I’m a big fan of one-time-use emails (as you can probably tell by previous posts on this blog). However, one thing that iCloud’s Hide My Email is still unbeatable at compared to my own domain is full anonymity. When I sign up for a junk site to get free WiFi, or order at a restaurant, I don’t even want to expose my domain to them, because that domain is, well, registered to my real identity.
Hide My Email on the other hand is fully anonymous: Emails come from “@icloud.com”, no name in the headers, nothing. Just a fully anonymous blank email. Great! Services can’t even filter for it (compared to mozillas solution, or duckduckgo), because filtering would mean shutting access to everything coming from icloud.com.
Here’s one thing I wanted to get working for a while: Instead of having
<site or person> -> one-time-use Email (iCloud) -> Me, I want it the other way around: A one-time-use email that allows me to anonymously send to a specific recipient whenever I send something to that email. Turns out you can actually do that in Apple’s Hide My Email! Let’s take a look how
How Hide My Email actually works
Hide My Email is acting as a relay in between the user account and the sender. You don’t actually send emails from that randomly generated @icloud.com address. In fact, you can’t. You can’t authenticate with that email on the iCloud SMTP server because that email is not yours.
Here’s what I mean: Let’s compose a new email and use Hide My Email
When I click “Send”, the email arrives successfully with the hidden iCloud email as sender, as expected:
… but when we inspect the actually sent email, it looks like this:
Do you see it? The email never got sent from “[email protected]”, instead what Mail did is, it inserted a relay address as the actual receiver of the email. That’s the long test_at_davemail_io_5rvm…@icloud.com you see there. Just that Mail is doing this so transparently that you’ll likely never even notice what is happening.
Relaying back and forth
So now that we know this relay address, what happens when we send an email directly to it? Let’s try!
Sending, and hey look at this! Doing it manually gives us the same result! (duh)
This means that
[email protected] is the relay address that iCloud mapped to [email protected] - Everything I send to it will always arrive at [email protected], kind of like a mini portal that shovels content over to a specific sender.
The other end will always see
[email protected], the other part of the relay, as sender. The final relay looks like this:
Hide My Email is unique per recipient, but not fully random
Another question you might have while following this is: Wait a moment, aren’t Hide My Email addresses random? Well, kind of.
Each time you generate a hide-my-email-email (nice word), it will be random, but only per recipient: When I hide my email from [email protected], it will always be the same @icloud.com email, no matter how often I generate it. You can’t use iCloud to spam people, they’ll see everything coming from the same person.
Cool, but what can we actually do with this information??
Obviously this post was leading up to something, otherwise I would have not put so much time into writing it.
Now that we know that relay addresses don’t change, we can use this knowledge to automate sending completely anonymous emails to specific senders without exposing our main domain, name or any other information.
Even better: Using the relay even shields us from any mistakes, like accidentally leaking personal information in headers. It happened dozen times that I used “forward email” functionality in email clients to forward an email to a service, just to realize that the email service sent that email with my global account email, instead of the one-time-use email. (How would the service even know what email I want to use for forwarding?)
Let’s take a service like TripIt which gives me an email that I can send flight itineraries to: [email protected]. I can link an email to it like “[email protected]”, then whenever I send an email from this email to [email protected], it will add that itinerary to my account. This works great, but means I can’t really setup any quick-actions, shortcuts or automations to quickly forward to it, because of the issue I described above. Now we can fix that by directly using the relay address :)
- Send an email to [email protected] using Hide My Email
- Copy the generated @icloud.com address and add it to TripIt
- Copy the generated relay address (the long one aka
[email protected]), create a new contact with it for quick access
Now we can hit “forward” (or use a Siri Shortcut) to forward any PDF attachment we want to add to tripit to our relay address, iCloud will do the rest.
All of this effort just so we don’t expose our main email, huh 😉
Keep on shaving that yak