9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
In this week’s Security Bite, I’m taking it back over 20 years to the launch of Gmail in 2004–because that’s how long its little-known plus addressing (aliasing) feature has quietly existed. It was originally created to help with filtering and keeping inboxes tidy long before spam became what it is today. Google never really promoted it, so most people still don’t realize it’s a thing. But over the years, it’s become popular among privacy-minded folks to track which online services, subscriptions, etc., are selling email addresses to other companies or leaking them.
It’s one of my biggest e-irritants.
Allow me to set the scene: You create a new email address with a fresh and clean inbox. At first, all the emails you receive are from services you signed up for, including a couple from the email provider welcoming you to the service. A month later, you might’ve opened some social media accounts, signed up for some newsletters, started searching for a new car, etc. Before you know it, you’re getting hundreds of emails (aka spam) a week from unknown senders. Some harmless and some malicious looking to really put a damper on your day.
The plus addressing feature isn’t a full-stop way to prevent spam; in fact, it won’t prevent it any less, but it will put some power back in your hands, sorta speak, and help you identify bad online actors who aren’t being honest or safe with your information.
Plus addressing in Gmail and Outlook
Gmail and Outlook both support plus addressing. It’s very easy to set up and works by tacking on an alias to your email address using the “+” symbol. Example: youremailaddress+alias@gmail.com
You can put any word after the “+” to help you track who you gave your address to.
Signing up to buy a new car? Try: youremailaddress+carvanna@outlook.com
How about a new social media account? Try: youremailaddress+bluesky@gmail.com
And so on…
All the emails from these services will still land in your inbox as normal, but now with the +alias we specified. If you receive an email from other companies referencing the address youremailaddress+carvanna@gmail.com, you will know where they got it from.
Aliases in iCloud Mail
If you’re subscribed to iCloud+ for more than 5GB of free storage, you have access to the Hide My Email feature that works by generating unique, random email addresses that forward to your personal email. While this doesn’t offer the same investigative satisfaction as plus addressing, not having to reveal your real email address at all is arguably a better solution. Users can deactivate a Hide My Email address and change which personal email to forward to in Mail settings.
If you’re not subscribed to iCloud+, iCloud Mail does support tried-and-true email aliases to an extent. Unfortunately, it maxes out at 3 aliases per iCloud account.
On iCloud Mail web (not supported on macOS or iOS):
Click on the gear icon -> Settings -> Account -> Add Alias
Although not often, some online forms won’t accept plus addressing and will shoot an error at you. Over the years, I’ve also seen some chatter about marketing agencies removing the +alias from emails. I think we’re giving them too much credit; they’re lazier than most think, and plus addressing isn’t widely adopted enough to be a problem for them.
Let me know what you think in the comments. Do you or would you find plus addressing useful? I know I do.
Follow Arin: Twitter/X, LinkedIn, Threads
FTC: We use income earning auto affiliate links. More.
