Sending Anonymous Email Messages

Careful use of modern tools helps to protect the privacy of your emails

A person holding up a blank sheet of paper.

Jiraporn Gurle/EyeEm / Getty Images

You cannot remain anonymous on the internet. The best you can do is make it hard for people to trace you. To make the best use of procedures and tools that send quasi-anonymous emails, it's helpful to understand a few internet basics. Here's a review of basic network principles and strategies to hide your email's point of origin.

You cannot remain anonymous online all the time. People or websites that suggest the contrary are fooling you. Always assume that, given adequate time and resources, someone will be able to track your online activity.

How and Why You're Identified Online

The reason you cannot be totally anonymous is that the internet was designed to be decentralized. Originally, the internet was a communications project of the U.S. Department of Defense. Its architecture was intended to survive a nuclear confrontation with the Soviet Union. As such, each node — a collection of servers — could connect to any other node, and the network would survive the loss of one or many nodes.

To facilitate that decentralized communication pathway, the basic protocols governing how the internet works require that the discrete packets of information that move around cyberspace contain specific information about the source and the destination of that packet. Because a packet must always trace to its source, it's possible to go backward in the chain of custody from the packet destination to the origin.

You can't reroute internet traffic. A server will not accept an inbound message unless it presents the necessary identifying information.

There's no way around this architecture, but there are steps that make it difficult for the final destination of a packet (for example, the recipient of an email) to trace the initial origin of that packet (for example, you).

How an Email Moves on the Internet

To understand how different approaches to anonymity work in the real world, explore how a typical email moves from the sender to its recipient.

Email diagram
  1. You compose a message: When you create a message, metadata is generated based on the email client. For example, Gmail logs your user ID. In Microsoft Outlook on a desktop computer, the message identifies Outlook as the mailing program. Bits of this metadata stay with the email; you may not even know that it's there.

  2. You send the message: The service provider that receives the email (your internet service provider, a library's servers, or the coffeeshop's ISP) stamps the message with your IP address and writes a log about your connected device. These server logs, which aren't attached to the email, track login credentials and the IP address and MAC address of devices. Although different people use the same local IP address at different times, your MAC address — a unique hardware identifier — positively identifies your device.

  3. Your ISP receives the message and forwards it to your email provider: Along the way, every server that handles the message stamps its fingerprint in the email message headers. In addition, the servers maintain logs separate from what's stamped on the headers.

  4. Your email provider forwards the message to the recipient's email provider: The recipient's mail provider (for example, Outlook.com, Gmail, or Office365) stamps the message with its fingerprints, then performs diagnostic scans on the headers and body of the email to determine whether to deliver the message to the end-user, reject it, or flag it as spam.

  5. Your recipient's ISP ferries the email to the local computer: The email either transmits as an object read in a desktop-class email program or viewed — by means of the ISP connection — in a browser window.

Check for yourself — open an email you've recently received and view the full headers in Gmail, in Outlook, or in another email program. The information in the headers traces the message to its origin, even if it's only IP addresses.

The Problem of Abusive Emails

Because people send spoofed, spammy, or malicious emails, email providers have grown sophisticated with processing algorithms. Several years ago, for example, it was straightforward to use an anonymous remailer service to send hard-to-trace emails. Nowadays, however, email providers have grown wise to these techniques and refuse to accept emails that lack essential identifying headers.

Technologies such as Sender Policy Framework; DomainKeys Identified Mail; and Domain-based Message Authentication, Reporting, and Conformance play a vital role in reducing abusive email:

  • SPF: This protocol confirms that the email servers in the message history are authorized to send messages from the message's domain. The DNS records for example.com includes an SPF record authorizing the IP address of the legitimate server to transmit mail on example.com's behalf. If there's a mismatch between the address and the server's SPF record, the message is presumed false and discarded.
  • DKIM: This protocol works like SPF, but instead of relying solely on DNS records, it also uses a public-key signature to ensure that messages are legitimate.
  • DMARC: This protocol works with SPF or DKIM to provide instructions to the receiving server about what to do if a message fails an SPF or DKIM check.

