Skip to main content

Exploring Options for Email Aliases

Recently I explored various options of creating email aliases.

I care about the following factors:

  • [Critical] Limits: I may need to create ~100 or ~200 aliases.
  • [Critical] Retain email envelope: I should be able to see the original "from" and "to" addresses.
  • [Critical] Catch-all: I want to catch all emails that are sent to unknown addresses.
  • [Critical] Reliability: The service should "just work".
  • [Important] Easy to create a new alias: it should be easy to create a new one. API support would be ideal.
  • [Important] Tagging/Comment: I'd like to add a comment to an alias to remember why it was created. Note that the alias itself may be totally random
  • [Nice to have] Send As: it's nice to be able to send email as the alias.


Cloudflare Email Routing

Doc

  • Maximum of 200 rules
  • A few clicks to create a new rule. There is easy-to-use API.
  • I saw an example where the service is not so reliable, there are also similar complains in the cloudflare forum.
  • Allows a catch-all rule.
  • In the web UI it doesn't allow adding comments to a rule. It is possible to set real_user+comment@gmail.com as the destination for gmail, but I'll need to verify each destinationas a separate email address, which is annoying.
    • The API supports adding comments to each rule
  • It doesn't support "send-as". But possible with standard SPF settings.
Overall I find this option very nice for casual usage.


Google Workspace Groups

  • Unlimited groups, but an account can be an owner of at most 1000 groups.
  • Email envelopes are modified. I see "from group@ to user@" instead of "from sender@ to group@".
  • Lots of steps to create a new group, e.g. I need to allow external posting, bypass spam filter etc. There is API but difficult to use.
  • It is easy to set up catch-all rules.
  • Comments can be added to group description.
  • It does not support "send-as". But Gmail supports it with extra setup.
It is a deal breaker that the email envelopes are modified. Otherwise it can be an OK option.

Google Workspace Email Routing

For each alias, create a new routing rule.
  • Maximum 1000 rules (recommended limit)
  • Email envelopes are not modified if using the correct options.
  • Difficult to add catch-all rules, because aliases are also unrecognized address.
  • It takes quite a few steps to create a new rule. No API support.
  • Comments can be added to the description of a routing rule.
  • It does not support "send-as". Maybe possible with some Gmail setup.
A good option if there are not so many aliases, and if it requires complicated routing logic.


Google Workspace Address Map

  • Limt is 5000 or 300
  • Difficult to add catch-all rules, because aliases are also unrecognized address.
  • Easy to add new alises. Supports bulk import.
  • No support to comments, but possible to use "+comment" if the destination is a gmail address.
  • Does not support "send-as"
A good option if catch-all rules are not required.


Google Workspace Address List

Add all alises into one or more address list. Then add one routing rule to forward them.
  • 100000 addresses per list.
  • Easy to add catch-all rules. Just skip the catch-all rules for the address lists.
  • Easy to add new aliases. No API support.
  • Does not support comments.
  • Does not support "send-as"
A good option if:
  • comments are not required
  • it is OK to forward all aliases (in the same list) to the same destination

Google Workspace Email Alias

Doc 
  • 30 aliases per account
  • Easy to add catch-all rules.
  • Easy to add new aliases. With API support.
  • Does not support comments.
  • Supports "send-as"
A good option if "send-as" is required. Otherwise the limit is too small.


Others

There are other options that I have heard of, but not explored.

Comments

Popular posts from this blog

Determine Perspective Lines With Off-page Vanishing Point

In perspective drawing, a vanishing point represents a group of parallel lines, in other words, a direction. For any point on the paper, if we want a line towards the same direction (in the 3d space), we simply draw a line through it and the vanishing point. But sometimes the vanishing point is too far away, such that it is outside the paper/canvas. In this example, we have a point P and two perspective lines L1 and L2. The vanishing point VP is naturally the intersection of L1 and L2. The task is to draw a line through P and VP, without having VP on the paper. I am aware of a few traditional solutions: 1. Use extra pieces of paper such that we can extend L1 and L2 until we see VP. 2. Draw everything in a smaller scale, such that we can see both P and VP on the paper. Draw the line and scale everything back. 3. Draw a perspective grid using the Brewer Method. #1 and #2 might be quite practical. #3 may not guarantee a solution, unless we can measure distances/p...

Hardware Password Manager

[Updates 2025-01-20] The original blog post assumes that all passwords are stored in one password manager, and the password manager either unlocks everything or nothing (e.g. Keepass). After discussing with friends, I realized that if I use something like pass , and I use a hardware GPG token, I can actually store and sync all encrypted passwords to all devices, because I will only decrypt the passwords on demand, and the computer will not see the GPG private key. The compromise is that the computer will see the list of all password entries (e.g. accounts), as well as a few other issues . I've been using Keepass for many years. I don't use online password services because I cannot fully trust them. Besides, I may not always have Internet connection, which is why I also don't use a self-hosted service. Everything has been working fine, until I turn my paranoid knob to the max. Here's the thought experiment . The Imaginary Scenario Let's say I have 100 PCs for differe...

ESP32S3: Flash Encryption and Secure Boot

Flash encryption and secure boot are useful security features for ESP32S3 chip. While not perfect, they definitely make it harder to extract the secrets in the chip. However, it is tricky to enable both features at the same time. The topic is actually discussed in the official documentation: ESP32S3 Security Features Security Features Enablement Workflows Especially, the second one mentioned it is recommended to enable flash encryption before secure boot. But I still find the documentation confusing. In the end I was able to successfully enable both, here's my findings. My Understanding After my adventure, here's what I think could have worked. WARNING, this is untested. Follow  Security Features Enablement Workflows : Burn all the keys, as long as their purpose eFuses and read/write protections Burn other security eFuses, but DO NOT burn ENABLE_SECURITY_DOWNLOAD in the middle, which is mentined at the end of the instruction for both flash encryption and secure boot. Burn...