Privacy Tools Guide

Every developer knows the pain of exposing their primary email address across the internet. Whether you’re signing up for a new service, contributing to open source projects, or testing your own applications, your inbox becomes a target for spam, phishing attempts, and relentless marketing newsletters. A forwarding-only email address acts as a protective buffer—receiving messages at a disposable address and automatically forwarding them to your real inbox while keeping your actual email hidden from prying eyes.

Why Use a Forwarding-Only Email Address

Your primary email address is your digital identity. Once it circulates across enough databases, it becomes nearly impossible to escape the constant stream of spam and unwanted communications. A forwarding-only email address solves this problem by creating an intermediary layer between your real inbox and the outside world.

When you use a forwarding-only address, messages sent to the disposable alias arrive at your real inbox automatically. The sender never knows your actual email address unless you explicitly choose to reply from your primary account. This approach gives you complete control over which services have access to your real contact information while maintaining the convenience of receiving all your messages in one place.

For developers specifically, this technique proves invaluable when testing email workflows, building applications that send notifications, or managing multiple projects across different platforms. You can create unique forwarding addresses for each project or purpose, making it easy to identify which service has shared or sold your information.

Gmail and Google Workspace

Gmail offers forwarding capabilities through its settings interface. First, navigate to Settings > See all settings > Forwarding and POP/IMAP. Click “Add a forwarding address” and enter the destination email where you want messages delivered. Google will send a verification code to that address—enter it to complete the setup.

For developers who prefer programmatic control, Gmail’s filters provide powerful automation. Create a filter by clicking “Create a new filter” and specify the conditions that match emails you want to forward. When configuring the filter action, select “Forward it to” and choose your destination address. This approach allows you to automatically forward emails based on sender, subject line, keywords, or any combination of criteria.

Here’s an example filter configuration for forwarding newsletters:

Matches: subject:(newsletter OR updates OR weekly)
Actions: Forward to your-real-email@example.com, Delete it

Fastmail

Fastmail, a privacy-focused email service, provides forwarding through its advanced rules system. Access Rules from the settings sidebar, then create a new rule. Select “If the message” conditions and choose “All messages” for blanket forwarding, or specify particular senders or domains.

The rule action should be “Forward to” followed by your target email address. Fastmail’s rule system supports complex conditions including time-based forwarding, folder-based rules, and multiple action chaining. You can even set up auto-responders or custom folder sorting alongside forwarding.

Custom Domain with Email Forwarding

For maximum control and privacy, consider using a custom domain with email forwarding. Services like Forward Email, ImprovMX, or Cloudflare Email Routing allow you to create catch-all forwarding addresses for your domain. This means you can generate infinite unique addresses on the fly.

To set this up, purchase a domain from any registrar, then configure the DNS records as provided by your forwarding service. Most services offer a simple TXT record verification process followed by MX record configuration pointing to their servers.

For example, if you own myprivacy.dev, you could use addresses like github@myprivacy.dev, twitter@myprivacy.dev, or newsletter@myprivacy.dev. All messages sent to these addresses forward automatically to your primary inbox.

Automating Forwarding with Custom Scripts

For advanced use cases, you can set up custom forwarding scripts using email handling libraries. Here’s a Python example using the imaplib module to fetch and forward emails:

import imaplib
import smtplib
from email.mime.text import MIMEText

# Configuration
IMAP_SERVER = 'imap.yourprovider.com'
SMTP_SERVER = 'smtp.yourprovider.com'
SOURCE_EMAIL = 'forwarding@yourdomain.com'
SOURCE_PASSWORD = 'app_specific_password'
DESTINATION_EMAIL = 'real@yourdomain.com'

def forward_unread_emails():
    mail = imaplib.IMAP4_SSL(IMAP_SERVER)
    mail.login(SOURCE_EMAIL, SOURCE_PASSWORD)
    mail.select('inbox')

    status, messages = mail.search(None, 'UNSEEN')
    email_ids = messages[0].split()

    for email_id in email_ids:
        status, msg_data = mail.fetch(email_id, '(RFC822)')
        raw_email = msg_data[0][1]

        # Create forward message
        msg = MIMEText(raw_email, 'plain')
        msg['Subject'] = f"FWD: {raw_email.decode().split('Subject: ')[1].split(chr(10))[0]}"
        msg['From'] = SOURCE_EMAIL
        msg['To'] = DESTINATION_EMAIL

        # Send forwarded email
        smtp = smtplib.SMTP(SMTP_SERVER, 587)
        smtp.starttls()
        smtp.login(SOURCE_EMAIL, SOURCE_PASSWORD)
        smtp.send_message(msg)
        smtp.quit()

        # Mark original as read
        mail.store(email_id, '+FLAGS', '\\Seen')

    mail.logout()

if __name__ == '__main__':
    forward_unread_emails()

This script connects to your forwarding mailbox, identifies unread messages, and forwards them to your real inbox while marking them as read. You can run this as a cron job or systemd timer for automated processing.

