DuckDuckGo launch a new email protection service

I wasn’t sure if I should make a new thread for this or post it over in the WWDC thread, as I read it on macrumors and it serves as competition to iCloud+.

I settled on a new thread, primarily because I think it’s uniquely interesting, particularly thinking of future adaptations. You can read about the announcement here and join the wait list early for those good vanity aliases. I’ll race you to david@duck.com :wink:

As of now, although it seems to just be a scan, remove tracker, and forward service; a firewall of sorts, I think in this instance, and the fact it comes from a Google competitor is particularly exciting. I hope it doesn’t end there, and that they expand it into a full featured privacy focused email service. I’d use it, and Google needs a serious challenger with respect to platform agnostic big data. DuckDuckGo are arguable best poised for that challenge IMO.

7 Likes

Looks really interesting. I love anything that reduces the collection of my data around the internet without affecting convenience.

By the way, for email severs I use and can recommend protonmail.

2 Likes

Love this from them!

Am a very happy Fastmail user rn but always glad to see more competition from good companies, especially if they can go up against Google even a little bit.

2 Likes

Ignore me, it’s been a long day :rofl:

1 Like

It doesn’t look like you can reply as the duck address, won’t that cause some issues where some companies use the email address as part of verification for when you contact them, and then it gives away your real address.

Which companies rely on sending you an email that you have to reply for verification?!

You probably shouldn’t be going near companies that rely on your email for verification! They’re so incredibly easily spoofed! In addition, it would make them a prime target for phishing! It’s very bad practice to use email for verification.

Just random small companies like Microsoft.

Oh dear. Do you have an example? I haven’t heard of Microsoft doing that personally.

Actually, I’m trying to remember and think it was a different procedure they put me through (there was some incredibly convoluted multi-day process I had to go through to cancel a service with them). I’m probably thinking of clicking a link in an email they sent.

2 Likes

Like, Monzo?

3 Likes

I don’t want this to become another magic links are bad thread.

And whilst I generally think the concept is flawed, it’s not quite the issue being discussing here. You don’t have to reply to the email Monzo send you to verify. You just have to click the link in the email (this sort of process should still work with ddg). That makes it ripe for a phishing scam, but it doesn’t open you up to the sort of fraud that someone spoofing your email to verify themselves to a company as you does.

2 Likes

A ton of companies wouldn’t reply to an email they don’t hold on file. That’s not unusual at all.

4 Likes

It’s not always the verification, but can contribute to it,

Replying or contacting from another address always raises suspicion as it should, and will cause more of a hassle with extra verification.

3 Likes

Any examples of that?

If you’re emailing a company, the agent who receives it won’t usually have immediate access to that information, may be different with smaller companies.

When I engage in email discussions with companies, I’ve never been identified or verified by the email address I’m sending from. In fact when I email from the email they have on file expecting that to identify me, I usually receive a reply asking for details so they can figure out who I am. This often involves a customer number, an order number, your name and address, or a login user name. Never, in my many years of using the internet, has anyone used my sending email as a sole means of verifying I am who I say I am, or deciding to respond.

As above, do you have any examples of that being the case? I’m in the industry that build these systems for companies, and this is the first I’ve ever heard of email being used in that way for verification. It’s something I’d love to look into and explore with my peers if you have any notable examples of it happening!

It’s worth remembering, email forwarding is not a new concept either. It’s one of the reasons they’re threaded.

I don’t have examples no, because it’s happened a lot of times that I wouldn’t ever think to log or record or recollect them.

It’s usually sorted fairly easily by verifying something else but it’s certainly not uncommon to see. You clearly either have not changed email too much, or have been just lucky, or just don’t have many accounts.

Best not to assume, because you couldn’t be more wrong here!

I have an obscene number of throwaway protonmails that I use for signing up to company mailing lists so I can buy stuff, or random forums like this one so I can engage with folk (though I’m using a random gmail account for this forum account). Emails are forwarded to my iCloud. When I need to raise a support query over email, I’ll use an iCloud alias, and I’ve been known to swap between aliases within a single conversation thread too. Never had any issues over that. I doubt the agent notices, and if they did, the entire history is threaded in every sent email, and the headers will validate things anyway.

Like I said, you clearly are just lucky with what dealings you have to have never once ever had this occur.

2 Likes

Perhaps. Or perhaps you’re just unlucky! I have a lot of dealings with a lot of different companies!

If you (or anyone) ever remembers an incident, or a specific company, please do share it! Especially if they have a bug bounty program. :wink:

Reminds me of the vets in the old days, back when mobiles were new. You have the audacity to call them from a number different to your landline, and they wouldn’t discuss anything with you. Data protection has come a long way since then, thankfully.

4 Likes

I’d agree that bigger companies who are getting these custom made systems will have seen and had processes for alternative verification, so you won’t run into that many issues.

Maybe me coming from business email compromise being a massive issue and headache at work makes me think a different reply address is a bigger issue than it is.

Although as said above contacting a big company who have processes and are just dealing with ‘small’ things and can send a password reset link to the forwarder email to get back into an account, or at worst swallow the cost of a product if they don’t stop the potential fraud but give a better customer service , but when it comes to places like your mortgage broker or situations where business email compromise is an issue then I think you’ll run into issues.

I’ve had to use my account address when contacting my health insurance in another country, I’m sure they could use some other verification but would probably require going to branch with ID.

Edit to add, I’ve seen crappy ticketing systems that will create a new ticket and put you at the back of the queue when replying from another address, although most won’t have this issue.

2 Likes

I’ve never been able to reply from the same address I’ve used to set up any account I have on the internet. :sweat_smile: I never use my personal email address for bank accounts, and similarly to @N26throwaway I’ve never had a problem with it.

But that’s neither here nor there, I’m sure there are some companies where it is an issue, and I’ve just avoided those! :smiley:

3 Likes