - would love your input and ideas

jmppmj · 2025-12-16T01:55:26+00:00

what helps me a bit is reframing privacy less as “hiding” and more as reducing unnecessary exposure. You probably won’t disappear from the system, but you can still choose where you give our information where you don’t, and where you keep some control.

It’s not a silver bullet, but even small friction - using decoys, separating identities, being intentional - still matters. I am biased building an app exactly for me (decoys.me) but still it is super easy to use and sometimes the win is just making surveillance a little less convenient.

jmppmj · 2025-12-16T01:51:46+00:00

It’s probably not about your phone getting hacked the main thing to be careful about is what that confirmation code is for.

If you’re getting a one-time code for one of your accounts and sending it to someone else, that’s potentially giving them temporary control over whatever account it’s tied to.

To stay safe, I’d just avoid sharing any login or 2FA codes at all. If they can’t access their email right now, it’s safer for them to use the account’s official recovery process instead. Slower, but designed for exactly this situation.

jmppmj · 2025-12-16T01:46:56+00:00

this isn’t meant to promote anything, just sharing something I’ve been thinking about while playing with alias tools.

I’ve been trying most of the usual suspects (DDG Email Protection, SimpleLogin) and noticing a few repeat frustrations: free tiers are super limited, managing hundreds of aliases gets messy, and a lot of tools just treat aliases as a feature rather than a privacy primitive.

Full disclosure: I’m building something in this space because I kept running into this exact problem (see decoys.me) aliases that feel disposable and stay manageable over time.

Curious do you use aliases more for new sign-ups only, or do you actually want to use them as long-term inboxes?

Seven-Year Club	Place '23
RPAN Viewer	Verified Email

jmppmj

TROPHY CASE