Privacy-First Email Aliases with Virtual Private Email (VPE)1
The Problem
Your email address is out there. You gave it to a store once, and now you get sale emails every week. You signed up for a service years ago, and your address turns up in breach notifications. One company sold your data, and now you cannot trace where the spam is coming from. Every time you hand your real email address to anyone - a website, a business, a contact form - you create a connection you cannot undo.
The problem compounds over time. Data brokers aggregate addresses from breaches, purchases, and public sources. The more places your address appears, the more it will continue to appear. A single leaked address can propagate to hundreds of spam lists within weeks.
EMail Parrot gives you a different way to operate. Instead of one email address that goes everywhere, you use a unique alias for each contact or service. Each alias passes everything through a full security screening layer before anything reaches your real inbox. When you reply, the reply goes out through the same alias - not from your real address. Your real inbox stays invisible to the outside world.
The Core Idea: One Alias Per Contact
Think of each alias as a separate phone line that forwards to your real phone. You give the store one number. You give the doctor a different number. You give a friend a third number. They all ring your actual phone, but each line is separate.
With EMail Parrot, each alias is a sublist - a named address that routes to the real email address behind it. You create as many as you need. There is no limit.
Why one per contact? Because if a store sells your address to a data broker, you know exactly which store it was. You can turn off that one line without affecting anything else. Your real address is never in the picture.
The base list address and aliases. When you set up EMail Parrot you get a list address - something like mylist@emparrot.com. That is not the address you give out. You create aliases (sublists) off of it: amazon.mylist@emparrot.com, doctor.mylist@emparrot.com, and so on. The list address is your private root. Aliases are what the outside world sees. Think of the list address like the back office - it exists, but customers do not have that number.
Zero-Effort Aliasing: Receive First, Set Up Later
You do not always have time to create an alias before you need one. EMail Parrot handles this with a useful fallback: if someone sends email to an alias address that does not exist yet, the message is not lost. It is delivered to the list admin with a subject prefix of [No List Match]. You receive it, you can read it, and you can decide whether to create that sublist properly.
This means you can give out any alias on the fly - newvendor.mylist@emparrot.com, conference2026.mylist@emparrot.com, anything - without setting it up first. For receive-only contacts (newsletters, one-time order confirmations, services where you will never reply), you may never need to set them up at all.
The one limitation: to reply through an alias, the alias must be properly configured as a sublist. If you will need to reply, create the sublist after you receive the first message.
Screening: What Gets Stopped and What You Can Configure
Every message arriving at any of your aliases passes through EMail Parrot’s processing before delivery. Some of this screening is not optional. Some of it can be adjusted.
Always on - virus scanning and hard spoofing failures. Every attachment is scanned before delivery. Dangerous file types are removed automatically. Messages that fail hard spoofing checks - where the claimed sender demonstrably does not match the sending infrastructure - are blocked outright. These two protections cannot be disabled.
Active tracker removal. Many emails contain elements that fire the moment the message renders in your email client. Tracking pixels - small invisible images - report back to the sender that you opened the email, when, and on what device. Fonts and CSS stylesheets loaded from remote servers have the same effect: each one is a network request that reveals your IP address, your timing, and your approximate location. EMail Parrot strips these remote content references before delivery.
Passive trackers do not fire automatically but are designed to identify you when you interact or when the email travels onward. Tracked links are the obvious case - the URL embeds campaign parameters that report who clicked and when. But identifiers can be hidden in less obvious ways: tiny-font text, white-on-white content invisible to the eye, inline attachment names, and even the structural boundary markers that separate sections of the email’s format can all carry unique codes tied to your copy of the message. These matter because forwarding is a path back to the sender - if you pass the email along and the next person opens or clicks something, the embedded identifiers phone home. Large email providers are the most likely to track at this level because they have the analytics infrastructure to make use of it. EMail Parrot strips tracking parameters from URLs and appends the original URLs as a plain-text attachment, so you retain access to anything you actually need - unsubscribe links and the like - without the surveillance payload.
Spam filtering and other content screening can be adjusted through your list settings. The virus scanning and hard spoofing blocks are the non-negotiable floor.
