Yes, that was the message I got from haveibeenpwned.com, from Troy Hunt.
For those not familiar with the service, to make it short, it’s a huge database that collects all data breaches and makes them searchable. So you can simply check if your email addresses were leaked from online services you may use out there.
Well, receiving such notifications is not a bad thing after all, because it gives you the chance to act in advance taking some procedures to strengthen the security on your online accounts.
One of these procedures is changing your passwords to a (really) strong and unique ones, also setting up two-factor authentication to your accounts, when available.
Even though it helps to solve the problem, it doesn’t fix it completely. The problem goes far deeper than it looks like. Unique and strong passwords are really hard to properly manage and there is where passwords managers will help you a lot.
I personally recommend you to use 1Password (the one I’m using now), or Dashlane (which I’ve used for over 2 years), both are very secure apps which will help you managing and defining really strong passwords, among other things.
Good good! Problem solved then, right?
Basically, if you keep a strong and unique password for each one of your online accounts with additional security measures (such as two-factor authentication), will be much harder to one break your account in different services using pwned credentials, however, your email is still there and can be a target of many other types of spam, social-engineering or phishing attacks.
Now, how if we can put together a random strong and unique password to a random and unique email address to all your accounts, then you’ll create another security layer to your IDs. Right?
There is a (free) service out there called 10minutemail which pretty much gives you a random and disposable email address that, by default, only lasts for 10 minutes! It seems you can extend the address lifetime to forever, but the downside is you need to remember to refresh/ extend it every 10 minutes (of course)!
That’s a nice service that helps you quickly get random emails to signup for services you don’t actually wanna use, after all, it’ll be hard to get notifications from the service provider, or reset your password if you forget the email address or when it gets expired.
There’s also a guy who created a handful Chrome Extension and a tutorial of how to create random email addresses based on custom (cheap) domains using a trick with “catch-all” address! It seems to be a good way to make it happen, but the downside is it demands you to be comfortable managing domain registrations and emails setups! Plus it does not provide any additional feature to help you keep safe or stop spam, phishing or social engineering from emails leaked and shared over the Internet!
Well, then why not put the two ideas together and make myself something that could fill the gaps?
That’s how Mail Shield was born!
In short, Mail Shield creates random, unique and disposable email addresses (or shields as I’m calling them) that can be used elsewhere but delivers the messages to your inbox, pretty much like the strategy of using custom (cheap) domains would do.
However, all the received messages are tested against spam filters and custom blacklists even before been delivered to your inbox (where probably there’ll be another spam filtering).
Unlikely to what happens with the “catch-all” strategy, any existing shield can be paused (or deleted) at any time, stopping messages of being delivered to your inbox and helping you to get rid of annoying spammers.
Additionally, if you choose to not destroy a shield because of a single (or a few) guys sending you annoying messages, it’s also possible to simply blacklist the sender, which will also help (at a certain level) other people who are using the service.
A handy browser extension (only Google Chrome for now. Safari and Firefox are coming sometime soon) helps you getting new shields always you need one! With a single mouse click, there’ll be a new shield ready to be used on any online service, or shared to anyone, and delivering all received messages directly to your personal inbox.
Using this alongside a password manager (like 1Password) will help you create a new security level and online privacy layer to your life.
Mail Shield is on beta now and all its features are 100% free (ok, there’s no much right now, but I strongly believe they are really useful, and more will come).
If you have any questions or suggestions (feature requests, found bugs, etc) let me know. ;)
Last but not least … if you liked it, please help me to spread the word! Clap as much as you think it can be fair (the more the better, for sure but remember … 50 is the maximum 😬) and share this to your connections if you think it worth doing so.
Thanks for reading. See you using Mail Shield. 👋🍻