FAQ

For step-by-step guides, see the Help Centre.

About addy.io

Domains

Aliases

Encryption

Recipients & delivery

Subscriptions

Plans & limits

Apps & extensions

Acceptable use

Privacy & trust

Contact

About addy.io

Why is it called addy.io?

Addy is short for "Address". The word "Addy" is internet slang for an email address, e.g.

"My addy is being spammed. I should've kept it private."

Why did you make this site?

I made this service after trying a few other options that do a similar thing. I was really interested in how they worked and loved the thought of protecting my real email addresses from spam.

I also wanted to address some issues with other services such as:

I made the code open-source to show everyone what was going on behind the scenes and to allow others to help improve the application.

I use this service myself for the vast majority of sites I'm signed up to.

Why should I use addy.io?

There are a number of reasons you should consider using this service:

Why should I use this instead of a similar service?

Here are a few reasons I can think of:

Who's behind addy.io?

My name is Will Browning, I'm a web developer from the UK and an advocate for online privacy and open-source software. You can find me on X although I don't tweet that much!

Domains

Can I use my own domain?

Yes you can use your own domain name so you can also have *@example.com as your aliases. To do so you simply need to add a TXT record to verify your ownership of the domain. Then you will need to add an MX record to your domain so that our server can handle incoming emails. You can then add a few other records to enable sending from your domain too.

Can I add a domain and also use it as a recipient?

No, you cannot use the same domain as a custom domain and also for a recipient on addy.io.

e.g if you add "example.com" as a custom domain, you cannot then add "xyz@example.com" as a recipient. This is because a domain cannot direct email to multiple locations simultaneously using MX records. So your email would arrive for "example.com" and then attempt to be forwarded to "xyz@example.com" which would create a loop.

You can instead use a subdomain for your custom domain, e.g. "mail.example.com" instead of "example.com", this would allow you to create *@mail.example.com for your aliases. More details can be found here.

Can I add a domain if I'm already using it for email somewhere else?

If you have a custom domain say example.com and you are already using it for email somewhere else e.g. ProtonMail or Namecheap then you cannot also use it simultaneously with addy.io.

This is because emails cannot be handled by multiple different mail servers at the same time, even if they have the same priority MX records. It can only be delivered to one mail server at a time which will typically be the MX record with the smallest number since this has the highest priority.

You can either:

Using a subdomain will not interfere with your current email setup and you'll be able to create aliases *@mail.example.com through addy.io.

What do you use to do DNS lookups on domain names?

The server is running a local DNS caching server to improve the speed of queries.

Aliases

If you're concerned that your aliases are all linked by your username e.g. @johndoe.anonaddy.com, then you have a couple of options:

  1. You can generate random character or random word aliases instead, these are all under a shared domain and cannot be linked to a user.
  2. You can add additional usernames and separate your aliases under each of them. e.g. you could have one username for personal stuff, another for work, another for hobbies etc.

An alias has appeared in my account that I didn't create, how?

By default your custom domains and username subdomains (e.g. @johndoe.anonddy.com) have catch-all enabled. This means that they will automatically create any alias the first time an email is sent to it, for example the alias does-not-exist@johndoe.anonaddy.com would be automatically created and show up in your account if the username johndoe had catch-all enabled.

Spammers and bots often try random email addresses such as contact@example.com or admin@example.com etc. which would be created automatically if your custom domain has catch-all enabled. It does not mean that your account has been compromised if you see an alias that you do not recognise in your account.

If you do not want aliases to be automatically created in this way you can disable catch-all for your custom domain or username. You can also set a regular expression pattern for your custom domain or username that will only create aliases automatically if it is matched.

What is the maximum number of recipients I can add to an alias?

The limit is currently set to 10 which should suffice in the vast majority of situations.

I'm trying to reply/send from an alias but the email keeps coming back to me, what's wrong?

If you are trying to reply or send from an alias but the email keeps coming back to yourself then it is most likely because you are sending the message from an email address that is not listed as a verified recipient on your addy.io account.

