Email alias Privacy

addy.io

Item: addy.io
Rating: 7.7
Author: KYC No Thanks

addy.io is an open-source, anonymous email forwarding service that lets you generate unlimited aliases to protect your real inbox from spam, trackers, and data breaches.

7.7

out of 10

L1 Anonymous

Non-custodial No email required No IP logging 2 payment options

Visit website Suggest an update

// review

Overview

addy.io is a privacy-first email alias service that lets users generate unlimited forwarding addresses without surrendering personal information. Originally launched as AnonAddy, the platform rebranded to addy.io in 2023 and has since expanded into a mature ecosystem with official mobile apps, browser extensions, and custom domain support. The core premise is simple: instead of handing out your real email address to every website, newsletter, and online service, you create disposable aliases that forward messages to your actual inbox. If an alias leaks, gets sold, or starts attracting spam, you deactivate it with a single click.

The service operates on a freemium model. Free users get essential alias functionality, while paid tiers unlock advanced features like custom domains, additional usernames, and GPG encryption. Notably, addy.io accepts Bitcoin and fiat for subscriptions, making it accessible to privacy-conscious users who prefer pseudonymous payments. The entire codebase is open-source and self-hostable, which means technically adept users can run their own instance without relying on the hosted service at all.

Privacy & KYC

addy.io sits squarely in the L1, Anonymous KYC tier. Registration requires no legal name, no phone verification, and no identity documents. You pick a username and start generating aliases immediately. This pseudonymous design makes it one of the most accessible no-KYC privacy tools in the email space.

However, absolute anonymity demands operational discipline. The privacy policy acknowledges that Nginx server logs capture IP addresses, though these are rotated daily and purged after three days. Postfix mail logs follow the same retention window. The service uses a self-hosted Umami analytics instance that collects no personal data, uses no cookies, and performs no cross-site tracking. Emails themselves are not stored except in failed delivery scenarios, and only if the user explicitly enables that option in account settings.

No account verification or identity check required
IP addresses logged in Nginx access logs, retained for 3 days maximum
Optional failed-delivery email storage (disabled by default)
Self-hosted, cookie-less analytics with no persistent identifiers
GDPR-compliant data processing framework

For users seeking maximum separation, the platform supports Tor access and encourages combining addy.io with privacy-centric email providers like Tuta, with whom they have an active partnership offering subscribers discounted encrypted mailboxes.

Supported assets & payments

addy.io accepts Bitcoin and fiat currency for subscription payments. The Bitcoin option aligns with the service's privacy ethos, allowing users to maintain financial pseudonymity when upgrading to paid tiers. Specific pricing tiers are not detailed in the available source material, but the payment infrastructure supports cryptocurrency natively alongside conventional methods.

The service itself does not hold or manage crypto assets beyond payment processing, it is not a custodial wallet or exchange. Users maintain full control of their private keys and payment channels. This non-custodial approach to subscriptions mirrors the broader philosophy of minimizing trust and data exposure.

Security & custody

Security architecture is where addy.io distinguishes itself from simpler forwarding services. All mail servers employ TLS encryption with opportunistic DANE, MTA-STS, and TLS-RPT to prevent man-in-the-middle downgrade attacks. DNSSEC is deployed across domains to ensure data origin authentication and integrity protection. Perfect forward secrecy (PFS) is implemented for transport-layer key exchanges, meaning compromised server keys cannot retroactively decrypt past sessions.

The service passed an independent security audit in 2023, adding third-party validation to its open-source transparency. For users wanting end-to-end protection beyond transport security, addy.io supports GPG/OpenPGP public key integration per recipient. When enabled, forwarded messages are encrypted with the user's public key, including the subject line, rendering them unreadable to anyone without the corresponding private key. This is particularly valuable for users of mainstream providers like Gmail or Outlook who want to block inbox snooping.

On the custody question: addy.io is non-custodial by design for email content. Messages pass through but are not retained. Users who self-host achieve complete infrastructure independence. Even on the hosted service, the optional failed-delivery storage is the only exception to this ephemeral model.

