Coming Soon: Gmail Shielded Email?


The blog-o-verse is all a twitter because very recently Android Authority discovered what may be new functionality coming for Gmail users: Email aliases, under the banner of "Shielded Email."

It's hard to know exactly how this will end up working, assuming it even is what we think it is. But that doesn't have to stop us from pondering what could be coming, and so add my name to the list of folks blogging about it now. Looking for other takes? Davey Winder gives his take for Forbes here, and that's a good place to start.

Let's start by recapping how Apple handles email aliases. They have long had alias support for iCloud users. You can create email aliases in iCloud webmail, or on your Mac running a recent version of MacOS, go to System Settings -> Apple Account -> iCloud+ Features + Hide my Email, hit the plus sign, and Apple will offer up a "Hide My Email" email alias for you. Testing that just now, Apple offered me something along the lines of word1-word2-0n@icloud.com, meaning that the aliases are under the same domain (icloud.com) as "real" iCloud email addresses.

I'm going to start from the assumption that Gmail alias addresses will probably be similar, in that the system is likely to generate a series of words, or letters and numbers, or both, at gmail.com, instead of some specific alias domain. You probably wouldn't want these to be at a different domain as you don't want them to stick out as aliases, because companies could decline to accept them at point of capture, filter them out, or otherwise handle them differently, undermining Gmail user control and desire. But to keep namespace (username) collisions to a minimum, you'll probably want to suggest specific alias names, and have a large and robust dictionary and random generator functionality.

What does this mean for email senders? Nothing, yet, as the functionality isn't live and we don't know exactly how it works. But it's good to be informed, and start thinking about what could happen. If Gmail users broadly adopt email aliases to hand out unique addresses to different companies, it's likely that, as they revoke/disable those aliases, sender bounce rates could increase, and deliverability could be negatively impacted as a result. Some mailbox providers used to look closely at bounce rates as part of IP reputation, and this could end up generating some interesting data back to Gmail to denote who keeps attempting to hammer on "dead" email aliases. Will it, and what could they do with it, this all remains to be seen.

Subscribers will very likely be able to revoke aliases, and like will, if and when they tire of hearing from you. Keeping your messaging compelling, useful, and interesting, was already important, based on Gmail's reliance on engagement-based spam filtering, and continues to be important, now with the risk that your mail will stop getting through entirely, versus going unnoticed in the spam folder.

Gmail has supported "address plussing" for years (and that you can also do funny stuff with dots in Gmail email addresses). But "Shielded Email" strikes me as different, and significantly so. There's no easy way to disable a "plussed" address variation, and bad guys could easily just strip the plus sign and anything after, to bring the address back to its original version, undermining a user's ability to denote whom they gave their email address to. With email aliases made up of a whole new, unique username string, in the existing Gmail domain, those addresses won't be easy to handle differently nor can they be simply stripped or reformatted to reveal the actual destination email address.

Find more about Apple's "Hide My Email" functionality here.

(Today's fun fact: I wrote a shell script to pull random words from MacOS's built in dictionary to generate the fake email addresses seen in the post's hero image. Want your computer to spit out a thousand random words? Type "cat /usr/share/dict/words | sort -R | head -1000" from the command line.)
Post a Comment

Comments