SME Security - Malware Protection For Australian Businesses
Practical cybersecurity defensive measures for busy small and medium enterprises (SME)

Cyber Security Awareness Training

The Cybersecurity Blog

Are Dynamic Email Aliases Good for Your Business’ Security?

Google and Microsoft webmail support the use of dynamic email aliases (DEA). DEAs allow us to create aliases of our original email address on-the-fly. DEAs are really useful for extending the security and hack resilience of our password protected accounts because they allow us to create unique email addresses and so unique user IDs.

DEAs work like this…

Say our email address is p13man@gmail.com. We can use dynamic aliasing to create lots of variants of this address by adding in a + (plus) sign and a number immediately after the user name.

For example, all the following aliases are valid email addresses, and all of them will be routed to the inbox as if they were plain old p13man@gmail.com

We recommending the use of DEAs when signing up for online accounts that require an email address as the User ID. When used in combination with strong and unique passwords, DEAs make guessing your credentials much more difficult and your accounts much more resistant to attacks such as brute-forcing or credential stuffing.

Q: Which email providers support DEAs?
A: Google’s gmail and Gsuite support DEAs as does Microsoft’s Hotmail and Outlook web mail.

If you want to check to see if your email system supports DEAs, just send yourself an email using an alias of your existing email address. If the message gets delivered, then DEAs are going to work for you. If the delivery fails, then you’re out of luck. If it’s the latter, then you need to be especially careful to use unique passwords. You are one of many that is securing their important and sensitive account with 0.5 factor authentication.

Simon GibbardComment