Best Practices for Forwarding-Only Email

When implementing forwarding-only email addresses, consider these practical guidelines. First, use unique addresses for each service or purpose. This makes it easy to identify the source of spam if your address gets compromised. Many services like Fastmail and Proton Mail support “plus addressing”—appending +tag to your email address to create infinite variations without additional setup.

Second, enable spam filtering at your forwarding destination rather than your alias. Since your forwarding address receives all incoming mail, it’s the primary target for spam. Let your primary inbox handle only the filtered results.

Third, consider using a dedicated password manager to store your forwarding account credentials, especially if you’re using custom scripts with API keys or app-specific passwords.

Finally, periodically audit your forwarding rules and delete addresses you no longer need. The fewer forwarding points you maintain, the easier it becomes to manage your email security.

Advanced Domain Forwarding Strategy

For developers who want maximum flexibility, registering a personal domain specifically for email forwarding provides unmatched control. Unlike free forwarding services that can disappear or be compromised, your domain remains under your control indefinitely.

Setting up email forwarding on a custom domain:

# 1. Register a short domain (yourinitials.dev, yourname.email, etc.)
# 2. Configure DNS records at your domain registrar

# Add MX record to your DNS:
# Type: MX
# Priority: 10
# Value: mail.forwardemail.net

# Add TXT record for SPF (allows forwarding service to send emails)
# Type: TXT
# Name: @
# Value: v=spf1 include:forwardemail.net ~all

# Add DKIM record for signed emails
# Type: TXT
# Name: default._domainkey
# Value: [provided by forwarding service]

# Verify domain setup
dig yourdomain.com MX
dig yourdomain.com TXT

Once your domain is configured, create catch-all forwarding:

# All emails to any address @yourdomain.com forward to your real email:
# github@yourdomain.com → real@gmail.com
# twitter@yourdomain.com → real@gmail.com
# newsletter@yourdomain.com → real@gmail.com

# Create infinite unique addresses on the fly
# No separate setup required for each new address

This approach is superior to email alias services because:

  1. You maintain full DNS control
  2. Forwarding continues even if the service is compromised
  3. You can migrate forwarding services without changing addresses
  4. You can receive replies (some services block this)

Forwarding with Proton Mail and ProtonPlus

Proton Mail offers a particularly privacy-friendly forwarding setup through ProtonPlus subscription. Unlike consumer email services that track your behavior, Proton doesn’t log IP addresses or build behavioral profiles.

# Proton Mail forwarding setup:
# 1. Create multiple email addresses under ProtonPlus
# 2. Each address can have forwarding rules
# 3. Use Proton Mail's native encryption for sensitive forwarding

# Example: Combine forwarding with encryption for sensitive services
# contact@yourdomain.com → forwarding address
# forwarding address → encrypted to your main Proton inbox

For maximum security, consider using Proton Mail’s forwarding combined with their VPN to mask your location when accessing the forwarding inbox.

Spam Filtering and List Management

A critical challenge with forwarding-only addresses is that they become spam targets. Implement aggressive filtering at multiple levels:

# Advanced spam filtering rules for forwarding addresses
class ForwardingSpamFilter:
    def __init__(self, destination_email):
        self.destination = destination_email
        self.spam_rules = []

    def add_spam_filter(self, rule_type, patterns, action='delete'):
        """
        Define rules to prevent spam reaching your real inbox.
        """
        self.spam_rules.append({
            'type': rule_type,
            'patterns': patterns,
            'action': action  # 'delete', 'block', 'archive'
        })

    def apply_filters(self, incoming_email):
        """
        Check incoming email against all rules before forwarding.
        """
        for rule in self.spam_rules:
            if rule['type'] == 'sender_domain':
                # Block entire domains known for spam
                if any(domain in incoming_email.from_addr
                       for domain in rule['patterns']):
                    return rule['action']

            elif rule['type'] == 'subject_keywords':
                # Block emails with spam keywords
                if any(keyword.lower() in incoming_email.subject.lower()
                       for keyword in rule['patterns']):
                    return rule['action']

            elif rule['type'] == 'size_limit':
                # Block unusually large emails (common spam vectors)
                if incoming_email.size > rule['patterns'][0]:
                    return 'block'

            elif rule['type'] == 'html_detection':
                # Block emails with excessive HTML (phishing vector)
                if incoming_email.html_complexity > rule['patterns'][0]:
                    return 'block'

