Comment by tmarice
1 month ago
On their Masked Email feature page https://www.fastmail.com/features/masked-email/
> Companies have no way of linking different Masked Email addresses together to track you.
I have received the Fastmail support response, and since they do not consider this a vulnerability, I'll post it here:
- You have a Masked Email
- You have set up forwarding from your Fastmail account to another email service
- The other email service rejects the mail for some reason
- The bounce message goes back to the original sender, and may include the email addresses along the chain after the Masked Email address.
I'm assuming the bounce message contains the X-Resolved-To header mentioned in the other HN thread linked above.
Thanks. I agree. The privacy claim is contradicted by Support's "may include the email addresses along the chain". I note though that I got the opposite answer from Support.
Did you request escalation?