How it works
Pick a domain — SimpleLogin's own, a Proton-supplied subdomain, or your own — generate an alias, and hand that alias to a website. Inbound mail to the alias is routed to your real mailbox; replies pass back through the relay and are rewritten so the recipient still sees the alias. PGP can be layered on top so forwarded mail is re-encrypted to your key before delivery. The codebase — Python on Postgres, with browser extensions for Chrome, Firefox, Safari and Edge plus iOS and Android apps — is published on GitHub under MIT and can be self-hosted, including the inbound SMTP, web dashboard, and queue components. Aliases can be created on demand from the extension, the web UI, or via catch-all rules on a custom domain.
KYC & privacy
Signup requires a working email address, since the relay must know where to forward. No phone, no ID, and no payment data unless you upgrade to Premium at $30 a year, processed through Proton's billing — card, SEPA, PayPal, or Bitcoin via BTCPay. The privacy policy states that email content is processed in memory and discarded after relay; IP logs are retained for seven days for abuse handling and then deleted. Aliases can be disabled or removed at any time, and SimpleLogin will surface third-party breach hits against your aliases via in-app notifications. There is no onion address, but the entire stack runs in EU jurisdictions — Paris and Geneva — under GDPR and Swiss data-protection law.
Strengths and limits
The architecture's appeal is its narrowness: SimpleLogin does not try to be a mailbox, only the layer between identity and inbox. A 2022 audit by Securitum cleared the apps without uncovering critical vulnerabilities, and the public bug bounty programme remains open. Self-hosting keeps the server-trust question optional — the trade-off is operating an inbound SMTP relay yourself, which is non-trivial. The hosted side trades convenience for the obvious cost: every alias's content still passes through the relay before reaching you, even if briefly. Proton's involvement reads as a feature for most users (engineering depth, audit budget, an aligned privacy stance) and a caveat for those wary of consolidating mail under a single vendor's roof.
Verdict
A boring service in the best sense — narrow scope, auditable code, and a long enough run to show no surprises. It will not anonymise an inbox you already control or keep mail off the relay's wire, but it will keep your real address out of every breach list to come, and the open-source escape hatch is real if you ever decide to take it.
SimpleLogin solves the alias problem without forcing a new mailbox on the user, and the Proton acquisition has not dented its open-source posture. Six years in, audited, and uneventful — the kind of service that earns trust by not having a story to tell. Grade: B (7.8/10). Trust: LEGIT.
