Hello to the Runbox Community,
I have an extensive use of the alias functionality which I find great for anonymity and for fighting spam. Ideally, I would create one alias per account that requires an email address. Actually, if I could suggest one improvement to Runbox, that would be on that functionality. The most limiting factor being the alias creation process.
I’m suggesting that Runbox should:
- add a comment field to the
- send an email when the alias gets ready to receive e-mails,
- make the alias creation quicker,
- provide an API for alias creation.
Process of creating an alias
Now that I’ve provided a very short summary of my suggestion, let me elaborate a bit. First of all, what is it like creating an alias in the use case I’m describing? The point of aliases in this specific context is to avoid giving away any means of contacting me to a (potentially security-unconscious or shady) website I’m subscribing to. For this purpose, I wish I could create a unique alias every time I create a new account.
In this context, here’s the process of creating a new account on a arbitrary website:
- start filling the website account creation form until asked an e-mail address,
- log in to the Runbox website,
- go to the alias page,
- generate a random string for the alias (on my computer),
- fill Runbox’s alias creation form,
- wait for the alias to be ready (otherwise I’ll be in trouble with the email verification),
- test whether the alias is ready by sending an email to it,
- repeat 6-7 until it’s ready,
- complete form.
Here is a more involved description of the suggestions already mentioned:
Suggestion 0: comment field gives the opportunity to keep a note about the point of every alias. In the case of purely random aliases that would be very handy. In the meantime I pre-pend the name of the website to the alias name (e.g. Stack Overflow’s alias
Suggestion 1: notification would spare me from actively checking it whether the alias is usable (wait/test (6-7) loop in the process description above). This can seem as a detail for those who don’t work this way but that would also be very helpful (at least to me) because in the wait/test loop mentioned in the process above I tend to move on to another task and I might forget about the account creation long enough for the form to be reset. The notification email from Runbox would remind me of the process I’ve initiated and tell me that the Runbox alias is ready for me to resume the process of the account creation.
Suggestion 2: quicker availability is obviously more difficult to implement. I do understand that it’s more involved than fixing a centralized database. I also realize that it’s unlikely to be worth it to implement it given that not many users are following this use case. I mention it anyway to give an idea of how things could work.
Suggestion 3: API is the most involved. This API would be useful only after the alias creation gets (almost) instantaneous. At that point, you can imagine that a website account creation form could be auto-filled with the alias email address without the user having to go through the hassle of the process described above. This would be a killer feature but I know, I’m daydreaming. Who would build the app, anyway?
In the meantime, I’ve been using sub-addressing (link in the P.S.) (i.e. using an existing address with a unique
+something appended when I need a new email (e.g.
firstname.lastname@example.org). But this is an inferior solution and wouldn’t divert spammers at all were this trick just a bit more widely used. In case of a massive e-mail leak, just a very basic
sed command on the list of leaked e-mails would rid them of their
+something and fully compromise the base address. And this has only little benefit with respect to anonymity.
Up to point alternative
All of this leads me to a less ambitious alternative suggestion 4. Runbox could offer the possibility to create several random aliases with just one click. This would allow for alias provisioning and evade the wait time when new random aliases become necessary. The comment field (suggestion 0) would make it possible to know what aliases are already in use. (Of course “just one click” is my user-centric point of view. Runbox still has to check whether there are name clashes.)
I understand that it’s unlikely that my use case is currently worth the trouble for Runbox. But I’m still convinced that this process makes the user (well, me ) safer. So much that (if properly designed and integrated) it could be a selling feature. (It’s actually one of the most prominent reasons why I moved away from “free” email hosting providers.)
Sorry if this was too long. I hope someone goes as far as reading through this all. Thank you very much for you attention and let me/us know what you think of this. As it’s my very first message to the community, I hope I didn’t break any rules. Please bear with me.
And thanks to the Runbox team for the great service you’ve been providing for years!