Roll-your-own Anonymizing Email Server

This post isn’t about a specific security breach, but rather a post to educate you on how to better protect your online identity.  The term “anonymize” is used loosely for lack of a better word.

TL;DR

  • Create a unique email address that forwards to your real email for every site you sign up for.
  • Create a unique password for each site you sign up for
  • Don’t reveal your real email address again
  • Make hacker’s work more difficult



The Scenario

You might not think it, but your email address is a security risk if you have ever used it to sign up for any online account.

Let’s pretend you signed up for several different online services using your real email address (which may not be far from the truth).  Your information is now stored on each of those site’s servers.

The Problem

This is a high-level overview of the problem; more technical details will be available in the appendix.

The problem begins when one of those site gets hacked and your email/password combo get into the hands of hackers.  Now that they have it, the hackers could simply try to log into your email provider using the password they just stole.  If you happened to use your email password to sign up for those sites, they could easily succeed logging into your email account.  From there, it’s all downhill.  Once they are in your email, the hackers can:

  • reset your email password to lock you out of it
  • start clicking “Forgot Password” links to lock you out of any other online account tied to your email address
  • steal other personal/private information from your emails
  • getting email addresses of your saved contacts

The Solutions

This post is about an (almost) free way to anonymize your email address.  However, I do want to point out the paid option, which works very well if you are less technical and don’t want to create your own setup.

The Paid Option

For a fee, Blur provides you with masked emails.  Basically, you can generate a new email address for every site you use and then anything sent to that address just gets forwarded to your real email.  One caveat here is that you can’t send an email directly from this address (unless you are replying to an email sent to that address).

The (Almost) Free Option

Here is what this setup involves:

  • A domain name
  • A Mailgun account
  • A real email address

Purchase A Domain Name

Instead of @gmail.com or @outlook.com, you can have your email domain be anything you want such as @somefakedomain.com.  In this example, I’ll be using some_user@decoy.email.

You can get a domain name in several different places.  I’ll be using Google Domains because it has free domain privacy as well as some nice management tools.

Depending on the volume of email you send/receive (Mailgun has a 10k/month limit for the free option), this will be your only out-of-pocket cost.

Add Your Domain On Mailgun

Once you own your domain name, login to your Mailgun account.

  1. Navigate to Domains > Add New Domain
  2. Type in your domain name
  3. Click Addadd-domain

Create DNS Records On Google Domains

  1. Log into Google Domains
  2. Create the DNS records per Mailgun’s instructionscreate-dns-records

Verify DNS Records On Mailgun

  1. Return to Mailgun
  2. Click Check DNS Records Nowcheck-dns

You should get some green checks across the board if you added the DNS entries correctly.  Now, you can begin adding users.

Create Routes In Mailgun

For each new site you sign up for you should create a route, which will act as a sudo user email account.

  1. Click Routes > New Route
  2. Set Expression Type to Match Recipient
  3. Set Recipient to an email address you want to use
  4. Check the box to Forward
  5. Enter your real email address in the text fieldcreate-route
  6. Click Create Route

If you did it correctly, you should now be able to send an email to the address you created and it will get forwarded to your real email.

route

Get In The Habit

Now that you can make as many emails as you want, you should be using a different email address for every site you sign up for (including existing sites).

You can come up with your own naming scheme, make it completely random, or whatever you want.  One method I use is to create an email address with the name of the site, so I can filter it easily when it hits my inbox.

For example, if I was going to sign up for pi-hole.net, I would create an email named pi-hole@decoy.email and that email address is only used for pi-hole.net and nothing else.

The Value

I will explain this more in the appendix, but due to the way hackers retrieve and store email/password combos, it’s a good idea to have unique combinations for each site you sign up for.  This will help protect your identity when paired with a layered security model.

Bottom Line

Keep your real email address private.

Appendix

Email Is Hard!

Email is way more difficult to setup than you might think.  For that reason, I opted to use a cloud service, which also has some other nice features for those comfortable using an API.  There is a lot more you can do then what I mentioned in this post.