If you try to reply or send from an alias using an unverified email address then the message will simply be forwarded to you as it would be if it was sent by any other sender.

Please double check that you are indeed sending from a verified recipient email address by inspecting your sent items to see which address it was actually sent from.

I'm trying to reply/send from an alias but it is rejected, what's wrong?

If you see the rejection message 550 5.1.1 Recipient address rejected: Address does not exist then this means that the alias has either been deleted or does not yet exist (and you do not have catch-all enabled), you must restore (or create) it before you can send/reply from it.

If you receive an email notification with the subject "Attempted reply/send from alias has failed" then it is usually because you have a verified recipient that is using your own domain which does not have a DMARC policy.

Note: This is referring to your verified recipient address on your addy.io account and not any of your custom domains or the email address that you are replying / sending to

When replying or sending from an alias, additional checks are carried out to ensure it is not a spoofed email. Your addy.io recipient's email domain must pass DMARC checks in order to protect against spoofed emails and to make sure that the reply/send from attempt definitely came from your recipient.

For example if the verified recipient on your addy.io account is hello@example.com and you get this email notification then it is because the domain "example.com" does not have a DMARC policy in place.

To resolve this you simply need to add a DMARC record, for example:

Type: TXT
Host: _dmarc
Value: "v=DMARC1; p=quarantine; adkim=s"

You should also have SPF and DKIM records in place.

To learn more about DMARC please see this site - https://dmarc.org/.

If your addy.io recipient is with a popular mail service provider for example: Gmail, Outlook, Tutanota, Mailbox.org, ProtonMail etc. then they will already have a DMARC policy in place so you do not need to take any action.

I've been forwarded an email with a red warning banner saying it may have been spoofed, what does it mean?

If an incoming email looks like spam (for example, because it has failed its DMARC check) then a red warning banner is added by addy.io before forwarding the message on to you. This warning banner is added in order to help protect you from any potential phishing attempts, for example someone pretending to be your bank.

Most of the time this is nothing to worry about and is just because the sender has not correctly configured their DNS records.

To see why this banner was added you can view the headers of the received email and look for the header called 'X-AnonAddy-Authentication-Results'. This header shows the original email's authentication results and will show you why the email failed its DMARC checks.

Does addy.io strip out the banner information when I reply to an email?

Yes, the email banner "This email was sent to..." will be automatically removed when you reply to any messages. You can test this by replying to yourself from one of your aliases.

Make sure not to alter or edit the email banner as this may cause issues when trying to match and remove it. You can still remove it manually from the quoted message of your reply if you wish.

Will people see my real email if I reply to a forwarded one?

No, your real email will not be shown, the email will look as if it has come from us instead. Just make sure not to include anything that might identify you when composing the reply, i.e. your full name.

Can emails have attachments?

Yes you can add attachments to emails forwarded and replies. Attachments count towards your bandwidth.

What is the max email size limit?

The max email size is currently set to 25MB (including attachments).

Do you provide SMTP credentials for aliases?

No, you cannot send directly from your aliases using SMTP credentials in your email client. Please see the replying from aliases and sending from aliases help articles.

Encryption

Do you store emails?

Emails are only ever stored in the event of a failed delivery, and only if you have this option enabled in your account settings.

Are attachments encrypted too?

Yes attachments are part of the email body and are also encrypted if you have it enabled.

Are forwarded emails signed when encryption is enabled?

Yes when you have encryption enabled all forwarded emails are signed using our no-reply@addy.io private key.

You can add this key to your own keyring so that you can verify emails have come from us.

The fingerprint of the no-reply@addy.io key is "26A987650243B28802524E2F809FD0D502E2F695" you can find the key on https://keys.openpgp.org.

Is my public GPG/OpenPGP key removed when I reply/send from an alias?

Yes, any attached GPG/OpenPGP public keys or GPG/OpenPGP signatures are automatically removed when replying or sending from an alias. This is to prevent you accidentally revealing your real email address which is usually shown as an identity in your public key.

