Email is a flawed protocol. It’s the digital equivalent to sending a post card in the mail. The mailman can read your postcard, as can everyone between the origin and the destination. It is prone to getting spam and junk since it’s a single address. Once spam/junk senders get a hold of your email, it gets sold and shared until you give up and create a new account. These are just some of the problems we’re going to talk about solving today.
So to start with, lets look at the ol’ postcard problem. The solution to this is to encrypt your emails end-to-end. That way the only person that can read your email content is the intended recipient. This is usually done using PGP encryption and requires both parties to have an pair of encryption keys. One private that they keep secure, and one public that they share with their contacts. The public key is used to encrypt an email and the recipient uses their private key to decrypt it and read the contents. The problem here is that it tends to be cumbersome and confusing. That’s where services like ProtonMail and Tutanota come in. They handle the encryption and decryption for you. They typically limit you to sending to other users of the same service however. If I use ProtonMail to send an email to another ProtonMail user, it’s encrypted and only the recipient can read it. Similar with Tutanota.
The problem comes when I want to send an encrypted email to my friend who’s still using gmail. At that point I can either send a ProtonMail encrypted email to them or I can import their public encryption key in my contacts. The former ends up being a plaintext email to my friend that has a link for them. The link takes them to the contents of my email and can be decrypted with a password I’ve share with them using a different secure method. The problem with importing the public encryption key in my contacts is that they have to be using PGP encryption manually, and many people don’t do that.
The great thing about these providers is that they make it easy to use email encryption. I can send and receive email from anyone using PGP encryption because I can import their public key into my contacts and share my public key with them. Of course if they’re using the same service as I am, I don’t have to go through any of that trouble and it does it all for me.
So that solves the “postcard problem” we talked about earlier as much as you can solve that problem. Lets talk about the problem of using your same email address with every site/service and end up getting a bunch of spam/junk emails. This is where Blur comes in. With Blur, you’re able to generate a new email address for every site or service you use. The new email addresses all forward to your real email address. This means you aren’t going to have to sign into a bunch of different email accounts or setup a bunch of forwarding rules in order to get your emails in one inbox.
So blur lets you use a different email address with everything while masking your real email address. You can even reply to an email in your normal client and it’ll look like it’s coming from your new Blur email address. The big benefit here, is that it puts all the control back in your hands. Now if you start getting spam email sent to one of your blur addresses, you know exactly what site you used that email on. You can sign into Blur and disable or delete that email address. Then you have to decide if you want to make a new email address and update the site you originally gave that address to. The tricky part here is trying to decide if they sold your email address or if it got leaked inadvertently. Either way, you’re in control of whether or not you continue to get emails at that address or from that site
The big downside to using Blur is that now you have 100+ different email addresses that are randomly generated. How are you supposed to know what email address you used on what site? Well, one way is to label your email addresses in Blur so that you know where you used them. An arguably better way is to use a password manager. You should already be using a password manager, so if you aren’t you should get on that. A password manager will keep track of your username (usually an email address nowadays) and password for every site you use. This way, you don’t have to remember what email address you used for a site or even what password you used. You can just use a password manager and use a different email address and different password for everything.
This will also help you be more secure. For example, lets say you signed up for a gardening forum with a Blur email address. All of the sudden that gardening forum gets hacked and the user’s emails and passwords are exposed. So hackers start trying to use those email address and password combinations on other sites. Maybe they try logging into bank’s websites and other financial websites in order to try stealing your money. Well, hopefully you use a password manager so the gardening forum has a different password anyway, but since you used Blur… even the email address is different. They aren’t going to be successful trying your account now, none of the information they have matches what your bank has. A good place to check if your email has already been part of a data breach is Have I Been Pwned. You’ll be able to search your email address and see any breaches that contain your email address.
Now some people may say they aren’t comfortable using a Blur address for sensitive things like your bank. That’s a valid concern, but I’d argue not in the same way most people think. You bank should never be sending sensitive information in an email. As we already talked about, that’d be like sending your bank statement on a postcard. So there shouldn’t be anything sensitive for Blur to see when the email runs through their service. The concern I’d have, is that account is very important to maintain access to. That means that if Blur was ever to shutdown its email masking service and stop forwarding the emails to you, you could lose access to your bank account. I don’t see that happening anytime soon, and I’d hope they’d send their users a notification with plenty of time to respond if that’s something they ever considered shutting down, but it is a risk. If that was to happen, I’d imagine you could always call your bank or go into a branch location in order to gain access again, but it’s a concern I wanted to address.
So, now we’ve talked about how you can secure your email communications with your contacts and how you can gain control of your email from spam and hackers. Get out there and sign up for a free account if you haven’t already. Start switching your accounts over to a Blur address. It may be a pain, but there’s no rush. Move your important things over first, then as you get emails to your old account go and update the email with them to a Blur address. After a few months, everything will be running through Blur and if you decide to change emails later (say from gmail to Protonmail) you just have to switch what email address Blur forwards your emails to. Blur will make it easy to switch email providers in the future, you will no longer feel trapped in a provider fearing you’ll miss something if you switch.
Links from article for convenience:
ProtonMail
Tutanota
Blur
Have I Been Pwned
Bryan's Blog 