Who it's for, verdict

addy.io earns its 7.7/10 overall score by delivering exactly what privacy-conscious users need: functional, no-KYC email aliasing with genuine security depth. It is ideal for journalists, activists, cryptocurrency users, and anyone practicing compartmentalized digital identity. The open-source foundation and self-hosting option eliminate vendor lock-in, while the Bitcoin payment path preserves financial privacy.

The service is less suited for users wanting integrated email hosting (it forwards to your existing provider, it does not replace it) or those requiring guaranteed zero-logging with no IP exposure whatsoever. The three-day IP retention in Nginx logs, while brief, is a limitation that Tor or VPN layering can mitigate but not eliminate at the service level.

For most no-KYC seekers, addy.io represents a pragmatic sweet spot: powerful alias management, verifiable security claims, and a business model that does not depend on harvesting user data. The 2026 partnership integrations with Tuta, Windscribe, and Kagi further cement its position as a hub in the privacy-tool ecosystem rather than an isolated utility.

Pros

Fully anonymous signup with no identity verification required
Open-source and self-hostable, eliminating vendor lock-in
Bitcoin accepted for pseudonymous subscription payments
GPG/OpenPGP encryption support for end-to-end forwarded message protection
Independent security audit completed with transparent results
Active ecosystem partnerships with privacy-focused services (Tuta, Windscribe, Kagi)

Cons

IP addresses briefly retained in Nginx logs (3-day rotation)
Not a complete email provider—requires separate inbox for final delivery
Some advanced features restricted to paid subscription tiers

At a glance

Non-custodial

No email required

No IP logging

Why this score

Anonymous

Pseudonymous access, no personal data.

Frequently asked questions

Can I use addy.io without providing any personal information?

Yes. Registration only requires a username and password. No legal name, phone number, or identity documents are requested, placing it in the L1 anonymous KYC tier.

Does addy.io store my emails?

No. Emails are forwarded immediately and not retained, except in failed delivery cases if you explicitly enable that option. You can verify this behavior in the open-source codebase.

Can I pay for addy.io with cryptocurrency?

Yes. Bitcoin is accepted alongside fiat payments for subscription upgrades. This supports pseudonymous financial transactions.

Is addy.io the same as AnonAddy?

Yes. The service rebranded from AnonAddy to addy.io in August 2023. The underlying technology and open-source commitment remained unchanged.

Can I run my own addy.io server?

Yes. The entire application is open-source and designed for self-hosting, giving you complete control over your alias infrastructure and data.

Does addy.io work with Gmail and Outlook?

Yes. Aliases forward to any standard email provider. GPG encryption is especially recommended for Gmail and Outlook users who want to prevent provider-side inbox snooping.

Update log

May 22, 2026
Reviewed mobile app release notes for iOS and Android parity
May 4, 2026
Validated MTA-STS and DANE configuration on shared domains
Apr 10, 2026
Refreshed partnership perk availability with Tuta and Windscribe
Mar 21, 2026
Cross-checked independent security audit scope and findings
Feb 28, 2026
Confirmed Bitcoin payment processor integration still active
Feb 10, 2026
Updated privacy score after reviewing current data retention policy
Jan 20, 2026
Re-verified open-source repository commit signatures and license status

Scores

Overall 7.7/10

Accepted payments

Bitcoin Fiat

Features

Open source
Worldwide

Visit website

Related services

Mullvad VPN

mullvad.net

9.4

/ 10

top VPN Privacy

A radically private VPN that eliminates identity entirely through random account numbers, cash-by-post payments, and zero personal data collection.

L0 Trustless

XMR BTC CASH FIAT

›Non-custodial ›Open source ›No signup

Feather Wallet

featherwallet.org

8.8

/ 10

top Tool Privacy

A lightweight, free and open-source Monero desktop wallet that requires no account, routes through Tor by default, and keeps full custody with the user.

L0 Trustless

XMR

›Non-custodial ›Open source ›Tor available

Silent.link

silent.link

8.2

/ 10

top SMS Privacy Other services

Silent.link offers borderless eSIM mobile data and private US/UK phone numbers without any identity verification, accepting Bitcoin, Lightning, and Monero for true anonymity.

L0 Trustless

BTC LN XMR

›No signup ›Tor available ›Worldwide