Firefox Relay may not be as useful as you thought

Close up of a person touching an email icon.
(Image credit: Geralt / Pixabay)

A major debate has erupted online after Firefox's Relay offering was nearly added to a list of "burner" email services.

There is a list on the GitHub repository, with hundreds of burner email services, used by many service providers to prevent customers from using such tools  (such as, for example, 10minutemail) to register an account, and force them into using legitimate emails.

Companies do this for a number of reasons - to prevent abuse (someone might register hundreds of accounts to take advantage of a free offer), or to ensure that the service provider’s mailing list is useful.

Burner emails

Users, on the other hand, enjoy burner emails as they allow them to register for a service without having to sign up for a mailing list and receive multiple promotional emails every day. 

Recently, a co-maintainer of the list suggested that the “relay.firefox.com” domain be added to the list, prompting a major discussion on the forums, and drawing the attention of the media.

Relay is Firefox’s email privacy service, giving users free email aliases to use whenever they want to sign up for an online account anywhere. According to Mozilla, Relay’s goal is to preserve the privacy of its users’ email addresses, and comes as both a free service, and a paid Premium service.

Turning anti-abuse measures into weapons

Firefox Relay works by sending and forwarding email messages from the alias address to the primary email address. Besides the five free aliases, users are also allowed to get up to 150kb attachments.

Unlike burner emails, these aliases do not disappear unless deleted by the user, and are perceived by the users as “purely a privacy tool”.

"My reasoning on including this is that an email with a mozmail domain is never going to be a primary email and is always going to forward to some other address," the co-maintainer, Dustin Ingram, explained.

But some people weren’t buying it. A GitHub user going by the alias worldofgeese said the GitHub repo “looks like it’s used, or can potentially be used, as a weapon by providers trying to rob users of one of the few defenses they have to their email address leaking, a scarily common occurrence, which are then weaponized by bad actors to flood those users' inboxes with spam.”

“Can you not do this? You look like extremely bad actors. Please don't contribute to an unsafe internet. I use Private Relay to protect my personal mail address, not as a tool for spam. I'm not even sure how a user would use Private Relay for spam, as users cannot begin email chains with a Relay address, only respond to mails delivered to those addresses.”

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.