It’s definitely possible to do this yourself with a private email server, but the above solution can get you up and running in a matter of minutes.

Hashing, Salt, Rainbow Tables…

There is an article on Ars Technica that changed the way I think about security because if a non-hacker can figure out how to crack passwords, then it’s not much harder for a malefactor to do even more.

It’s an older article (there are also some follow ups to it), but more often then not, I find myself thinking about it.  I also mention this article to my family when I talk to them about securing their identity.

Depending on how serious the site you sign up for takes their security, your email and/or password may be stored in any combination of encrypted or cleartext.  If it’s the latter, the hacker’s work is already done.

Many sites will take the additional step to encrypt your email and/or password.  But to really understand why using the same email and/or password for every site is so bad, despite being encrypted, you need to understand how hashing works.

Hashing

A hash is nothing more than a mathematical representation of some information.  So if a password is hashed, some math is applied to the text to return an alphanumerical string.

So the hash of the password password is c8fed00eb2e87f1cee8e90ebbe870c190ac3848c.

Now if you change even a little bit of the original password, it renders a completely new hash.  So if the password was Password with a capital P the hash would be 3f44a88d098cdb8a384922e88a30dbe67f7178fd.

You can see the comparative difference below:

password = c8fed00eb2e87f1cee8e90ebbe870c190ac3848c
Password = 3f44a88d098cdb8a384922e88a30dbe67f7178fd

This might seem like a good security measure but it’s still pretty weak.  The hackers are learning and creating rainbow tables that contains the passwords they have discovered along with their corresponding hash.

So even if a hacker downloads a list of hashed passwords, they can compare it to the rainbow table and quickly decipher the password without any additional work.

See Where I’m Going?

So if your email address also happened to be hashed and you used that same email address on multiple sites, it can be quickly deciphered as well.  And if you used the same password, you’re basically making it easy for the hacker to compromise your life.

Unique Everywhere

So if you can use a unique email for every site, your real email/password combination should never make it’s way onto a rainbow table.

some_user@decoy.email = 72d56a756b26c9006f3e03fe95b4090e119aa70e
someuser@decoy.email = 2dbe1f5ece3342dfe4d414528526c3d24b5194c2

Some sites take additional steps by adding a salt to the hash, which is basically just more random information to further encrypt the data.  But it’s in your favor to make it as difficult as possible for the hacker to find out your real information.

This is far from an in-depth look at the password, but hopefully it piques your interest and helps you protect yourself a little bit better.

tin

 

7 Replies to “Roll-your-own Anonymizing Email Server”

  1. Nice article. I don’t know if it is good or not, but I just setup a simple catch_all() route. So I don’t need to create new route for every site…

    1. Yeah, I use the catch_all() to make up an email on the spot for those random companies that want your email address when you sign up for a loyalty card or whatever.

  2. Great idea for enhancing one’s personal privacy and security. I tried doing this but with an existing domain that I had purchased through GoDaddy a few years ago. The issue I ran into was that my GoDaddy provided domain came with a single email account that I’ve been using for a variety of purposes, not just website registrations unfortunately. I thought it would be a simple matter to alter my GoDaddy domain DNS settings with the ones mailgun provided me but it turns out that if I follow mailgun’s instructions then I would end up not being able to receive any of the emails I currently get at that email address.
    In other words, it’s critical that you start with a shiny new domain specifically for this purpose or if like me you happen to have one lying about, that doesn’t come with a free email account, I’ve never seen one that doesn’t but I have to assume it’s possible, or if you simply chose not to utilize the domains email server for anything you can’t live without, then you should be good to go.

    1. Something is wrong then, most likely with your DNS settings. You can use whichever domain you want, even an existing one as long as the DNS records are set correctly. Be aware of cache as it may take a while for the settings to propogate.

      Did mailgun show green check marks across the board?

  3. Cheaper and easier solution: use different strong passwords on every site. Create a printable card with all the passwords and hintwords to the domains and login usernames.

    1. This is meant to supplement that strategy (not the printable card–the strong passwords), which I mention in the article.

Leave a Reply