        # Email passes all filters
        return 'forward'

Implement these rules at the forwarding service level before they reach your real inbox:

# Gmail filter example: Block common spam patterns
# Create a filter matching: from:(@payday-loans.ru OR @crypto-wallet.io)
# Action: Delete it

# Fastmail rule example: Block based on sender reputation
# Create rule: If message has SPAM_SCORE > 0.8
# Then: Delete it, Skip inbox

# Custom domain forwarding: Use service's advanced rules
# Block if: Sender not in whitelist AND List-Unsubscribe header missing
# Action: Archive to spam folder

Monitoring and Auditing Forwarding Activity

Keep detailed records of which services have which forwarding addresses. This helps you identify which company sold or leaked your information when spam targeting increases:

import json
from datetime import datetime

class ForwardingAddressTracker:
    def __init__(self):
        self.addresses = {}

    def register_address(self, service_name, address):
        """
        Track which address is used for each service.
        """
        self.addresses[service_name] = {
            'address': address,
            'registered_date': datetime.now().isoformat(),
            'status': 'active',
            'incident_reports': []
        }

    def report_spam_incident(self, service_name, spam_count, source=None):
        """
        Log unusual spam activity targeting specific address.
        Indicates potential data leak.
        """
        self.addresses[service_name]['incident_reports'].append({
            'date': datetime.now().isoformat(),
            'spam_count': spam_count,
            'source': source,
            'severity': 'high' if spam_count > 50 else 'medium'
        })

    def identify_leaky_services(self):
        """
        Flag services with high incident counts.
        Strong signal of data selling or poor security.
        """
        suspicious = []
        for service, data in self.addresses.items():
            incident_count = len(data['incident_reports'])
            total_spam = sum(r['spam_count']
                           for r in data['incident_reports'])

            if incident_count > 3 or total_spam > 100:
                suspicious.append({
                    'service': service,
                    'incidents': incident_count,
                    'total_spam': total_spam
                })

        return suspicious

    def save_audit_log(self, filepath):
        """
        Persist audit log for GDPR/CCPA requests.
        """
        with open(filepath, 'w') as f:
            json.dump(self.addresses, f, indent=2)

# Usage
tracker = ForwardingAddressTracker()
tracker.register_address('GitHub', 'github@yourdomain.com')
tracker.register_address('Twitter', 'twitter@yourdomain.com')

# After observing spam spikes
tracker.report_spam_incident('GitHub', 75, 'Dark web offers')
tracker.report_spam_incident('GitHub', 42, 'Phishing attempts')

# Identify which service likely leaked data
print(tracker.identify_leaky_services())

Use this tracker to inform your decisions about which services deserve your real contact information and which are too risky.

Recovery and Deletion Procedures

When a forwarding address is compromised, having a clear recovery procedure minimizes damage:

  1. Immediate quarantine — Stop forwarding to your real inbox
  2. Notification — Email the service explaining the compromise
  3. Evidence collection — Save spam logs as documentation
  4. Address deletion — Remove the compromised address from the forwarding service
  5. Replacement — Create a new address for future use with that service
  6. Data request — Submit GDPR/CCPA request to the service to understand the breach
#!/bin/bash
# Emergency forwarding address shutdown script

COMPROMISED_ADDRESS="breached@yourdomain.com"
FORWARDING_SERVICE="your-provider.com"

# 1. Disable forwarding
curl -X DELETE "https://${FORWARDING_SERVICE}/api/forwards/${COMPROMISED_ADDRESS}" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# 2. Log the incident
echo "$(date): $COMPROMISED_ADDRESS compromised" >> forwarding_incidents.log

# 3. Create replacement
NEW_ADDRESS=$(uuidgen)@yourdomain.com
curl -X POST "https://${FORWARDING_SERVICE}/api/forwards" \
  -d "address=${NEW_ADDRESS}&destination=your-real@email.com" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

# 4. Update service with new address
echo "Update your account at service.com to use: $NEW_ADDRESS"

# 5. Monitor for continued abuse
echo "Monitoring for leaked address abuse..."

Integration with Password Managers

Store your forwarding email setup in a password manager alongside service credentials. This provides:

  1. Centralized tracking — See which address is used for which service
  2. Quick generation — Generate and store new addresses systematically
  3. Backup access — Recover address information if forwarding service is compromised
  4. Sharing with trusted contacts — Give family members access to critical forwarding addresses
{
  "service": "GitHub",
  "email": "github@yourdomain.com",
  "category": "development",
  "created": "2026-03-15",
  "risk_level": "medium",
  "notes": "Monitor for leaks; GitHub has good security"
}

Forwarding vs. Email Aliasing: When to Use Each

Use forwarding addresses when:

Use traditional email aliasing when:

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides