Should you use a custom domain for email aliases?

8 min read

Email aliases have hit the mainstream over the past couple of years, with services such as Firefox relay, and integrated alias support from Fastmail and Proton. In this post, I’m going to share my experience using a custom domain for email aliases, and the things to consider if you are debating between using a custom domain for you email aliases.

What is an email alias?

In short, an alias is an email address that is used to forward incoming email to another “main” address. Let’s say, for example, that I order some shoes from an online store, and the store sends me a confirmation message after concluding with the checkout process. The pathway would look like this:

Store email server -> Alias hosting service -> Main email address server

The benefit of this is that the email address kept within the store’s database is the alias address, not the main address. Usually email addresses are not encrypted in the same way that passwords are, and so when companies get breached, troves of email addresses are then available for purchase on the dark web. By using an alias, the email that is leaked is changeable and disposable, protecting your main address from spam or phishing attempts. All email aliasing services will have ways to disable and dispose of aliases, and easy ways to create a fresh one.

An email address is composed of two parts, a local address and a domain name or IP address. The local address tells the final server in the chain where to send the email when it recieves the message, and for a large majority of personal emails, the domain name is gmail.com or outlook.com. If you have a work address, the domain is usually the domain name of the company you work for, and may better highlight how email addresses fit in the global domain name system. The domain name can signal authority or reputation in communications, or be used to verify that you belong to a certain group (such as education discounts on an edu domain).

Ultimately, unless you own the domain name, you don’t have authority over the address. You are linked to the provider that does own the domain, and they give you an account on their systems. The same is true for email aliases, even if I have created [email protected] and it exists in my account, if I ever leave the service I cannot take it with me.

What are the benefits of using the domains owned by the providers?

Perhaps for people just getting started with email aliases, the biggest selling point of just going with the built in domain names is that it is simpler. You don’t have to worry about purchasing a domain name or setting up any MX records. Also, the provider will fight the battles of getting the large players like Google or Microsoft to not categorize the aliases as invalid (although it still happens from time to time). It is cheaper to use the provider domains for a few reasons: usage of a custom domain name often involves a more expensive subscription tier, and using a custom domain name requires you to purchase and renew the domain name from a registrar.

As alluded to earlier, when you use a domain in an email address, in some ways you are associating yourself with the reputation of that domain address. If I email from fbi.gov you would know I mean business and would give that email a lot of attention (read as: never blocklisted). If I email from random-domain-from-super-cheap-domain.sketch then more providers may associate the email with illegitimate use. This isn’t a reflection on you, or even the provider you get your alias from, rather it is a natural consequence of creating low-barrier, cost-accessible services. If .xyz domains are only $1, then that means that they are more attractive to people looking to buy those domains for spam operations.

To some extent, the domains given by the providers fall into this trap. Because everyone can use them, they can get a bad rap over time. This is why many services will reserve certain domains for paying customers only, to try to separate out the reputation of the free domains and protect the deliverability of paying customers. Email aliases are slightly different than other email domains in that you don’t have to worry about the deliverability of sending from them, but you do have to worry about a service rejecting an alias email at sign up.

However, sharing a domain with everyone else can also improve anonymity. Because everyone shares the same domain, and if you use somewhat random characters on each alias, it makes it difficult but not impossible for the aliases to be linked together. Note that the alias provider will still know that all the aliases belong the same person, and which email they are set to forward to, and this information could be subpoenaed or revealed in the case of a data breach.

What happens when you decide to use a custom domain?

When you purchase a domain, you have control over the top-level domain that it comes from (and the prices may vary depending on which you choose) and you are also the only one that uses it [1]. You link the domain to the provider of your choice through domain records. I won’t go into the specifics here because each provider will have detailed instructions on exactly which records and values they need, and will likely perform a validation check to show you that all of the steps have been completed properly.

After the initial setup, you will create aliases in much the same way that you would if you had used the domains from the provider. You choose a set of local addresses (either random or meaningful to you) and attach them to the custom domain. An example from this site is [email protected], which has a meaningful local address that is easier for human to human communication.

If you choose to go the custom domain route, it doesn’t really make as much sense to create randomized local addresses (like [email protected]) because you are the only person that uses that domain. Thus all of the aliases are inherently linked together. I would recommend using a WHOIS privacy service to put some extra privacy between you and someone looking up the owner of the domain, but ultimately it would be pretty trivial for anyone to find out that you owned the domain. The only advantage to adding random suffixes to the local address would be to prevent someone from guessing various aliases that you have previously created.

In the event that someone does start to do some funny business with an aliases on your custom domain, fear not, you can always change them or delete them very easily. This is kind of similar to the new signal usernames; sure someone could mess with you by knowing it, but because of how easy it is to change, it is pretty pointless.

The biggest advantage of using a custom domain is that you can take all of your aliases with you if you switch providers. This gives you greater flexibility and longevity, helping you always have the freedom to use whichever provider is offering the service that you like the most.

Is an email alias address even worth it?

In the grand scheme of things, email aliases aren’t at the top of the list of things that you should do to keep yourself safe online. Managing strong passwords, with 2FA, is much more important, and email aliases can sometimes cause headache if a human from a company does randomly email you. If I could do it all over again, I would stick to buying a custom domain, simply because I can use it for life no matter which provider I am with [2]. I have started to use aliases slightly less, and now use them almost exclusively for services which I am sure I will never have a personal relationship with.

  1. Unless you are setting up aliases for a family or business. I can’t really see the business use case, but a family could definitely all use the same domain. ↩︎

  2. I would also recommend getting a custom domain for your main email for the same reason. ↩︎

Tagged as: