What you need to know about Google’s new email alias system

Google is rolling out a new feature called Shielded Email, designed to give people more control over their inboxes and protect their primary email addresses. This system allows you to create temporary email aliases, helping to reduce spam and unwanted emails while keeping your real email private.

Although Shielded email could improve your email security in some ways, it also raises questions about data privacy and control. Considering Google’s history with third-party data sharing, you may wonder what Shielded Email could mean for your personal information. Let’s break down how Shielded Email works, its potential benefits, and the privacy implications you should know about.

What is Google’s Shielded Email feature?

Google’s Shielded Email is a feature that lets you create temporary email aliases to protect your primary email address. The Google email alias system allows you to forward messages to your Gmail account, keeping your real address private. This helps reduce spam and unwanted emails, especially when signing up for new services or apps.

Google’s Shielded Email offers a way to create temporary email aliases, helping to protect your primary email address. This feature allows users to sign up for services, receive, and reply to emails without exposing their main address. By keeping your real email private, it can reduce spam and other unwanted messages.

With so many online platforms requiring email addresses, tools like Shielded Email aim to address growing concerns about privacy and data security. Email aliases also let users trace which services might be sharing their information. If an alias starts receiving spam, you can identify the source and disable it, ensuring better control over your inbox.

Apple introduced a similar feature, “Hide My Email,” in 2021, though it’s only available to iCloud+ subscribers. Shielded Email is expected to be available to all Gmail users, which could make it more widely accessible. However, it’s unclear if Google will eventually tie the feature to a paid service. A launch date has yet to be confirmed.

How does Gmail’s Shielded Email work?

Google’s Shielded Email lets you create temporary email aliases to mask your primary Gmail address and better manage your inbox. For instance, you can use aliases when signing up for newsletters, shopping online, or registering on less-trusted websites. This helps shield your primary email from spam and unwanted messages while keeping your inbox organized.

Using aliases tailored to specific platforms can also help you identify which services may be misusing your email address. If spam becomes an issue, you can easily disable the alias without affecting your main inbox.

Here’s how it works:

Creating and using temporary email aliases

When signing up for a new service, you can generate a Shielded Email alias instead of providing your main email address. This alias works as a substitute, keeping your real address private. 

Email forwarding mechanism

The alias serves as a forwarding address. Messages sent to the alias are forwarded to your Gmail inbox, allowing you to receive emails normally without exposing your primary address. This ensures you receive important emails while keeping your real address hidden from senders.

Disabling forwarding from an alias

If an alias starts receiving spam, you can disable forwarding to stop these emails from reaching your inbox. While the exact steps are yet to be confirmed upon release, you’ll likely manage aliases through Gmail settings:

1. Open Gmail and go to Settings.
2. Navigate to the Forwarding and POP/IMAP tab.
3. In the Forwarding section, locate the specific alias and select the option to disable forwarding.
4. Save your changes.

This process allows you to effectively manage unwanted emails by controlling which aliases are forwarded to your primary account.

Shielded Email vs. existing private email services

Shielded Email is a new feature for Google, but other services have used similar features for several years. 

Apple’s Hide My Email

Apple’s Hide My Email was introduced in September 2021 as part of its iCloud+ subscription. It allows people to create random email addresses that forward messages to their personal inbox, keeping their real email private.

Hide My Email is limited to those with an iCloud+ subscription, though Shielded Email is expected to be available to all Gmail users. Hide My Email is also tied to Apple’s ecosystem, so only people with Apple devices and services can use it. Gmail’s wider accessibility could make it more appealing to people wanting to shield their email addresses.

Third-Party Services (e.g., SimpleLogin, AnonAddy)

Third-party services like SimpleLogin (launched in 2019) and AnonAddy (introduced in 2020) also allow people to create temporary email addresses that are forwarded to their primary inbox. Like Shielded Email, these tools aim to protect your main email address from being exposed.

These services are often flexible, including features like custom domain support, which Shielded Email doesn’t currently offer. They also emphasize privacy, with advanced settings designed to limit data sharing. 

Shielded Email is part of Gmail and follows Google’s data policies. These services are independent, so they may appeal to people looking for alternatives to big tech companies.

Alias email forwarding: The positive side of privacy

Email aliases can enhance your privacy. Shielded Email helps by hiding your primary email address. This reduces the chances of your address being added to spam lists or targeted in data breaches. It creates a layer of separation, making it harder for malicious actors to access your main inbox. This is useful when signing up for new services or interacting with unfamiliar platforms.

Aliases are also effective for managing spam. If an alias starts receiving unwanted messages, you can disable it without affecting your primary email. Likewise, aliases can help you identify the source of these unwanted emails. 

If you receive spam on an alias created for a specific service, you can trace the origin of the spam to that service. This makes it easier to identify platforms that might have shared or misused your email address.

Using unique aliases for each service can reduce the risk of phishing by isolating your primary email. For example, if one alias is compromised in a data breach, phishing attempts will target only that alias and not your main inbox. This adds a layer of protection, as attackers won’t have direct access to your primary email address.

The privacy benefits depend on the provider’s data handling practices. Shielded Email hides your primary address but still follows Google’s data policies. Some third-party services focus more on privacy and limit data sharing, which may offer stronger protection.

Read more: How to send an anonymous email

Alias email forwarding: Implications for your privacy

​​Shielded Email adds privacy by hiding your primary address, but it doesn’t fully protect the data shared through aliases. Google’s data policies still apply. This means information sent through aliases may be collected, analyzed, or shared with third parties. 

Google could track how aliases are used to improve analytics or refine targeted advertising. Even though your primary address is hidden, information about the services you interact with could still be linked to your broader Google profile. Google may use data about your activity to personalize ads or improve its services.

Managing multiple aliases can also be challenging. For example, if you use an alias for a newsletter but later forget which alias you assigned, unsubscribing or resolving issues could become more difficult. 

There are also performance concerns to consider. Delays in email forwarding could cause problems with time-sensitive emails. Some services may reject aliases, particularly if they have strict email verification systems or don’t support non-standard email formats. This might affect actions like verifying accounts or recovering passwords.

Is Gmail safe? Google’s history with user data and privacy

Google has faced scrutiny over its data privacy practices, with several incidents highlighting concerns about user data security and third-party sharing.

• Google+ data breach (2018): A software bug in the Google+ API exposed the personal data of over 500,000 users for around 3 years, including email addresses and profile data. This breach led to the shutdown of the Google+ platform.
• Leaked internal database (2013–2018): A leaked internal database revealed thousands of unreported privacy and security incidents within Google. This included the collection of sensitive data such as children’s voices and license plate information.
• Incognito mode tracking lawsuit (2020): A class-action lawsuit filed in June 2020 alleged that Google continued to collect user data during private browsing sessions in Chrome’s Incognito mode. The plaintiffs claimed that Google tracked browsing history and habits without consent, leading to a proposed $5 billion settlement in April 2024. Google then agreed to delete billions of records.
• Location data collection controversy (2021): Documents from a lawsuit revealed that Google made it difficult for users to disable location tracking. Even with location sharing turned off, the company allegedly continued collecting location data, raising questions about privacy.
• Google Fi customer data breach (2023): In January 2023, a breach at T-Mobile compromised the data of over 37 million customers, including those using Google Fi, Google’s mobile virtual network operator service. The exposed information included phone numbers and addresses, raising concerns about the security of user data managed by Google’s partners.

Google’s business model includes data-driven advertising, which relies on collecting extensive user information, such as browsing habits and location data. While Google states that personally identifiable information (PII) is not shared without consent, the volume of data collected has left some concerned about privacy. Even aggregated data can reveal behaviors that may provide insights into your activity. 

Third-party app access can also implicate your privacy. Features like “Sign in with Google” allow people to log in to apps using their Google credentials. While this is convenient, it also grants apps access to user data. Permissions must be explicitly granted, but the data may still be more than what’s expected. Reviewing permissions before granting access can help prevent unwanted or excessive data sharing.

Google Shielded Email: Privacy and security recommendations

While Shielded Email can improve your privacy, managing it effectively and adopting additional practices can further protect your digital identity. Here are some steps to consider:

• Regularly review and manage your aliases: Check your Shielded Email aliases regularly. Disable any that are no longer needed or have become sources of spam. This keeps your inbox organized and reduces privacy risks.
• Stay informed about Google’s privacy practices: Keep track of updates to Google’s data-sharing policies, so you know how your information is used and the impact on your privacy.
• Adjust your Gmail privacy settings: Enable features like two-factor authentication, use strong passwords, and review account permissions to prevent third parties from accessing your data. 
• Utilize a high-quality VPN: ExpressVPN encrypts your internet connection and hides your IP address. This prevents tracking, protects your data on public Wi-Fi, and adds a layer of privacy when accessing your Gmail account.
• Consider privacy-focused email providers: Explore encrypted email services like ProtonMail or Tutanota if you want to limit data sharing. These options offer more control over your information.
• Use privacy-enhancing browser tools: Add Chrome browser extensions like Privacy Badger or uBlock Origin. These tools block trackers and ads, reducing phishing risks and unwanted data collection. You can also try the ExpressVPN Chrome browser extension to mask your activity and stop unwanted data collection.

Get ExpressVPN