Practical privacy and simple cybersecurity.
TheNewOil.org

2023 Review: AnonAddy & SimpleLogin

Disclosure: I have an affiliate link with SimpleLogin that gives me credit towards my own SL account. You do not have to use this link, I provide a non-affiliate link at the end, and I tried my best to be unbiased in this review.

In this review, I’ve decided to lump both AnonAddy and SimpleLogin into the same review because they’re so incredibly similar in their offerings and features, though I will note any differences between them. I don’t think of this blog as “AnonAddy vs SimpleLogin,” though I’m sure it will help anyone who’s on the fence decide between the two. Rather, I present this as simply two tools you can use to achieve the same protection. I keep referring to AnonAddy first because I’m listing them in alphabetical order.

It's also worth noting that I'm aware of DuckDuckGo, Firefox Relay, Ironvest, and MySudo as email aliasing solutions. If one of these work for you, more power to you. However, in my opinion, each of these services comes with significant shortcomings that make them far inferior to AnonAddy and SimpleLogin, so while they're perfectly safe to use, I tend to recommend the other two services instead for their increased usability and functionality.

The Services

AnonAddy and SimpleLogin are both email forwarding services. Having an account allows you to create an email address – such as “f9f24233-d80b-4e17-a689-b7f1d0cc04c8@anonaddy.me” or “panguingue_graphostatic@aleeas.com” (although sometimes they can words you've heard of like “sunshine” or “porter”). These email addresses then forward any mail they receive to the mailbox of your choice, such as thenewoil@proton.me. I highly encourage the use of one – or both – of these services. The practical reason is that for most of us, email is the central hub of our lives. Everything is managed from that one inbox, from newsletters and Netflix to doctor’s appointments, job offers, and important correspondence. The compromise of an email account is the digital equivalent of getting kicked out of your own house. If your email address gets exposed in a data breach – which it certainly will if it hasn’t already – that’s half of the required login exposed, leaving only the password to be guessed for access. This can be mitigated by using strong, unique passwords and two-factor authentication, but the exposure of an email address can still be used in other ways, such as phishing attacks (ex, “there's a problem with your Amazon order, click here to fix it”) or tracking you across the various accounts and websites (there are tons of free online tools where you can type in an email address and see everywhere that email address has been used to create an account), leading to stalking by both individuals and companies.

The Good

Both services offer a free tier with premium, paid features. AnonAddy offers Lite ($12/year) and Pro ($36/year or $4/month) paid plans, while SimpleLogin offers only a single Premium paid plan for $30/year (or $4/month). In addition, both offer F-Droid apps, as well as Google Play and Apple App Store apps, allowing you to create alias addresses on the go. Both allow you to import your public PGP key (free for AnonAddy, paid feature for SimpleLogin), both support the use of custom domains (paid feature for both), and both allow catch-all email addresses (meaning if I make up an email address on the spot, that email address will be automatically created and forwarded to me as soon as the first email is sent, free for AnonAddy, paid feature for SimpleLogin). Both offer TOTP and security key two-factor authentication, share the ability to set a custom default sender name (global on AnonAddy, per domain on SimpleLogin) and offer web extensions for Chromium- and Firefox-based browsers (SimpleLogin has a Safari exension, AnonAddy does not).

Here's where things start to diverge. The biggest noticeable difference is that SimpleLogin offers “subdomains,” such as “thenewoil.aleeas.com.” To be honest, I have struggled for years to understand the point of these things, and I still don't. From what I can tell, they're basically the same as catch-all email addresses except if you don't have your own custom domain or don't want to use it for whatever reason? To each their own I suppose. They also offer Directories, which as far as I can tell work basically the same way but in a different format (rather than “example@thenewoil.aleeas.com,” a Directory email might look like “example+username@aleeas.com”). AnonAddy has a slightly similar setup with usernames (ex, “thenewoil.anonaddy.me”) except it doesn't function as a catchall, but does allow you to enter a custom alias so you could use things like “amazon@thenewoil.anonaddy.me” even if you're not a paying customer. AnonAddy also offers you the option to replace email subjects so that the true subject isn’t visible, which is a shortcoming of PGP. I was not able to find any such feature in SimpleLogin, but SimpleLogin does counter by allowing you to change the sender name on a per-alias basis rather than globally like AnonAddy (in other words, with AnonAddy I have to pick one sender name and use it on all aliases, with SimpleLogin I can pick a single alias and change the sender name). SimpleLogin also offers enterprise solutions if you happen to be responsible for a company, and as mentioned AnonAddy does not have a Safari extension.