Replying Works From Your Existing Inbox
When someone emails one of your aliases, the message arrives in your real inbox as normal. When you hit Reply, EMail Parrot routes your reply back out through the same alias. The recipient sees a reply from your alias address - not from your real address.
You do not need a new app. You do not change your email client. You just reply normally.
Watch your signature. Most email clients automatically append a signature to every reply - your full name, title, phone number, maybe your address. If your reply goes out through an alias and your signature contains identifying information, the alias protection is undermined. With personal aliases this means you personally are identifiable. When multiple people share an alias, a signature that says “Jane Smith, Operations” breaks the shared identity entirely.
Before relying on alias protection, check that your email client is not appending a signature to replies, or create a separate reply identity with a blank or generic signature.
More Than One Real Address Behind an Alias
An alias can route to more than one real email address. Anyone behind that alias can reply, and the reply goes out through the alias.
A practical example: you and a partner share a household alias - bills.mylist@emparrot.com - that both of your real inboxes receive. Either of you can handle a bill payment question and reply. The utility company never knows whether they are talking to you or your partner. They see one address. You share the workload.
Another example: a small side project where two people need to respond from the same address. Both are behind the alias. Either can handle incoming mail. It looks like one entity to the outside.
One person in an online privacy forum described this capability as “dope” - and it is, once you start using it this way. The signature discipline above is especially important in the multi-person case.
Header Scrubbing and Network Mapping
Email messages carry more than visible content. The headers - the envelope information attached to every message - can contain your IP address from the moment of sending, your email client version, and identifiers that link messages together across a thread.
EMail Parrot removes identifying headers when it relays your mail. The message that leaves the relay toward the recipient carries the relay’s infrastructure headers, not yours.
Two specific headers worth understanding:
Message-ID. Every email is assigned a unique identifier when it is sent. Some email providers construct this identifier in ways that include user-specific information - an account identifier, a username, or a hash that is consistent across all messages from that account. EMail Parrot replaces the original Message-ID with one generated by the relay.
References. The References header is how email clients build threaded conversations - each reply lists the Message-IDs of previous messages in the chain. Because the relay has replaced all Message-IDs in prior messages, the References chain contains only relay-generated identifiers. An outside party examining the thread cannot use the References chain to correlate your messages with messages you sent from your real address in other contexts.
Why Use emparrot.com Addresses Instead of Your Own Domain
EMail Parrot supports custom domains. If you own a domain, you can create aliases at that domain. There is a reason to think carefully about this for personal privacy use.
When you register a domain, your name and contact information are recorded with the domain registrar. Even with WHOIS privacy services, that information exists in the registrar’s records. Domain registration creates a paper trail that a motivated party can follow.
An @emparrot.com address has no such trail. The visible part of the address - amazon.mylist@emparrot.com - contains no information about who you are.
For personal privacy purposes, the emparrot.com address is cleaner. Custom domains make more sense for businesses or situations where the branded address is the point.
Bringing Your Existing Address Into the System
If you have an established email address that contacts already use, you do not have to abandon it immediately. You can set up auto-forwarding from your current address to your EMail Parrot list. Incoming mail that arrives at your old address gets forwarded into the relay, screened, and delivered to you.
Several major providers support auto-forwarding at no cost: Gmail, Outlook/Hotmail, and Apple iCloud all allow forwarding to an external address in their free tiers. Yahoo Mail discontinued free forwarding in 2021 and now requires a paid Yahoo Mail Plus subscription.
If your current provider does not support forwarding, third-party services can bridge the gap. SimpleLogin, addy.io, and ImprovMX all provide alias-and-forward services that can route mail from your existing domain into your EMail Parrot list.
Encryption at Rest
EMail Parrot protects email as it passes through the relay. For protection of stored email in your inbox, that depends on your email provider.
Proton Mail stores email using PGP-based encryption where the keys are tied to your account. Proton also supports OpenPGP, meaning you can use your own PGP key pair or Proton-generated keys that work with standard PGP tools. Proton Bridge lets you use Proton Mail with a standard desktop email client like Thunderbird or Apple Mail while keeping encryption active.
Tuta (formerly Tutanota) encrypts the entire mailbox using its own proprietary system. The protection is strong within the Tuta ecosystem, but Tuta does not support standard PGP or OpenPGP - you cannot bring your own key pair.
mailbox.org takes a more open approach. It supports standard IMAP and SMTP, works with any email client, and allows full user-managed GPG key pairs. You can generate your own key, upload the public key to mailbox.org, and retain the private key entirely outside their systems.
