Open-source email aliasing, honestly reviewed. No marketing fluff, just what you get when you self-host it.

TL;DR

What it is: Open-source (AGPL-3.0) email aliasing and forwarding service — create unlimited disposable addresses that forward to your real inbox, without exposing it [README][website].
Who it’s for: Privacy-conscious founders, developers, and anyone tired of handing their real email to every SaaS, newsletter, and checkout form they encounter. Also anyone who wants to self-host so the alias service itself isn’t a third party holding their mail [README].
Cost savings: The managed cloud tier (addy.io) starts free and scales to $3/month for full features. This is not where you save money. You save by stopping spam — the actual cost of inbox pollution is measured in lost time and leaked identity, not dollars per month [pricing page].
Key strength: The free tier is genuinely usable, GPG/OpenPGP encryption per recipient is a real privacy feature (not just marketing), and the mobile apps are open-source and free to use whether you’re on addy.io or your own instance [website][README].
Key weakness: AGPL-3.0 license (not MIT) means self-hosting for internal use is fine, but building a commercial product on top requires open-sourcing your derivative work. The free tier caps active aliases, which is the detail that trips up new users [README][4].

What is AnonAddy

AnonAddy — now branded primarily as addy.io — is an email aliasing service. The premise is simple: instead of handing out your real address, you give every website, service, and person a unique alias like vuejs@johndoe.anonaddy.com. The alias receives mail and forwards it to your real inbox. When an alias starts getting spam, you flip a switch and silence it. When you want to burn it completely, you delete it and the sender gets a hard bounce. Your real address never appears [website][README].

What makes it different from throwaway-inbox services like Mailinator or 10 Minute Mail is that AnonAddy is persistent and manageable [4]. You own the aliases. You can reply from them anonymously. You can add GPG encryption so emails are encrypted before they even hit your inbox. You can use your own custom domain. And if you don’t trust the addy.io servers — or anyone’s servers — you can run the whole thing yourself on a $5 VPS [README][website].

The project started as a privacy-first open-source alternative and has accrued 4,510 GitHub stars. As of this review, the live service is called addy.io and has announced a partnership with Tuta (the end-to-end encrypted email provider formerly known as Tutanota), which signals the project is maturing toward deeper email privacy integration [website].

The AGPL-3.0 license is worth flagging upfront: it’s stronger copyleft than MIT. Self-hosting for your own use is unrestricted. Embedding it in a SaaS you sell requires releasing your modifications. This rarely affects solo founders, but it matters if you’re building a product on top of it [README].

Why people choose it

The comparison table in a 2024 SimpleLogin review [2] gives the clearest side-by-side snapshot of the category:

Feature	AnonAddy	SimpleLogin	Firefox Relay
Open Source	Yes	Yes	No
Self-Hosting	Yes	Yes (community)	No
Free Aliases	Unlimited (active limit)	10	5

The decision tree usually shakes out like this:

Versus SimpleLogin. SimpleLogin was acquired by Proton in 2022. If you’re already on ProtonMail, SimpleLogin may already be bundled with your plan, which is a compelling reason to use it. If you’re not in the Proton ecosystem, SimpleLogin’s free tier caps you at 10 aliases. AnonAddy’s free tier lets you create unlimited aliases but limits how many can be active simultaneously. For most people who create aliases aggressively, AnonAddy’s model is more practical [2][4]. SimpleLogin also supports self-hosting, but it requires more setup infrastructure (Postfix, nginx, PostgreSQL) and the community notes it’s heavier to maintain than AnonAddy’s Docker-based approach [2].

Versus Firefox Relay. Not open-source, no self-hosting, no custom domains, no GPG encryption [2]. The only advantage is the Firefox browser integration, which AnonAddy also covers with its own browser extension. Not a serious competitor for anyone privacy-focused.

Versus throwaway services (Mailinator, Guerrilla Mail, 10 Minute Mail). These are for when you need a fake inbox for 10 minutes [4]. AnonAddy is for when you want a permanent alias you can reply from and manage long-term. Different use case entirely.

The core reason founders and privacy-minded users pick AnonAddy over everything else is the combination: persistent aliases, self-hostable, actual reply capability, GPG encryption, custom domains, open-source mobile apps — all at a price that starts at zero [website][README].

Features

Core aliasing:

Unlimited alias creation [website]
On-the-fly alias creation — aliases are auto-created the first time they receive an email [website]
Toggle aliases on (forward) or off (silently discard) without deleting them [website]
Delete an alias to hard-bounce any future mail [website]
Random UUID-format aliases for full anonymity (x481n904@anonaddy.me) [website]
Catch-all on custom domains — anything@yourdomain.com creates an alias automatically [website]
Regex matching on custom domains as an alternative to full catch-all [website]

Privacy and encryption:

GPG/OpenPGP encryption per recipient — attach your public key and all forwarded mail is encrypted before delivery [website][README]
Optional subject line encryption [website]
Reply from aliases without exposing your real address — the reverse-alias mechanism wraps replies so the sender only ever sees your alias [website]
Send new emails from aliases (not just replies) [website]
Additional usernames for compartmentalizing — work aliases, personal aliases, project aliases, all separate [website]

Platform integrations:

Browser extension for Firefox, Chrome, Edge, Safari (and Brave, Vivaldi) [website]
Native iOS and Android apps, open-source, free whether on addy.io or self-hosted [website]
Raycast extension [README]
REST API with API key auth for programmatic alias management [website]

Self-host infrastructure:

Docker-based deployment (MySQL + Redis) [merged profile][README]
Two-factor authentication (2FA) [merged profile]
Plugins architecture [merged profile]

Pricing: SaaS vs self-hosted math

addy.io managed cloud:

The service runs a freemium model. The free tier gives you unlimited alias creation with a cap on how many are simultaneously active, one custom domain, and limited bandwidth per month. Paid tiers (priced around $1–$3/month depending on tier) lift those caps, add more custom domains, more additional usernames, and higher bandwidth [pricing page].

