Emails

Using only your email address, attackers can systematically correlate your activities across services, probe for vulnerabilities, and launch targeted campaigns that exploit this knowledge.

• Your email can be used as a unique identifier linking your accounts on social media, shopping sites, forums, and other services. Attackers can test if your email is registered on various platforms to map out your digital presence.

• By cross-referencing compromised datasets, attackers can stitch together detailed profiles of their targets using email addresses and other unique identifiers. Leaked passwords are used for automated credential stuffing attacks to methodically breach your accounts.

• With your interests and activities gleaned from correlated accounts, attackers can craft highly convincing phishing emails mimicking services you actually use. Personalized social engineering hooks can further make you vulnerable.

• Check if your email has been leaked: https://haveibeenpwned.com/

To mitigate this risk, use email aliases.

Email aliasing transforms how you manage your digital presence by generating unique email addresses for each service. This approach gives you granular control over your communications while fragmenting your digital footprint, making it difficult for attackers to exploit relationships across your online services.

Here are the main benefits:

• Keeps your private email completely private

• Breaks association between accounts

• Stops spam instantly with a toggle

• Traces data breaches to specific sources

• Creates disposable emails for one-time signups

Having explored why privacy matters, let’s explore the practical tools and providers that form a strong first line of defense in digital security. By thoughtfully layering these protective elements, we establish a strong foundation for your digital life that balances security with practical usability.

Tools and Services

Basic security tools:

• Password manager (1Password)

• 2FA password manager (2FAS)

• 2FA physical key (Yubiko)

I recommend keeping each security tool separate from each other. For example, I would not have 1Password manage my two-factor authentication (2FA) passwords. I would look for multi-platform capability to avoid vendor lock-in.

Key privacy services:

• Privacy-focused email (Proton Mail)

• Email alias service (SimpleLogin)

• Domain registrar (Cloudflare)

These three services form an integrated email privacy architecture. Proton Mail provides your secure foundation with built-in encryption and tracking protection, SimpleLogin generates aliases for everyday services, and Cloudflare enables direct ownership of custom domain emails for your highest-security accounts where third-party aliases aren't appropriate.

Security Tiers

When sharing your email, I would evaluate each service based on these security tiers:

• Basic Security: Low-stakes digital services like streaming, news, or gaming. Payment details, if any, stay obscured by the service provider. A breach stays self-contained; an inconvenience instead of a crisis.

• Enhanced Security: Frequently used accounts like shopping platforms and subscription services. Likely contains behavioural or preferences data. You would feel uncomfortable if personal details were leaked, like your home address. A breach could cause damage.

• Maximum Security: A breach has potential for cascading effects, compromising financial assets, personal security, and real-life implications. Platform accounts, banking and investments, cloud storage, government services, and social media. Security takes precedence over convenience to avoid the devastating potential damage caused by a breach.

Implementation

Basic Security and Enhanced Security are fairly straight-forward. Create unique aliases for each service. Use strong passwords through a password manager. Add 2FA if needed.

Maximum Security requires complete ownership of your authentication chain. Email aliasing services have dependencies that compromise this autonomy. Consider two approaches:

1. Dedicated email accounts for critical services provide the strongest security foundation. Creating individual accounts (like separate Gmail addresses) eliminates single points of failure and ensures complete isolation between services. While setup requires more effort, later forwarding to your primary inbox preserves convenience without sacrificing security.

2. Custom domains offer full control over email routing, flexible address management, and independence from any single email provider. You can leverage email aliasing services for convenient on-the-fly address creation, knowing that DNS-level control allows for seamless provider transitions if needed. The main trade-off comes from addresses sharing a common domain, though this correlation risk only becomes meaningful if multiple service providers suffer concurrent breaches.

The optimal strategy combines both approaches based on risk profile.

• Secure your password manager, domain infrastructure, and financial accounts using separate dedicated email accounts. Hardware security keys can further enhance security. No one needs to know these emails.

• For financial services and platforms (like Amazon, Google, Dropbox, Facebook, LinkedIn, Airbnb, Uber), custom domain addresses are likely sufficient.

High-value targets warrant dedicated email accounts, while routine services can utilize domain-based addresses. This layered approach balances security and usability while maintaining strong separation where it matters most.

Summary

If the service allows for passkeys, this authentication approach surpasses traditional email-password and 2FA combinations in both security and usability. In its pure form, passkeys eliminate the need for usernames and passwords entirely while preventing common attack vectors like phishing and credential theft, since servers store only public keys. However, during this transitional period, many services implement hybrid systems combining passkeys with traditional authentication, making continued email security essential.

Examples