These technologies confirm that the server originating an email is known, trusted, and plays by the rules and that messages purporting to come from those servers are presumed legitimate. When messages fail to pass these tests, inbound servers tend to reject them or mark them as junk, in accordance with the source server's DMARC instructions. As such, anonymous email techniques that formerly worked well are now, in many cases, undeliverable. So you can send an anonymous email but your recipient may never see it.

Use Cases for Hard-to-Trace Emails

Knowing that every packet is logged many times from its source to its destination, it's logical to conclude that sending truly anonymous emails is an exercise in futility.

To the extent that there's really no such thing as a perfectly untraceable email given the way the internet is designed, it's true that you are theoretically wide open to discovery. If you engage in child sex trafficking, terrorist activities, massive financial crimes, or similar behaviors, some large and sophisticated government organizations will pay close attention to your digital footprint.

Don't fall victim to conspiracy theories about the government reading your emails. Level-set your privacy needs against the relative difficulty of reconstructing the chain of IP addresses that identify you. If you want to send anonymous love notes to a secret crush, don't hide your trail. Use a web-based remailer, because your crush isn't equipped to break into that remailer's server logs.

Perfectly untraceable isn't the same as practically untraceable. For sending anonymous messages to journalists, friends, co-workers, or companies, and in the absence of evidence of illegality that might prompt subpoenas of server-level records, you can send messages that can't be sourced back without the use of intelligence-gathering toolkits.

  • Use an email alias: Although an alias ties to your real email account, you can set an alternative address and From name. Creating aliases in Gmail and Outlook.com is easy. If all you're doing is creating a throw-away identity for use on Craigslist or a dating site, you'll be anonymous enough that an average person cannot re-identify you, and you won't have to deal with different accounts, servers, or complicated login procedures.
  • Use a disposable email address: Disposable addresses offer two-way messaging and don't look like they came from your normal address. They're good for website registrations and the like — enough to offer a privacy buffer, but likely re-identifiable at a server level. However, you may experience deliverability problems with these solutions as part of a broader anti-spam framework.
  • Use a one-way web-based remailer: Tools such as AnonymousMail.me and the W3 Anonymous Remailer offer a simple form — complete it and send the message. These services are a step up from disposable addresses and account aliases. For a one-time or limited-use need, such as whistleblowing, they represent a good compromise between complexity and privacy.
  • Use a server that strips headers and keeps no logs: Secure email services offer a host of tools (sometimes hosted in countries with strict data-privacy laws) that feature encryption, header stripping, and related tools that protect your privacy relative to the recipients of your messages. For people with a regular need for private messaging, services such as Hushmail and ProtonMail offer a good starting point.
  • Aim for privacy through obscurity: Because IP address logs are the main method of tracking, use a virtual private network. VPNs create an encrypted tunnel between your device and the VPN server. All internet traffic from your device routes through the VPN server, thus limiting IP tracking. VPNs aren't perfect, insofar as some VPNs maintain logs about what you do, but they're a good solution.

Privacy experts recommend The Onion Router (Tor), a system for anonymous, private web browsing. With the Tor browser bundle, your network traffic routes through many different, encrypted tunnels — thus blocking the capture of IP addresses. Tor is solid, although it's not perfect; the IP addresses moving into and out of the Tor system are, in principle, loggable and the U.S. government, in particular, has devoted much time and interest into hacking Tor. But it remains one of the best tools for sandblasting the IP-level logs that trace back to you. To improve your privacy, use Tor in combination with other strategies to defend against re-identification.

Although it's excellent practice to use encrypted connections everywhere possible, encryption protects the contents of a message from inspection as it passes along the internet. Apart from the unique tunneling approach of Tor, nothing about encryption inherently hides the chain of IP addresses between your computer and your recipient's email server — in other words, outside of Tor, encryption is mostly irrelevant to anonymity.