Gmail plus addressing — the trick where name+anything@gmail.com still delivers to name@gmail.com — is the most common email-labeling tool in 2026, and the most misunderstood. It’s genuinely useful for internal filtering and tracking which service handed your address to whom. But it provides almost no privacy: stripping the +tag is a one-line regex, and every serious spammer and breach-broker does exactly that. An email alias is the alternative — a separate address that hides your real Gmail entirely. This guide walks through what each one actually does, where Gmail plus addressing is enough, and where a real alias is the only sensible choice.
What is Gmail plus addressing?
Gmail plus addressing is a Gmail feature — formally called subaddressing — that treats anything after a + in the local part of your address as ignored for routing. Mail to jane.doe+newsletter@gmail.com, jane.doe+amazon@gmail.com, and jane.doe@gmail.com all land in the same inbox owned by jane.doe. The full address — including the +tag — appears in the To: header of the delivered message, which means you can write Gmail filters that match on it: “if To contains +amazon, label as Shopping.”
The mechanism is standardised in RFC 5233’s Sieve Subaddress Extension and has been supported by Gmail since launch, by Outlook/Microsoft since around 2020, by Fastmail and Proton Mail natively, and by most modern mail servers. The convention is consistent: everything between the first + in the local part and the @ is treated as a routing-irrelevant label. Wikipedia’s overview of subaddressing covers the protocol details if you want the deeper history.
What Gmail plus addressing is not: a privacy feature. It is a labeling feature that happens to be visible to whoever you give the address to. The real Gmail account underneath the label is fully visible in the address itself — anyone who can read your address can read your real Gmail. That distinction is the entire content of this guide.
Gmail’s other addressing quirks: dots, case, and multiple tags
Plus addressing isn’t the only normalisation Gmail applies to local-parts, and a complete mental model needs the rest of the list. According to Google’s own documentation on Gmail addresses, four normalisations are equivalent at the routing layer:
- Dots are ignored.
j.a.n.e.d.o.e@gmail.com,jane.doe@gmail.com, andjanedoe@gmail.comall deliver to the same account. Spammers and brokers strip dots before storage just as routinely as they strip the+tag; the dot trick has never been a privacy mechanism. - Case is ignored.
Jane.Doe@gmail.comandjane.doe@gmail.comare the same address. RFC 5321 technically allows case-sensitivity in the local-part, but Gmail (and almost every modern mail host) normalises to lowercase. Don’t rely on case as a labeling mechanism. - Multiple
+separators collapse into one tag.jane.doe+amazon+receipts@gmail.comstill delivers tojane.doe@gmail.com, with the full labelamazon+receiptsintact in the To: header. The tag itself can contain almost any character — including additional+signs — without breaking delivery. - Empty tags work.
jane.doe+@gmail.comis a valid address. Some forms reject it; most accept it. It has no labeling value, but the existence of empty-tag delivery confirms that the+separator is genuinely cosmetic rather than load-bearing.
The combination of these normalisations means a single Gmail account has dozens or hundreds of textually distinct address forms — all of which collapse to one inbox. From a privacy standpoint, that’s worse than helpful: it means anyone with one form of your address can derive every other form trivially. From a labeling standpoint, only the +tag form actually preserves a distinguishable label, which is why plus addressing is the only one of the four normalisations that gets used as a labeling tool in practice.
What is an email alias?
An email alias is a separate address — usually something like amazon-2026@yourname.alias or chase@yourcustom.com — that forwards inbound mail to your real inbox. The alias is registered with an alias service (or hosted on your own custom domain), and from the sender’s perspective it looks like a normal email address. From your perspective, it lands in your real inbox like any other forwarded message, labeled by which alias delivered it. The key structural difference: the address you hand out is not the address you receive at, so the recipient never sees your real inbox.
Compared to a plus-tagged address, an alias adds three properties the +tag trick can’t provide: concealment (your real email isn’t visible), revocability (you can disable a leaked alias without affecting any other), and per-service segmentation (the alias name encodes which sender it belongs to, and detection of mail from anyone else is automatic). We covered the underlying mechanism in our what is an email alias explainer, and the day-to-day mechanics in how email aliases work under the hood.
The trade-off: an alias is a separate service to manage, and the address is longer/less memorable than a plain Gmail. For one-off interactions where you’d never think about either, plus addressing is faster. For anything you expect to use for years, the alias’s permanence is the entire point.
