Apple’s new Hide My Email feature, designed to protect users against phishing attacks and unwanted marketing spam, has swiftly become but one of a variety of options now available.
The river becomes a flood
For a very long time, the daily ritual of checking email accounts has been one in which many of us must first delete the majority of messages received because our addresses have been sold all over the place. Spam filters help, but in my experience plenty gets through — and you can’t easily tell who shared your address(es) in the first place.
Everyone is at it. Capturing and selling email addresses and data about people is a big business. Not only that, but most privacy and security breaches begin with phishing emails carrying suspect links and fraudulent requests for personal information.
It’s a scourge the deeper impacts of which became crystal clear during the pandemic, when phishing incidents climbed 220%, according to F5 Labs. There was even a wave of such attacks posing as official emails from Apple.
Now people in the industry are doing something about it.
Apple’s Hide My Email
Apple introduced Sign In With Apple at WWDC 2019. This let you sign up for services and accounts privately, protecting your email address. That service still exists, but has been augmented with the new Hide My Email feature.
The latter lets you create single-use email addresses for use with assigned websites. Messages sent to that address are automatically made available in your main email in-box, but you can switch off those single-use addresses at will, which also means you can stem the flow of spam. Combined with Apple’s newly introduced support for private domains within iCloud, this becomes a useful feature for anyone with an iPhone, particularly families and small businesses.
Masked Email from 1Password
But Apple isn’t alone. Just today we learned that 1Password is working with Fastmail to introduce Masked Email, a service which – like Sign In With Apple/Hide My Email – creates unique email addresses for logins from inside the 1Password app.
Just like Hide My Email, users can control all the different addresses they create in the sense of enabling and disabling them. That means that if a site or service decides to share someone’s email address without permission, or if a database gets hacked or leaked, they can just disable that fake address to stem spam’s flow.
Cloudflare also offers protection
Internet infrastructure company Cloudflare has also stepped into the game. It has introduced Cloudflare Email Routing and Email Security DNS Wizard, a pair of email safety and security tools it hopes will help protect us all against phishing and spoofing.
These tools work with existing mail hosting services, including Gmail, Office 365, Exchange, Yahoo, and AOL and are completely free to use.
Cloudflare may also be working with Apple on Safari’s new Private Relay service, which encrypts and masks your browsing activity. Apple has conceded it is working with partners on this but has not said who. An association between the two firms has been discussed in the past.
[Also read: 12 security tips for the ‘work from home’ enterprise]
Cloudflare Email Routing means emails pass through Cloudflare before they reach the “official” email host. This also makes it possible for individuals and organizations to manage an entire custom email domain from a single email account, similar (but I think a little better) to Apple’s private domain feature in iCloud+.
This may well come in useful for SMBs seeking to combine multiple email addresses into one inbox without the burden of learning a new system.
Email Security DNS Wizard is a more sophisticated tool that attempts to mitigate email spoofing with DNS records to prevent others from sending malicious emails that appear to come from your domain. This is the kind of solution that should radically reduce the number of genuine-seeming phishing emails.
That Apple, Cloudflare, and 1Password have all introduced valuable protective services such as these suggests a broader trans-industry mission to do the same. I imagine many other firms, ISPs, email services, and platform providers will be working on similar plans. These can’t come soon enough.