Recipients & delivery

Does this work with any email provider?

Yes this will work with any provider, although I can't guarantee it won't land in spam initially.

I'm not receiving any emails, what's wrong?

Please make sure to add no-reply@addy.io and any aliases you use to your address book and also to check your spam folder. Make sure to mark emails from addy.io as safe if they turn up in spam.

If an alias has been deleted and you try to send email to it, the emails will be rejected with an error message - "550 5.1.1 Recipient address rejected: Address does not exist".

Check that you have not deactivated the alias, custom domain or additional username. When any of these are deactivated, emails will be silently discarded, they will not be rejected or return any error message.

The sender of the email may be failing SPF, DMARC or DNS blacklist checks resulting in the email being rejected. The sender should also have correct reverse DNS setup and use a FQDN as their hostname.

If you are forwarding emails to an icloud.com email address some users are having issues with a small number of emails being rejected (often those from Facebook).

For some reason Apple seems to think these emails are spam/phishing and returns this error message:

Diagnostic-Code: smtp; 550 5.7.1 [CS01] Message rejected due to local policy.

If you are having issues with emails being rejected as "possibly spammy" by Google, iCloud or Microsoft then please try the following steps if you can:

  1. Replace the email subject by going to your settings in addy.io
  2. Try adding a GPG key and enabling encryption. This will prevent the email's content being scanned and reduce the chance of it being rejected.
  3. Enable the option to hide and encrypt the email subject
  4. Try disabling the banner information on forwarded emails
  5. Try adding the alias email (and/or domain) to your contact list (address book) or safe senders list if possible

For Outlook, Hotmail or MSN you can find instructions on how to add a domain to your safe senders list here.

I will also soon be adding an option to change the format of the display from part of the "From:" header.

If neither of the above options work then please try changing to another recipient so that you can continue to receive emails.

If you still aren't receiving emails please contact me.

Subscriptions

Why are some features paid only?

addy.io offers a generous Free plan so you can use email aliases to protect your real address without paying anything. The Free plan includes unlimited standard aliases (within your monthly bandwidth limit), forwarding to your recipient, and some shared-domain aliases.

Some features are more expensive to operate or are more likely to be abused, so they are available on Lite and Pro plans only. Paid subscriptions help cover server costs and keep addy.io running for everyone.

addy.io is independently run and open-source; there is no venture capital funding, so subscriptions are what keep the service online rather than ads or selling user data.

The most common example is replying to and sending from an alias (anonymous replies and new outbound mail from your alias address). These are not included on the Free plan. If you try to reply or send from an alias on a Free account, the message will not be delivered and you will receive an email notification that the feature requires a paid plan.

Other paid-only features include custom domains, additional usernames, rules, blocklist, access to some alias domains, higher bandwidth, and more shared-domain aliases. A full comparison is on the pricing section of the home page.

Why not allow free users to reply or send even once a day or once a week? Outbound mail from aliases is frequently abused for spam, phishing, and bulk signups. Even a small free allowance would attract bad actors and could damage the reputation of addy.io mail servers, which would affect email delivery for all users.

What happens if I have a subscription but then cancel it?

If you cancel your subscription it will remain active until the end of your current billing cycle, you will still be able to use your paid plan features until the billing cycle ends.

A few days before your billing cycle ends you will receive an email letting you know the steps you need to take to prevent the loss of any emails. Shortly after ending the following will happen:

You will not be able to activate any of the above again until you resubscribe.

If I subscribe will Stripe see my real email address?

When you subscribe you can choose which email to provide to Stripe, feel free to use an alias. This email will be used for notifications from Stripe such as; if your card payment fails or if your card has expired.

Do you offer student discount?

Currently, addy.io does not offer any student discounts.

Plans & limits

Is there a limit to how many emails I can forward?

Not unless you are really going to town. Each user is throttled to 200 emails per hour through the server.

Is there a limit to how many aliases I can create per hour?