All three are reasonable choices as the real address behind an EMail Parrot relay. The right one depends on how much you want to rely on the provider’s key management versus managing keys yourself.
When an Alias Attracts Spam
If a business is breached or sells your data, the alias address you gave them starts receiving spam. Because the spam arrives at a specific alias, you know exactly which party was the source.
The ideal response would be to block that alias outright. EMail Parrot’s current behavior is that messages to an unknown or deleted sublist still route to the admin with a [No List Match] subject prefix rather than being rejected at the door. A blocked-sublists feature is on the development roadmap.
The practical workaround in the meantime: rather than deleting the compromised alias, redirect it to a dedicated throwaway address - a free account used as a spam sink. Change the sublist so that it routes to that address instead of your real inbox. Mail to the burnt alias keeps arriving, but lands in the throwaway rather than reaching you. You can check the throwaway occasionally for anything legitimate before cutting ties completely.
The Habits That Make This Work
Never give out your real email address. Not to stores, not to services, not to sign-up forms. Always use an alias. The extra thirty seconds is worth it every time.
Never give out your base list address. The list address is your private root. Aliases are what the outside world sees. Handing out the list address bypasses per-contact tracking and makes leak detection harder.
One alias per meaningful contact. Services in the same category can share an alias if you do not care which one leaked. For contacts that matter - a financial institution, a medical provider, a specific ongoing business relationship - give each one its own alias.
Name aliases to help you, not to tell the world about you. doc rather than dr-smith-cardiology. bank1 rather than chase-checking. The alias name is visible to outside parties as part of the address. Keep it opaque.
Check your signature before replying. The alias is only as private as the content you put in it. A signature with your full name, phone number, or address defeats the purpose.
Frequently Asked Questions
Do I need to change my email address or switch providers? No. EMail Parrot works with whatever email address and client you already use. You add a relay layer on top - your real inbox stays where it is. Messages arrive and replies go out through your existing account exactly as before.
How many aliases can I create? There is no limit on the number of sublists (aliases) on a list. You can create one per contact, one per service, one per life category - as many as your situation calls for. Creating a new alias takes about thirty seconds in the admin panel.
Will someone I email know their message is going through a relay? They see your alias address as the sender and Reply-To. There is no indication in the message that a relay is involved. To a recipient your alias looks and behaves like a normal email address.
What do I do when an alias starts receiving spam? Because spam arrives at a specific alias, you know exactly which party leaked or sold the address. Redirect that alias to a throwaway account to keep spam out of your real inbox, then give the sender a new alias if you still want to hear from them. Your real address is never exposed and your other aliases are unaffected.
Can I send email through an alias to someone I have not heard from before?
Yes. For outbound contact you use the VPE address format: +recipient=at=theirdomain.com+youralias@emparrot.com. The address conversion tool generates this for you. The recipient sees your alias as the sender and replies route back through the relay automatically.
I already have contacts who know my real address. Can I still use EMail Parrot? Yes. Set up auto-forwarding from your existing address into your EMail Parrot list. Mail from existing contacts arrives through the relay and gets screened. You can gradually move contacts over to alias addresses while continuing to receive from anyone who has your old address.
See Also
- EMail Parrot for Families - protecting dependent family members with caregiver oversight
- EMail Parrot for Business Teams - contractor teams presenting under a company brand
Getting Started
The setup for personal privacy use is simple: one list, VPE enabled, you as the only member. Create aliases as you need them.
For step-by-step configuration: Personal Privacy Shield setup guide
Use the address conversion tool to generate VPE-format addresses when initiating contact with outside parties.
Create a free list at emparrot.com/admin/create_account. The first 30 days are free with no credit card required.
Pricing
| Option | Cost |
|---|---|
| Per list on emparrot.com | $5/month |
| Custom domain (unlimited lists) | $10/month |
No per-seat fees. No software to purchase or install. Volume surcharges apply above 5,000 email deliveries or 5 GB delivered per month across your account.
Questions: info@emparrot.com
VPE is patent pending (USPTO Application No. 19/377,461). ↩︎