Really the biggest thing that sets them apart these days is that SimpleLogin was acquired by Proton in 2022. This is either good or bad, depending on your philosophies. If you like Proton and like having everything in one convenient ecosystem, then you'll enjoy the way that SimpleLogin is included with your Proton Unlimited subscription (if you have one) or the way it integrates by default into Proton's new password manager, Pass (you only get 10 alias emails on the free plan, but unlimited on the “Plus” or “Proton Unlimited” plan). If you dislike Proton – or prefer not have all your eggs in one basket – then this a ding against SimpleLogin and you may wish to look into AnonAddy instead (or you can simply choose to create a separate account for both Proton and SimpleLogin, you don't have to link them but you do get some integration advantages if you do). (If you're interested in a single ecosystem or checking out Proton, I also have a Proton affiliate link which you can use to sign up here. Of course, if you're not comfortable with affiliate links, you can just visit Proton.me directly.)

The Bad

There's not a lot of bad things to say about either service, but of course no service is without flaw. For AnonAddy, my biggest concern is the mobile apps, which appear to be fan-made and not officially supported. AnonAddy also has a limited number of custom domains, a limited amount of bandwidth (except for the Pro plan), and a limited number of email addresses you can receive to. The bandwidth thing is probably not an issue for most people, but keep in mind that if your bandwidth is exceeded that means they won’t forward any emails for you for the rest of the month until your new “billing cycle” restarts. The bigger issue to me is the limited number of emails you can send and receive – 20/50 (100 for the Pro plan). While most people probably don’t send 50 or even 20 emails in a single month, it’s something to be aware of if you’re a power user.

The drawbacks of SimpleLogin are that it is less feature-rich than AnonAddy. It may come with the Subdomain and Directory features, but as I mentioned I can't figure out the point of having both of those, especially when they're both paid features anyways, and especially when AnonAddy offers interesting features like the ability to change the subject line (probably a niche feature, to be fair, but still a cool one). SimpleLogin’s free tier is also much more restrictive than AnonAddy’s (can’t use PGP, 1 recipient inbox to AnonAddy’s 2). But they do make up for it in the paid tier by offering unlimited bandwidth, unlimited reply/send even on the free tier, and even a lower price (compared to the AnonAddy Pro plan).

Final Verdict

In the past, I've used both of these services, found them almost identical. Being that I consider a custom domain to be a valuable part of a privacy strategy, I think the average user could get away with AnonAddy’s Lite tier ($12/year, $1/month), but SimpleLogin’s Premium will be the better bang for the buck with all the unlimited features. If you can't afford either and don't send or receive a lot of emails, I think AnonAddy is the better choice since you can create unlimited aliases (and ideally the best way to use an aliasing service to use a unique alias on every single site to better control spam and avoid credential stuffing attacks). If you're on a tight budget but do send and/or receive a lot of emails, you may need SimpleLogin's unlimited bandwidth out of necessity. Neither service is bad and they really come down to what you want or need out of them and the price you’re willing to pay for those features you want. I’ve found both to be extremely user friendly and affordable. I encourage you to explore their pricing options for yourself, and maybe even sign up for a free account for both to decide which is best for you.

You can check out AnonAddy’s Pricing here and SimpleLogin’s Pricing here and sign up for each service at their respective websites. If you decide to sign up with SimpleLogin, please consider using my affiliate link. I will not see any information about you, but I will get a few bucks added to my SimpleLogin account if you purchase a paid plan, which means more money I can put toward other The New Oil-related projects. Of course, I understand that not everyone is a fan of affiliate links, so no hard feelings if you choose not to use it. The important thing is that you use one of these services and start protecting yourself.

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...