Over the last 16 or so years, I’ve written a few columns about good password practices. Logging in to web services with an email address and password has become ubiquitous and good passwords are still key (please don’t reuse them) but I haven’t mentioned the email address side.

When hackers break into a database containing email addresses and passwords, they will use those on many different sites to see if they can gain access. Hence the need to not reuse passwords. Not using the same email address also helps, but that requires a bit more work. Thankfully has your back.

If you’re unfamiliar with duckduckgo. com, it is a search engine like Google or Bing. It is much smaller and focuses on privacy. “Our privacy policy is simple: we don’t collect or share any of your personal information.”
To that end it tries to remove tracking information when it serves up search results. It gleans its search results from many sources, but not Google. At home, in my own browser, I have the duckduckgo extension, but have the Home button in the browser mapped to to make it easy to switch.

If you use Chrome, Firefox, Edge, or Brave, you can install the duckduckgo extension. You’ll find the link to your browser on This will make your default search engine. (Note this may be a deal killer for some people, but mostly it’s just inconvenient if you’re determined to use google search.) Personally, I find it useful searching on both to see different sets of results.

One big advantage of the extension is the access to duckduckgo free email addresses. This isn’t another email address though. It’s a forwarding address. Go to duckduckgo. com/email and sign up. It’s worth reading through the Privacy Guarantee. Such a refreshing change from the many sites funded primarily by selling your personal information to others. Type in the @duck. com address you’d like to use and which email you’d like to forward to.

Now when you use your address, the duckduckgo server will strip all tracking information from the email before forwarding it to your regular email, thus ensuring a bit more privacy and stopping spammers from knowing if the email address is valid.

There’s one more step. Once you’ve signed up for an email address, you can generate aliases for that address that work the same. Suppose you need to use your email address to sign up for something, say an email receipt while shopping. You want the receipt, but don’t want to give out your personal email. will generate a one-time email address for you that looks something like Submit that email and it acts as an alias for your @ email and forwards all email to your personal email account with tracking removed.

It works the same for signup services. Use a separate email address and password for sites and you’ll never have to worry about hackers and spammers using your email and password to access other sites.
The other nice benefit: if you want to stop receiving emails sent to your one-time email address, just deactivate it and the emails stop. No unsubscribing necessary. Think of it as a burner email that you throwaway when you’re done.

That’s a bit to set up, but if you’re concerned about privacy and keeping as much spam as possible out of your email inbox it may be worth it.

I don’t recommend using for important emails like banking, work, education, or the like. Generally, for important sites, we want them to know who we are and we want to know that it’s them. But for other stuff, having @duck. com in the middle acting as your email gatekeeper may be just the protection you need.

Thanks to Keith for the column suggestion this month.