How Gmail plus addressing compares to email aliases
The honest head-to-head comparison sits across six dimensions. Three favour the alias, two favour the plus-tag approach, and one is a wash depending on use case. The table below is the snapshot; the rest of this post unpacks each row.
| Dimension | Gmail plus addressing | Email alias |
|---|---|---|
| Hides real email? | No — visible in the address | Yes |
| Setup effort | Zero — works out of the box | Account at an alias service + (optional) custom domain |
| Revocable? | No — disabling a tag breaks all mail to it permanently | Yes — disable just the leaked alias |
| Accepted at signup forms? | Mixed — many sites reject + in email | Yes — looks like any normal email |
| Leak attribution | Possible if the tag survives stripping (usually it doesn’t) | Automatic — sender domain on a labeled alias is the leak source |
| Cost | Free | Free tier available; Premium $4/month for advanced features |
Reading the table left to right: plus addressing wins on setup effort and cost, period. Aliases win on every dimension that matters once a leak actually happens — concealment, revocability, attribution, and form compatibility. The decision is not “which is better” — it’s “which use case is this, and does either dimension matter to me?”
Why Gmail plus addressing is trivially strippable
This is the central technical fact of the whole comparison: plus addressing provides labeling but no privacy, because removing the label takes a single regular expression. Every email-list aggregator, breach broker, and spam operation runs this regex on every address they collect. By the time your jane.doe+amazon@gmail.com hits a real list-broker pipeline, the broker is selling jane.doe@gmail.com — your real address — to whoever pays for it next.
The strip operation is one line of Python (or any language). The full normalisation a list-broker pipeline applies before deduplicating addresses typically looks like this:
local, _, domain = address.lower().partition('@')
local = local.split('+', 1)[0].replace('.', '')
canonical = f"{local}@{domain}"Three lines. Strip the tag, strip the dots, lowercase the whole thing. Every form of jane.doe+amazon@gmail.com, Jane.Doe@gmail.com, and janedoe@gmail.com collapses to the same canonical key. Anyone who reads addresses programmatically — which is to say, everyone in the marketing-data supply chain — has had this code since at least 2010. There is no countermeasure on Gmail’s side; the routing standard requires that mail to jane.doe+amazon@gmail.com deliver to jane.doe@gmail.com, which means the relationship between the two is public information by design.
The implications are the same ones EFF’s privacy guidance has been articulating for years: any “privacy” property that depends on attackers not running a trivial transformation isn’t a privacy property at all. Plus addressing fails this test by construction.
jane.doe+amazon@gmail.com reduces to jane.doe@gmail.com with one regex — no privacy protection survives the operation.What this means in practice: when a service you signed up for using a plus tag gets breached and your address ends up in a corpus on Have I Been Pwned, the corpus contains your real jane.doe@gmail.com — not the labeled version. The plus-tag bought you the ability to filter the original sender’s mail in Gmail. It did not buy you any meaningful protection against the post-breach reuse of your address.
A real email alias breaks this chain at step one: the alias address has no relationship to your inbox visible to any tag-stripping operation. Brokers can normalise the alias all they want; the normalised result is still the alias, and disabling the alias makes the broker’s database entry worthless. That structural difference is what makes alias-per-service the standard recommendation for any account that matters.
When Gmail plus addressing is actually useful
This is the honest case for the plus-tag trick — the use cases where it is genuinely the right tool and where adopting an alias service would be overkill. There are three of them:
- Internal labeling and filtering. If you want to give a single party an address tagged with a context —
jane.doe+receipts@gmail.comfor receipt aggregation,jane.doe+events@gmail.comfor calendar invites — and you genuinely don’t care who else gets the unlabeled version, plus addressing is fast and free. The labeling makes your Gmail filter rules trivially clean. - Tracking which forms strip and which preserve the
+tag. Some marketing automation strips the tag before storage; others preserve it. Usingjane.doe+brandname@gmail.comat sign-up and watching whether subsequent mail from that brand still includes+brandnametells you which CRMs respect the original address. Useful diagnostic; not privacy. - One-off interactions you’ll forget about. A conference signup, a coupon code, a temporary newsletter you’ll unsubscribe from in a week. The address will end up in spam corpora eventually but you don’t care because the relationship is ephemeral.
The pattern: plus addressing is right when labeling is the goal and concealment is irrelevant. If concealment matters — which it does for any account with money, identity, or recovery value attached — the +tag trick is the wrong tool, not because it’s worse than nothing, but because it gives the illusion of protection without providing any.
Where email aliases beat Gmail plus addressing
Email aliases beat the plus-tag approach decisively in every use case where concealment, revocability, or universal acceptance matters. The four categories most users encounter:
- Financial accounts. Banks, brokerages, credit cards. We covered this in detail in our guide on email aliases for bank accounts — the short version is that you want the leak-detection and revocability properties on any address with money attached.
- Identity-adjacent accounts. Tax filing, healthcare, government services. Multi-year relationships where the email of record needs to outlive any one provider and where leak attribution genuinely matters when something goes wrong.
- Forms that reject the
+. Plenty of sign-up forms — particularly older e-commerce, some financial portals, and a long tail of poorly maintained internal tools — silently reject email addresses containing a+. An alias address has no special characters and is accepted everywhere. - Long-lived subscriptions and SaaS. Annual renewals, professional tools, paid newsletters. If the address gets bundled into a breach corpus three years from now, you want the kill-switch.
In all four, the cost of the alias setup (about ten minutes) is dramatically smaller than the cost of a future incident handled with plus addressing alone. The plus tag gave you filtering; it didn’t give you a fix path when the filtering catches a sender who shouldn’t have had your address in the first place.
How to switch from plus addressing to email aliases
The migration from a plus-tag setup to a proper alias is gradual and per-account, not a single cutover. The sequence below is what most users follow over a couple of weeks of background work:
- Audit your current plus-tag list. In Gmail, search
to:(*+*)to surface every message addressed to a tagged variant. Group by sender domain. Rank by which ones you actually care about preserving. - Sign up at an alias service. The free tier of any reputable provider is enough to start. EmailAlias.io’s free tier includes 10 aliases — see our 2026 email alias services comparison if you want to evaluate providers side by side.
- Create aliases for the top-priority accounts first. Banks, brokerages, healthcare, tax, primary subscriptions. For each, generate a distinct alias label (
chase-checking,amazon-2026, etc.) and confirm a test message arrives before updating the live account. - Update the email of record at each priority account. Log in, change the email field to the new alias, confirm via the link the service sends. This step takes about two minutes per account.
- Let plus-addressing keep handling the long tail. Casual newsletters, one-off receipts, accounts you don’t care about — leave the
+taglabels in place. You don’t need to migrate everything; you need to migrate the things that matter. - Consider a custom domain for permanence. If portability matters to you long-term, route your top-priority aliases through a custom domain you own. The setup is covered in our email alias portability guide; the result is that the addresses you migrated outlive any one alias provider.
The whole pattern usually takes 2-3 weeks of background effort spread across an account-a-day cadence. The endpoint is a hybrid setup: aliases for things that matter, plus addressing for things that don’t — and a clear mental model of which is which.
A few practical tips that save time during the switch: (1) before changing the email of record at a financial account, send yourself a test from the new alias to confirm forwarding works — there’s no worse moment to discover a misconfigured destination than during a password reset. (2) When you create the alias, name it after the institution rather than the year or a random string: chase-checking beats alias-7 by orders of magnitude six months later when you’re trying to figure out which is which. (3) After the migration, set up a Gmail filter on the old plus-tag address to label inbound mail as “migrated-to-alias” — this surfaces any service you forgot to update without forcing them through your active inbox.
Common use cases for each
The decision matrix below is what most users actually land on once they’ve used both tools side by side for a few months. The pattern: privacy-sensitive accounts get a real alias, low-stakes labeling stays on plus addressing, and a small middle category gets a judgment call. The matrix isn’t prescriptive — it’s a starting point informed by user reports across r/privacy and adjacent communities — but it’s a useful Schelling point for someone trying to decide where to draw the line.
| Use case | Recommended tool | Reason |
|---|---|---|
| Bank, brokerage, credit card | Alias | Concealment and revocability are mandatory |
| Tax / government / healthcare | Alias | Multi-year permanence; leak attribution matters |
| Primary SaaS subscriptions | Alias | Annual renewals outlive any single breach window |
| Conference / event signup | Plus addressing | Ephemeral; you’ll never need the kill-switch |
| Receipt / order tracking | Plus addressing | Internal filtering is the actual goal |
| Newsletter you might unsubscribe from | Plus addressing | Low value if leaked; high effort to alias each one |
| Forum / community signup | Either, depends on stakes | Alias for long-lived communities, plus tag for one-time |
| Public-facing professional address | Alias on custom domain | Address will circulate for years; permanence matters |
The implicit rule: anything you expect to use for more than 18 months, or anything with financial or identity stakes, gets a real alias. Everything else can ride on plus addressing without meaningful risk. The two tools are complements, not substitutes — picking one and using it for everything is the failure mode in both directions.
One signal that helps with the middle category: if you’d be annoyed (rather than worried) by mail to a leaked label, plus addressing is fine. If you’d be worried, it’s an alias. The annoyance threshold for newsletter spam is genuinely lower than the worry threshold for compromised credentials, and the tools should match the threshold of the worst-case outcome.
Final thoughts
Gmail plus addressing is a labeling tool that gets confused for a privacy tool because the labels happen to be unique per service. Once you internalise that the +tag is publicly visible and trivially strippable, the right use cases for it become obvious — internal filtering, ephemeral signups, anywhere concealment is irrelevant. For everything else, a real alias-per-service pattern does the actual job: hides your real inbox, gives you a kill-switch, and produces leak attribution as a side effect.
The hybrid model is what most privacy-aware Gmail users settle into. Plus addressing for the long tail of low-stakes sign-ups; aliases for the small number of accounts that genuinely matter. You don’t need to migrate everything, and you don’t need to abandon plus addressing — you need a working mental model of which tool fits which use case, and the discipline to use it that way.
If you want to try the alias side without commitment, the EmailAlias.io free tier includes 10 aliases — enough to cover the financial, healthcare, and primary-subscription accounts that benefit most from the upgrade. Start with the free 10-alias tier, migrate one account this week, and decide from there whether to scale the pattern to the rest of your priority list. The migration cost is one evening per cluster of accounts; the upside compounds every time a service in that cluster gets breached and the leaked address turns out to be one you can disable rather than one you can’t.
Frequently asked questions
Is Gmail plus addressing safe to use for privacy?
No. Gmail plus addressing labels your inbox but doesn’t hide your real address. Stripping the +tag is a one-line regex that every spammer and breach broker runs automatically, exposing your underlying jane.doe@gmail.com. The +tag bought you internal filtering, not concealment.
What’s the difference between Gmail plus addressing and an email alias?
Plus addressing leaves your real Gmail visible in the address itself, so anyone who reads the address can read your inbox. An email alias is a separate address that hides your real inbox entirely. The alias is also revocable — you can disable a leaked alias without affecting any other.
Do all websites accept Gmail plus addressing?
No. A meaningful minority of sign-up forms reject email addresses containing a “+” character. Banks, older e-commerce, and some financial portals are common offenders. Email aliases have no special characters and are accepted everywhere a normal email is accepted.
Can spammers really strip the +tag from Gmail plus addressing?
Yes. Stripping everything between the “+” and “@” is one line of code in any language and has been industry-standard practice in the email-list-broker pipeline since at least 2010. Every serious breach corpus reduces “jane.doe+amazon@gmail.com” to “jane.doe@gmail.com” before sale.
When should I use Gmail plus addressing instead of an email alias?
Use plus addressing for internal labeling, conference signups, receipt tracking, and any low-stakes one-off where you genuinely don’t care about concealment. Use a real alias for banks, brokerages, healthcare, tax, and any long-lived account where a kill-switch and leak attribution matter.
How do I switch from Gmail plus addressing to an email alias?
Audit your current plus-tag list via “to:(+)” in Gmail, prioritise the accounts with financial or identity stakes, create distinct aliases for each, and update the email of record at each priority account. Leave plus addressing handling the long tail. The full pattern takes about 2-3 weeks of background work at an account-per-day cadence.
Does Outlook or Yahoo support plus addressing like Gmail does?
Outlook/Microsoft has supported the “+” subaddress syntax since around 2020. Yahoo uses “-” instead of “+” with the same semantics. Both share Gmail plus addressing’s core limitation — the label is visible in the address and trivially strippable.
Is using both plus addressing and email aliases overkill?
No — most privacy-aware Gmail users settle on a hybrid setup. Aliases for accounts that matter (banks, brokerages, healthcare, primary subscriptions), plus addressing for ephemeral sign-ups and internal labeling. The two tools are complements, not substitutes.