Currently you are limited to creating 10 new aliases per hour on the free plan, 20 per hour on the Lite plan and 50 per hour on the Pro plan. If you try to create more than this the emails will be deferred until you are back below the limit.

How is my bandwidth calculated?

Each time a new email is received Postfix calculates its size in bytes. A column in the database is then simply incremented by that size when the email is forwarded or a reply is sent. At the start of each month your bandwidth is reset to 0.

I don't use rolling 30 day total as the only way to do this would be to log the date and size of every single email received.

Blocked emails do not count towards your bandwidth (e.g. if an alias is inactive or deleted).

How many emails can I receive before I go over my bandwidth limit?

The average email is about 76800 bytes (75KB), this is roughly equivalent to 7,000 words in plain text. So the 10MB monthly allowance would be around 140 emails and the Lite plan's 100MB would be almost 1,400 emails.

What happens if I go over my bandwidth limit in a given month?

If you get close to your limit (over 80%) you'll be sent an email letting you know. If you continue and go over your limit the server will respond to any delivery attempts to your aliases with the following: 552 5.2.2 Recipient address rejected: User over quota until your bandwidth resets the next month or you upgrade your plan.

Apps & extensions

Is there a browser extension?

Yes there is an open-source browser extension available to download for Firefox, Chrome, Edge and Safari (also available on other chromium based browsers such as Brave and Vivaldi). You can use the extension to generate new aliases remotely.

Is there an Android app?

Yes, there's the official open-source Android app created by Stjin that is available to download from the Play Store and F-Droid.

Is there an iOS app?

Yes, there's the official open-source iOS app created by Stjin that is available to download from the App Store.

Is there a Raycast extension?

Yes, http.james' open-source extension is available on the Raycast Store.

Acceptable use

Can I mark emails forwarded to me by addy.io as spam?

No, you must not mark messages forwarded to you by addy.io as spam as this can damage the reputation of the mail servers and is against the terms and conditions.

If an alias is receiving spam messages then please deactivate it or delete it.

addy.io is signed up to multiple feedback loops (FBLs) that trigger a notification when any messages are marked as spam. Repeatedly marking messages as spam will result in your account being disabled.

Can I use aliases to create multiple accounts on other websites and services?

No, you must not use addy.io to create large numbers of accounts on other websites/services as this is against the terms and conditions.

Can I have multiple Free accounts?

Having multiple Free accounts is not considered an acceptable use of our service. Any users found to be abusing this rule may have their accounts disabled. This does not apply to those with a paid subscription.

How do you prevent spammers?

The following is in place to help prevent spam:

Privacy & trust

Where is the server located?

The server is located in Amsterdam, Netherlands with Greenhost.net. Greenhost focuses greatly on privacy and security and their servers run entirely on Dutch wind energy. The backup mail server is located in Warsaw, Poland with UpCloud.

What if I don't trust you?

It's good to keep your guard up when online so you should never trust anyone 100%. I'll try my best to be as honest and transparent as I can but if you still aren't convinced you can always just fire up your own server and self-host this application. You'll need to know about server administration and PHP. You can find more information here.

How do I know this site won't disappear next month?

I am very passionate about this project. I use it myself every day and will be keeping it running indefinitely. The service also provides me with an income.

What happens to addy.io if you die?

I do have someone in place who can keep the service running in the event of me not being here. They are able to continue paying for the servers that host addy.io and the domains that it uses. All addy.io domains also always have over 5 years until they expire.

They would make an X announcement informing all users that they would be keeping the service running. You would then be able to decide whether you'd like to continue using addy.io or start to update your email addresses.

Is the application tested?

Yes it has over 400 automated PHPUnit tests written and forwards millions of emails each month.

How do I host this myself?

You will need to set up your own server with Postfix so that you can pipe the received mail to the application. You can find more information here.

For those who prefer using Docker there is an image you can use here - github.com/anonaddy/docker.

Contact

I couldn't find an answer to my question, how can I contact you?

For any other questions just send an email to the address shown on the contact page.