> main restrictions: 1) Email aliases are receive-only, meaning you cannot send or reply to emails from your aliases
this part is a bummer but i do understand why; i feel it would be a huge improvement being able to do this if i were to self-host; especially if the headers make no use of "alias" or "sent on behalf of user X". (ive never been a fan of email addresses being 1:1 with usernames for public domains, a system that allows interchangeability on both would be a pretty big win, coupled with aliases, imo)
lanedirt 16 hours ago [-]
Thanks for your feedback! Yes the primary reason for it being receive only right now is to combat spam. I am considering options where self-hosted users and cloud users (perhaps as a premium option) will be able to do this though.
One of the big challenges then would be that self hosting outgoing email servers has historically always been tricky thing in terms of email deliverability. A lot of big email providers block entire residential IP ranges, so more often than not emails tend to be delivered straight to spam.
But there are other options I’m considering such as being able to integrate AliasVault with external email servers (e.g. MS365 or Google) for both receiving and sending. Or leaving the receiving as-is but integrating with an external SMTP relay for email sending.
I’m actively working on improving AliasVault and iterating quickly, so all feedback is appreciated. :-)
out-of-ideas 15 hours ago [-]
> I am considering options where self-hosted users and cloud users (perhaps as a premium option) will be able to do this though.
yeah that sounds great!
i think the one site i recall doing this acted as a fancy email forwarder and header exchanger; allowed the user to create N aliases, and it would forward them all to the users email. then a user could reply and the server would basically grab the body and convert the outbound headers to match the alias (i can never remember the website anymore though- and it lacked open sourceness or i'd have self hosted that if i could)
many iterations is the way to go - im one who always favors options and tinkering (and sometimes with minimal reading; extra challenge mode) - wont be for a month before i can attempt the self hosting bit but i do plan to try it (so my feedback will be very delayed)
thanks for doin all the hard work
good luck and dont burn out!
lanedirt 7 hours ago [-]
Thank you for your kind words! Nice idea about the header exchanger, I’ll add it to my list to explore as an option for this feature.
I’m looking forward to your feedback whenever you have had the chance to try AliasVault. Much appreciated! :-)
imcritic 16 hours ago [-]
I don't see any information about domains that are used for those email aliases.
Apart from that - the idea of the project is just pure fire, I would love very much to have thousands of different personas for the nasty tracking huge corporations that entangled the internet.
lanedirt 7 hours ago [-]
Thanks for your comment!
The official cloud hosted variant currently offers unlimited *@aliasvault.net addresses. However I’ll be adding more domains as time goes on as certain companies don’t always like the idea of aliases and tend to start blacklisting.
The self-hosted variant allows you to attach as many of your own domains that you want, and then you can choose which domain you want to generate an alias with from the GUI.
The ability to connect your own private domains to the cloud hosted variant is also on the roadmap and will be added in the coming 2-3 weeks. This will allow you to move from/to different services without losing access to your email aliases.
out-of-ideas 15 hours ago [-]
my experience having a unique email per domain is basically the hacked companies are the ones where the email is bled to spammers - though going through google's services i think a ton of spam is auto filtered (though i did go through a chunk of emails at one point and flag as spam+ auto purge).
its probably more likely they collect the info on you and associate you with the different domains with those emails (and likely without those emails, too)
email is too easy for the user to filter out spam; why bother with that vs websites that require javascript, proactively treat users like they are bots, and also serve ice cold ads? [ex cloudflare and amazon where you have to verify you are a bot _before_ trying to login; remember when websites allowed like 3 attempts before offering the bot detections / backoff protections? - now we cannot even try to login perfectly once without getting "am you a bot?" prompts - even with TOTP]
but after all is said and done - i still really do enjoy a single email per website - it is a great way to filter items (and takes 1 attack vector out of the public email part; they dont ever get my username unless they hack the server)
Rendered at 15:53:17 GMT+0000 (Coordinated Universal Time) with Vercel.
this part is a bummer but i do understand why; i feel it would be a huge improvement being able to do this if i were to self-host; especially if the headers make no use of "alias" or "sent on behalf of user X". (ive never been a fan of email addresses being 1:1 with usernames for public domains, a system that allows interchangeability on both would be a pretty big win, coupled with aliases, imo)
One of the big challenges then would be that self hosting outgoing email servers has historically always been tricky thing in terms of email deliverability. A lot of big email providers block entire residential IP ranges, so more often than not emails tend to be delivered straight to spam.
But there are other options I’m considering such as being able to integrate AliasVault with external email servers (e.g. MS365 or Google) for both receiving and sending. Or leaving the receiving as-is but integrating with an external SMTP relay for email sending.
I’m actively working on improving AliasVault and iterating quickly, so all feedback is appreciated. :-)
yeah that sounds great! i think the one site i recall doing this acted as a fancy email forwarder and header exchanger; allowed the user to create N aliases, and it would forward them all to the users email. then a user could reply and the server would basically grab the body and convert the outbound headers to match the alias (i can never remember the website anymore though- and it lacked open sourceness or i'd have self hosted that if i could)
many iterations is the way to go - im one who always favors options and tinkering (and sometimes with minimal reading; extra challenge mode) - wont be for a month before i can attempt the self hosting bit but i do plan to try it (so my feedback will be very delayed)
thanks for doin all the hard work good luck and dont burn out!
I’m looking forward to your feedback whenever you have had the chance to try AliasVault. Much appreciated! :-)
Apart from that - the idea of the project is just pure fire, I would love very much to have thousands of different personas for the nasty tracking huge corporations that entangled the internet.
The official cloud hosted variant currently offers unlimited *@aliasvault.net addresses. However I’ll be adding more domains as time goes on as certain companies don’t always like the idea of aliases and tend to start blacklisting.
The self-hosted variant allows you to attach as many of your own domains that you want, and then you can choose which domain you want to generate an alias with from the GUI.
The ability to connect your own private domains to the cloud hosted variant is also on the roadmap and will be added in the coming 2-3 weeks. This will allow you to move from/to different services without losing access to your email aliases.
its probably more likely they collect the info on you and associate you with the different domains with those emails (and likely without those emails, too)
email is too easy for the user to filter out spam; why bother with that vs websites that require javascript, proactively treat users like they are bots, and also serve ice cold ads? [ex cloudflare and amazon where you have to verify you are a bot _before_ trying to login; remember when websites allowed like 3 attempts before offering the bot detections / backoff protections? - now we cannot even try to login perfectly once without getting "am you a bot?" prompts - even with TOTP]
but after all is said and done - i still really do enjoy a single email per website - it is a great way to filter items (and takes 1 attack vector out of the public email part; they dont ever get my username unless they hack the server)