LEGIT B+ L2 · discreet
addy.io
addy.io

Open-source email alias relay, formerly AnonAddy. Free tier, crypto-friendly paid plans, fully self-hostable.

BTC XMR LN ETH CARD

Addy.io spent six years building an alias service that audits well and stays out of headlines.

Will Browning's single-operator alias relay, AGPL-licensed, self-hostable, and externally audited as of 2023.

Jurisdiction United Kingdom
Operating since 2019
Category Email & Aliases
Rubric v2.7
$visit addy.io see full rubric ↓

How it works

You sign up with a real forwarding address, then mint as many @anonaddy.me, @addy.io or custom-domain aliases as the tier allows. Inbound mail hits the addy.io MTA in Amsterdam, is rewritten so replies route back through the same relay, and is forwarded to your real inbox. By default nothing is stored after delivery; only failed deliveries can be queued, and only if you opt in. You can attach an OpenPGP key so messages are re-encrypted to your key at the forwarding boundary, attachments included. The clients are all on GitHub: a web app, browser extensions for Chrome and Firefox, and AGPL native apps for iOS, iPadOS, Android and WearOS.

KYC & privacy

There is no government-ID step at any tier and no phone number on file. The signup form needs a forwarding address — that is the one piece of personal data the service strictly requires, and the FAQ explicitly suggests pointing it at an alias from another provider. Fiat billing runs through Stripe, so card data leaks to a US processor; crypto billing has been live since January 2021 via NOWPayments, currently BTC, XMR, ETH, LTC, DOGE, DCR, XRP and Lightning, with a $10 invoice floor that effectively pins crypto users to the annual plans. Logs are deliberately thin: message bodies are not retained by default, alias-usage IPs are not stored, and the database fields that do hold sensitive data are AES-256-CBC encrypted at rest.

Strengths and limits

The strongest signal is durability. Six years of quiet operation, no documented hack or freeze, an external Securitum review in September 2023 that found no significant vulnerabilities, and a 100% score on Internet.nl's transport-security test. Self-hosting is genuinely first-class: an official Docker image, current install docs, no neutered community edition. The limits are honest ones. The relay still touches Amsterdam-based servers, and a court order would land there even though retention is minimal. There is no SMTP/IMAP gateway, so addy.io cannot replace a primary mailbox — it is a forwarder, full stop. Funding sits on a single UK operator who has documented but not delegated succession.

Verdict

For pseudonymous signups, leak isolation and tag-by-tag account hygiene, addy.io belongs in the same shortlist as SimpleLogin, with the added comfort that the code, infrastructure docs and audit findings all sit on the public record. It is not a mailbox; it is not a mixnet. Grade: B+ (8.3/10). Trust: LEGIT.

verdict.anonaddy.diff +5 pros −3 cons
what works
+ 01 Securitum-audited September 2023, AGPL-3.0 codebase including the mobile clients
+ 02 BTC, XMR and Lightning accepted via NOWPayments for annual subscriptions
+ 03 Self-hosting is first-class: official Docker image and current install docs
+ 04 PGP forwarding with bring-your-own key, attachments encrypted at the boundary
+ 05 Six years of continuous operation with no documented breach or fund freeze
what to know
01 Fiat billing routes through Stripe; the $10 NOWPayments floor keeps crypto annual-only
02 Forwarder only: no SMTP/IMAP, so it cannot replace a primary mailbox
03 Single-operator UK shop with documented but undelegated succession

For pseudonymous signups and tag-by-tag account hygiene, addy.io has earned its place beside SimpleLogin, and its audit, code and docs all sit on the public record. It is not a mailbox replacement and the relay still touches Amsterdam, but as a privacy-first alias service its track record speaks for itself. Grade: B+ (8.3/10). Trust: LEGIT.

§ Related
more in Email & Aliases →

Next to consider

3 similar