How to stop spam email forever
Spam filters get smarter every year. So do the spammers. The thing that actually breaks the cycle isn't a better filter — it's giving each service its own email address, so when one of them leaks, you can shut that exact tap.
Why the "just use a spam filter" advice fails
Every major inbox provider already ships a spam filter. Gmail's is excellent. Outlook's catches the obvious stuff. Apple Mail's has its moments. And yet your inbox still has spam. There are three reasons.
- Probabilistic guessing. Filters classify every message based on content + sender reputation, and they have to err toward false negatives (let some spam through) because false positives (move a legitimate message to spam) are worse. The error rate is non-zero by design.
- Spammers iterate faster. By the time a filter learns a new pattern, spammers have moved to a new one. The arms race is permanent and you're the prize.
- It treats the symptom, not the source. A filter doesn't know which service leaked you. It just sorts the firehose. You still have to unsubscribe, mark as spam, hope, repeat — for every new sender, forever.
The structural fix is to change the address. If every service has its own alias, every spam wave is attributable, and one click breaks the connection — not a filter rule that hopes.
The six-step playbook
Start with step 1; the rest compound. Most readers see 80% of the spam reduction inside the first two weeks.
- 1
Stop using one email everywhere
Audit the services tied to your real email. Most people have 100–300. The math is brutal: any one of them gets breached, sells your list, or hires a sloppy email vendor — and your single inbox becomes the spam destination forever. The fix is to give each service its own address.
Why this works
Spam is a leak problem, not a filter problem. If 200 services share one inbox, one leak ruins everything. If 200 services have 200 different addresses, one leak ruins one alias.
- 2
Set up email aliases (one per service)
Sign up for an email alias service. Every new account gets a fresh alias that forwards to your real inbox — recipients see the alias, your real address never leaves your password manager. The browser extension generates an alias inline on signup forms, so the overhead is one click instead of typing your real email.
Why this works
Per-service aliases give you attribution: when spam starts arriving, you know which alias it hit and therefore which service leaked. That's actionable information — and the lever you'll pull in step 4.
- 3
Migrate the highest-spam accounts first
Don't try to migrate everything at once — that's where energy dies. Pick the ten services that send you the most marketing email (newsletter platforms, online retailers, conference signups), generate aliases for each, and update the email-on-file. Migrate the rest opportunistically: every time you sign up for something new, use a fresh alias by default.
Why this works
Pareto applies. 80% of your unwanted email comes from 20% of your accounts. Migrate that 20% and the noise drops dramatically without a multi-week project.
- 4
Disable any alias that goes bad
When an alias starts receiving spam, disable it — one click in the dashboard. The alias dies, mail to it bounces forever, your real inbox stays clean. The service that leaked you can no longer reach you. If you still want their mail occasionally, generate a fresh alias and only give it to them — back to a clean state.
Why this works
This is the irreversible part filters can't do. A spam filter is a probabilistic guess on every message; a disabled alias is a hard "no" at the routing layer. Spam to a disabled alias is dropped at our gateway — it never touches your inbox.
- 5
Add sender allow/block lists for the gray area
Some senders are mostly-good but occasionally noisy (a newsletter you want, but they email three times a week). Block specific sender domains while keeping the alias alive for the legitimate messages. Allow lists do the reverse — bypass spam filtering for senders you always want through.
Why this works
Real-world inboxes have shades of gray. Per-alias allow/block lists give you finer control than "keep the alias" vs "kill the alias" — you can keep the address while silencing one annoying sender.
- 6
Use suspicious-sender intelligence as an early warning
A good alias service scores incoming senders for risk: sketchy TLDs (.xyz, .top, .gq), typosquatting against known brands, phishing keywords in the domain. When a high-risk sender hits one of your aliases, you get an alert before the message reaches your inbox — useful when you've handed an alias to a service you weren't sure about.
Why this works
Spam isn't just unwanted mail; some of it is phishing aimed at the credentials behind that alias. Real-time risk scoring catches the bad ones early so you can disable the alias proactively, before clicking anything.
What about temp-mail or disposable inboxes?
Temp-mail solves the wrong half of the problem. You get a throwaway address for a one-shot signup — but then the inbox expires, so you can't reset the password later, you can't receive 2FA codes, and many signup forms block disposable domains anyway. Permanent aliases keep the "hide my address" benefit and add longevity, recoverability, and acceptance.
For the deep version of this argument, see temp-mail alternatives or why permanent aliases are not disposable email. If you just want to find out whether a specific address is a temp-mail one, run it through our free disposable-email checker.
What about Gmail "+" addresses?
Gmail and many other providers let you append +anything to your address (you+amazon@gmail.com). That gives you attribution — you can see which service leaked — but it doesn't hide your real address. Anyone who strips the + tag (and many spammers automate that) gets your real inbox.
Real aliases are different addresses entirely — there's no plus-tag to strip. The attribution is the same; the privacy is real.
Frequently asked questions
Pulled from the canonical FAQ — answers stay in sync as we update them.
Is EmailAlias better than disposable email services?
Unlike throwaway email services, EmailAlias gives you permanent, encrypted aliases you control. You can receive mail indefinitely, reply from your alias, and disable it anytime. It's privacy without the inconvenience. Disposable emails expire and can't receive future messages — aliases are yours forever.
How does spam blocking work?
Every alias includes built-in spam filtering. Free users get a baseline filter; Premium gets a stricter threshold plus per-account allow and block lists. The filter combines a curated keyword list, all-caps heuristics, and a tracking-domain blocklist — no email content is sent to a third-party model.
What does Advanced Spam Protection include?
Premium accounts get a stricter spam-filter threshold that catches more borderline spam, plus per-account allow and block lists. Add trusted senders to your allowlist to bypass the spam filter, or add specific emails/domains to your blocklist to drop them silently. Manage everything from the Spam Filters page in your dashboard.
What if I start getting spam on an alias?
Simply disable the alias from your dashboard. This is the beauty of per-service aliases — you can cut off spam from one source without affecting any other service. You can also create a new alias for that service if needed.
Can I move my aliases between providers?
Aliases on a shared provider domain (e.g. @emailalias.io) aren't portable — they live on our domain and stay with us. Aliases on a custom domain (yourdomain.com) are fully portable: you keep the domain, point its MX records at a new provider, re-create the same local-parts on their side, and the addresses keep working — provided the new provider supports custom local-parts (most do; some only issue random codes). Custom domains are a Premium feature on EmailAlias, but for anyone who plans to use aliases long-term, it's vendor-independence insurance worth having.
More questions? See the full FAQ.
Start with one alias today
The free tier includes 10 aliases — enough to migrate your top spam sources. Premium adds unlimited aliases, custom domains, send-and-reply, and real-time sender-risk alerts. 7-day free trial.