SimpleLogin (manage email aliases and dynamically reply as the alias!)

A Former User

@robi said in SimpleLogin (manage email aliases and dynamically reply as the alias!):

@bushido there is no limit.

Thanks for your quick reply.

marcusquinn

The advantage of packaging Simple Login is that you can then use their browser extension to create randomised or keyworded aliases on the fly when signing up to newsletters etc.

It's similar to the way LanguageTool selfhosted works with their browser extension changing the API key to your self-hosted instance.

Set your self-hosted URL:

And API Key:

Magic. Your email aliases, that you can keep forever without having to keep a subscription running for them to stay working.

marcusquinn

Just noticed, they have been acquired by Proton. I'd say that's reassuring for long-term support:

• https://proton.me/

I've looked at comparable apps in this area, and Simple Login does seem to be the best user experience.

jayonrails

@girish @nebulon what would it cost to spoonsor this app for Cloudron?

girish

This app is sort of like an email server of it's own (and it's own dns setup), requires port 25 to be open etc. So, it's not easy to setup within Cloudron itself. I think for now it's best to run it outside in a separate VPS.

privsec

@girish said in SimpleLogin (manage email aliases and dynamically reply as the alias!):

This app is sort of like an email server of it's own (and it's own dns setup), requires port 25 to be open etc. So, it's not easy to setup within Cloudron itself. I think for now it's best to run it outside in a separate VPS.

Is it possible to rebuild the email server implementing these features?

jayonrails

@privsec I am totally on that, too.

girish

While there is no extension, one can use wildcard aliases - https://docs.cloudron.io/apps/#aliases . So, you can add blah* and then handout blah1231 or whatever you like.

But I guess one would want to track with a label or equivalent of the created aliases and what they were used for. (That's what I think this app does). One can create some strategy like blah-service-one or something like that.

girish

Also, I use mail+service@domain.com and this has worked many years now. See https://docs.cloudron.io/email/#subaddresses

Is there any specific benefit to random addresses?

marcusquinn

@girish I guess anyone can just strip the +service part from the address quite easily.

I'm trying to think how one would make this work using the same domain but perhaps somehow having different MX records for each server that would look for if an email address is able to receive.

marcusquinn

@girish I guess the wildcard solution only works for those receiving emails to a catchall mailbox. Wouldn't work for multiple user's separation of emails on the same domain.

Perhaps there's a way to replicate the Simple Login hooks to work with Cloudron API? That way you get Cloudron mailbox and alias management, and Simple Logins' already developed browser extensions?

girish

@marcusquinn the wildcard is aliases. This is different from the catch all feature. You can set wildcard aliases on a mailbox.

jdaviescoates

@girish said in SimpleLogin (manage email aliases and dynamically reply as the alias!):

You can set wildcard aliases on a mailbox.

As explained here https://docs.cloudron.io/email/#mail-aliases

marcusquinn

OK, so:

john@example.com and jane@example.com are not Cloudron Admins, but their mailboxes are hosting in a Cloudron service — both want to sign up to newsletters and make online purchases, without their email address getting onto mailing lists, and without having the +service part being removed to become their main email address.

What email addresses do John and Jane put into those forms?

girish

@marcusquinn you, as the Cloudron admin, would add a wildcard alias for the john@example.com. This alias can be named johnservices*@example.com .

Then, you tell john to use that wildcard alias, however, he wants. johnservices-service1, johnservices-service-2, johnservices-srv-three .. However, he wants. Replies will end in his mailbox.

Also, I don't think simplelogin has multiple users either for a custom domain - https://github.com/simple-login/app/discussions/1359 .

marcusquinn

@girish OK, sorta makes sense, so basically the Admin has to setup and explain this feature in onboarding, and disposable aliases are manually created, but only removed on request from user to Admin.

Really the convenience of the browser extension is in making unique non-decypherable aliases on the fly in email inputs, eg, if I open the extension on this website (https://bakadesuyo.com) I get this in the extensions:

Multiple domain options:

Or something totally random:

And I can also delete them in the extensions.

I see what you're saying, and I can cope with that for personal use, and could perhaps document it for client use — if anyone would ever care about that sort of thing with a work email address anyway, because spam is usually IT's problem.

So, just really documenting here to show the differences in delivery and user experience.

Given you have A solution, that probably demotes this option to more of a convenience app, than a whole new feature.

We'll probably get it running some other way though, as my attention span is precious, and protecting that from Inbox time-costs is an ongoing need.

necrevistonnezr

@marcusquinn BTW Vaultwarden has similar functionality - though more suitable if you want to use an alias for a login: https://forum.cloudron.io/topic/7144/add-privacy-and-security-using-email-aliases-with-bitwarden

marcusquinn

@necrevistonnezr Good spot, I forgot about that. Seems you can't update the Simple Login URL with it though. You can with AnonAddy, so maybe this will work as a solution:

Say doing something like this:

RazielKanos

I just stumbled upon Simple Login and addy.io

it seems both offer a self-hosted option, and it would be BRILLIANT for rising your own security. That's exactly why i use Vaultwarden, and not Bitwarden. The addition of a browser plugin like Mozilla's Relay is very amazing too, since it helps non-techies to use this feature with ease.

Why isn't such a thing higher on the list?

marcusquinn

IMHO it's essential for a service like this to be self-hosted on one's own domain. Otherwise, you're locked into the providers email domains(s) for ever, unless you want to lose the relay.