Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iCloud "Hide my Email" may be revealing forwarding email address

R

Rigby

macrumors 603
Original poster
Aug 5, 2008
6,257
10,215
San Jose, CA
I've been testing the new "hide my email" feature by sending emails back and forth with another email account I have. I generated an email address (let's say abc.cde.1a@icloud.com). Hide my email is configured to forward to, say, realmail@example.com. For testing purposes I'm sending a mail from the account testmail@example.com to the new alias abc.cde.1a@icloud.com.

The mail is properly forwarded to realmail@example.com, and has a From address that looks something like "testmail_at_example_com_gawefjaskdfhawiueh@icloud.com". This is an alias that you can use to reply to the forwarded email. But here's the kicker: if I actually reply to this email, the reply delivered to testmail@example.com contains a "Reply-to" header field with the actual forwarding address, i.e. realmail@example.com in this example, so the service has now revealed my real email address, which would be a massive flaw in my book.

Can anyone verify this?
 
0

0128672

Cancelled
Apr 16, 2020
5,962
4,783
I don't believe we can use the Hide My Email addresses to send from yet; we can only receive for now, so useful for logins. It's still in beta after all. It was being discussed in this thread:

forums.macrumors.com

iOS 15: How to Use Hide My Email

With the introduction of iOS 15, Apple rebadged its paid iCloud plans to "iCloud+" to reflect the fact that subscribers now get access to additional privacy features like Private Relay and Hide My Email. This article explains what Hide My Email is and how to use it. Hide My Email builds on...
forums.macrumors.com forums.macrumors.com
 
R

Rigby

macrumors 603
Original poster
Aug 5, 2008
6,257
10,215
San Jose, CA
WildSky said:
I don't believe we can use the Hide My Email addresses to send from yet; we can only receive for now. It's still in beta after all.
Click to expand...
It doesn't seem to be possible to originate an email from an alias, but you can reply to emails sent to the alias as I described above, and the service then uses the alias as the From address. But unfortunately it appears to also add a Reply-To header revealing the real forwarding address.

BTW, I see no indication in the settings that it's beta.
 
0

0128672

Cancelled
Apr 16, 2020
5,962
4,783
Rigby said:
It doesn't seem to be possible to originate an email from an alias, but you can reply to emails sent to the alias as I described above. But when you do, it seems your real address is revealed.
Click to expand...
Yes, that's the way it's working for now. I edited my post above to include a link to the longer discussion thread about Hide My Email where the sending from is discussed.
 
R

Rigby

macrumors 603
Original poster
Aug 5, 2008
6,257
10,215
San Jose, CA
WildSky said:
Yes, that's the way it's working for now. I edited my post above to include a link to the longer discussion thread about Hide My Email where the sending from is discussed.
Click to expand...
I'm aware, but I don't think anyone mentioned that it adds a Reply-to header with the user's real address when you reply to a forwarded mail. It would be great if someone could check if they see it too.
 
0

0128672

Cancelled
Apr 16, 2020
5,962
4,783
Rigby said:
It doesn't seem to be possible to originate an email from an alias, but you can reply to emails sent to the alias as I described above, and the service then uses the alias as the From address. But unfortunately it appears to also add a Reply-To header revealing the real forwarding address.

BTW, I see no indication in the settings that it's beta.
Click to expand...
You know, you're right about it not being beta. I responded too quickly and was thinking of Private Relay. Ooops.
 
0

0128672

Cancelled
Apr 16, 2020
5,962
4,783
I just tested this and the reply delivered has no header field for Reply To, only Return Path, which shows the correct Hide My Email address.

I see what the general confusion is about replying to a sender that sent to a Hide My Email address because the From field still shows one of the iCloud address (and the iCloud aliases), but as long as the reply chain isn't broken, it does send from the Hide My Email. I didn't realize it was actually working until now. At least I hope it is ...
 
Last edited:
R

Rigby

macrumors 603
Original poster
Aug 5, 2008
6,257
10,215
San Jose, CA
WildSky said:
I just tested this and the reply delivered has no header field for Reply To, only Return Path, which shows the correct Hide My Email address.
Click to expand...
Thanks for testing. I'll see if I can test it with another email account. I definitely see a Reply-To field with an Outlook.com account I used.
 
0

0128672

Cancelled
Apr 16, 2020
5,962
4,783
Rigby said:
Thanks for testing. I'll see if I can test it with another email account. I definitely see a Reply-To field with an Outlook.com account I used.
Click to expand...
Ah ok, maybe that's an Outlook thing then. I tested with Apple Mac (on my Mac in Monterey).
 
R

Rigby

macrumors 603
Original poster
Aug 5, 2008
6,257
10,215
San Jose, CA
WildSky said:
Ah ok, maybe that's an Outlook thing then. I tested with Apple Mac (on my Mac in Monterey).
Click to expand...
I don't mean the email client Outlook but the Outlook.com mail service (which I use with Thunderbird on a Mac). The outgoing reply mail sent by Thunderbird did not include a Reply-To field, so it must have been added by Apple.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom