How a freelancer juggles 34 client portals without one email leaking

Every freelance project bolts another portal onto your stack

Daniel's freelance practice involves working inside whatever tooling each client already uses. That means a fresh signup on Figma, Notion, ClickUp, Asana, Slack, Loom, Frame.io, Zoom, Dropbox, Google Drive, and the client's billing system — for every single engagement. Over five years of freelancing, he had accumulated 34 active client-portal accounts, all attached to the same Gmail address he'd been using since university.

The first signal something was wrong was when an unrelated marketing newsletter — for a vertical he had no interest in — started landing in his inbox. He'd never signed up for it. Tracing back the headers showed the newsletter operator had bought a list from a marketing-tool vendor he'd signed up for two years earlier on behalf of a client whose project had since ended. His email was now in a list being resold across the e-commerce SaaS market, and there was no way to undo it short of changing his primary email — which would mean updating it on 34 active portals.

Worse, when one of his clients got phished (a fake invoice that the client actually paid), the post-incident investigation found that Daniel's email had been in the leaked list of contacts the phisher used to social-engineer the client. His relationship with that client survived, but barely. The whole event made clear why an email alias for freelancers and small operators is increasingly table-stakes rather than a privacy luxury.

The setup: one alias per client, expirable on engagement end

1. Switched his freelance portal to a short custom domain (dnlk.studio). Pointed MX at EmailAlias.io Premium.
2. When onboarding a new client, the first artifact he creates is a client-specific alias: <client-codename>@dnlk.studio. That's the email used for every tool the client invites him to.
3. At engagement end (or six months after the last invoice, whichever comes first), the client alias gets disabled. All future mail to that address bounces — clients sometimes try to re-engage; he handles them via his contact form instead.
4. Configured exposure alerts so any alias that starts receiving spam pings him on Slack. Spam volume on an active client alias is a signal the client's tooling leaked; spam on a retired alias is harmless because it's already dead.

What changed

Daniel's primary inbox is now used only for personal email and direct contact from people who already have him on their phone. All client work goes through aliases, all client signups go through aliases, and when an engagement ends the entire email surface for that client gets destroyed with one toggle.

He's caught two client-side leaks since the switch: one CRM vendor that started reselling client data within weeks (alias started receiving cold sales emails — he warned the client; the client switched CRMs), and one design-handoff tool that suffered a publicly-disclosed breach (he killed the alias within an hour of the announcement, no spillover).

On the inbox-management side, he says the biggest unexpected win is being able to grep his inbox for an alias to see all communication with one client in one query, instead of trying to remember which subject lines came from which client.

What this would have cost without aliases

The most concrete cost: time. Daniel estimates he was spending about 90 minutes per week sorting client mail from personal mail, unsubscribing from vendor newsletters he hadn't opted into, and triaging spam that landed because some old client portal had leaked his address. Across a freelancer's billable hours, that's roughly 78 hours per year of admin tax — at his rate, several thousand euros of lost billable capacity annually. Aliases reduced that to about 10 minutes per week of alias maintenance.

The harder-to-quantify cost was reputational. The one phishing incident where his email had been in a client's leaked contact list nearly cost him a long-term client relationship. The client didn't blame him directly, but the awkwardness around "how did your email end up in this attacker's CSV?" persisted for months. Aliases eliminate that conversation entirely — if a client gets phished, the alias is what was leaked, not Daniel's identity surface.

What he tried first

Daniel's first attempt was setting up a second Gmail account for client work. That worked for about three months, then he realized he was just kicking the can: every client signed up the same second Gmail to every tool, so the second account had all the same correlation problems the first one had — just spread across slightly less personal mail. The second-Gmail approach is the most common failure mode we see in email alias vs multiple accounts comparisons; it solves nothing structurally.

He also tried Cloudflare Email Routing on a custom domain briefly. The infrastructure works fine, but Cloudflare doesn't ship per-alias analytics, exposure detection, or a UI for muting noisy aliases — the operations layer is left to the user. For someone managing 34 concurrent client portals, that lack of tooling is the actual bottleneck, not the underlying SMTP forwarding. EmailAlias.io's dashboard, alerts, and per-alias controls are what make the workflow tractable at scale.

The day-2 operational reality

The operational workflow is built around onboarding and offboarding rituals. Onboarding a new client: 3 minutes (generate alias, label it with client name in the dashboard, paste it into the kickoff form). Offboarding: 30 seconds (find the alias in the dashboard, hit Disable). Both rituals happen exactly once per engagement, and they're the only alias-touching moments in a typical month.

What he didn't expect: aliases turned out to be useful for client onboarding clarity too. When a client asks "what email should I use to invite you to our Slack?", the answer is the client-specific alias — which Daniel hands over by default. Clients sometimes ask why he doesn't just use his personal email; the answer ("so I can isolate communication and keep your project from polluting my other work") reads as professional rather than paranoid.

“

The first time I killed a client alias at engagement end and saw the bounce backs, I realised I'd been carrying inbox weight from every past client for five years. That weight is gone now.

Frequently asked questions