The pricing page is worth checking directly — these numbers have shifted as the service matured, and the tiers are cheap enough that the math isn’t really the story here.

Self-hosted:

Software: $0 (AGPL-3.0)
VPS to run it: $5–8/month (Hetzner, Contabo, Vultr — any Linux VPS with 1–2GB RAM)
A mail server or external SMTP: required (this is the real complexity — more below)

The real cost comparison:

Unlike automation tools where you’re paying per-task and the math is obvious, email aliasing services are cheap across the board. You’re not saving $200/month by self-hosting AnonAddy versus paying addy.io $3/month. The value proposition is different:

Trust surface reduction. When you self-host, your email traffic doesn’t pass through addy.io’s servers. If you’re using AnonAddy for high-value aliases (financial accounts, medical, legal), that’s meaningful [README][website].
Alias sovereignty. If addy.io raises prices, pivots, or shuts down, self-hosted users are unaffected. SimpleLogin users after the Proton acquisition felt this acutely when features and pricing shifted [2].
Volume and custom domain flexibility. Self-hosted means unlimited everything with no tier limits.

For founders using this to protect their operational email addresses, the $3/month Pro tier is genuinely cheap enough that self-hosting requires a clear reason beyond cost.

Deployment reality check

This is where AnonAddy is harder than most self-hosted tools, and the difficulty deserves honesty.

The email infrastructure problem. Running a web app on Docker is easy. Running a mail server is not. AnonAddy requires:

A configured mail server (Postfix by default) that can receive incoming SMTP
A domain with properly configured DNS: MX records, SPF, DKIM, and DMARC
A VPS with port 25 open — most cloud providers (Hetzner, AWS, GCP, DigitalOcean) block outbound port 25 by default on new instances. You have to request unblocking
Reverse DNS pointing from your IP to your mail domain (requires VPS provider support)
Redis and MySQL in addition to the app

None of this is insurmountable for a developer, but for a non-technical founder following a guide, this is a long afternoon that can turn into a frustrating weekend. Getting spam filters and deliverability right (DMARC, DKIM alignment) takes time even for engineers who’ve done it before.

The Docker path. The README points to Docker and docker-compose as the intended deployment method [README]. The community maintains setup guides. If you’ve self-hosted anything serious before (Nextcloud, Gitea, Vaultwarden), you’ll find AnonAddy similar in complexity — except for the mail server layer, which has no equivalent in file sync or code hosting.

What the README doesn’t warn you about:

ISPs and cloud providers block port 25. Budget time to resolve this before you start [README].
Deliverability is not automatic. A fresh VPS IP has no reputation. Expect forwarded emails to land in spam initially for recipients using aggressive filters.
If you want GPG encryption working end-to-end, you need to set up key management properly. The FAQ in the README covers this in detail [README].

Realistic time estimate for a developer comfortable with Linux and Docker: half a day for a working instance, another half to get deliverability configured properly. For a non-technical founder: budget a developer’s help or stick with addy.io’s managed tier.

Pros and cons

Pros

Unlimited alias creation. Even on the free tier, you can create as many aliases as you want. The cap is on simultaneously active aliases, not on total created [website][4].
Real reply capability. You can reply to forwarded emails and the recipient sees the alias, not your real address. You can also initiate outbound email from aliases. This is not available in throwaway services [website].
GPG encryption per recipient. Bring your own public key, toggle it on per recipient, and all forwarded mail is encrypted before it reaches your inbox. Hides the subject line too. Matters for anyone using Gmail/Outlook who doesn’t want inbox snooping [website][README].
Custom domains with catch-all. Your own domain, catch-all or regex-matched, managed from a clean dashboard [website].
Open-source mobile apps. Both iOS and Android apps are open-source and free to use on any self-hosted instance [website][README].
Self-hostable on AGPL terms. Internal use has no restrictions. The entire codebase is auditable [README].
Tuta partnership. Signals active development and ecosystem awareness — Tuta is a credible player in the privacy email space [website].
Compartmentalization. Multiple usernames per account, multiple custom domains, so your work identity and personal identity don’t share alias ownership [website].

Cons

AGPL-3.0, not MIT. If you build a commercial product using AnonAddy’s code, you must open-source your derivative work. Irrelevant for self-hosting your own instance, but it’s a harder license than alternatives [README].
Mail server complexity. Self-hosting requires running an actual mail server, not just a Docker container. Port 25 blocks, SPF/DKIM/DMARC setup, and deliverability tuning are real hurdles [README].
Active alias limits on free tier. The marketing says “unlimited aliases” but the free tier limits how many are simultaneously active. This is buried in the FAQ rather than prominently disclosed [4][website].
No end-to-end encryption for sending. GPG encryption covers incoming forwarded mail. Sending from an alias goes through standard SMTP — your forward path to the recipient is not E2EE unless they also have GPG set up [README].
Smaller community than SimpleLogin. SimpleLogin’s Proton backing means more community documentation, third-party guides, and integrations. AnonAddy at 4,510 stars is healthy but lower visibility [4].
No team features. AnonAddy is a single-user tool (with multiple usernames on one account). There’s no organizational account, no team access management. Fine for founders, not for multi-person ops teams.
Third-party reviews are sparse. Unlike Zapier alternatives or self-hosted databases, there aren’t many in-depth AnonAddy reviews. Most comparisons appear in SimpleLogin reviews as a brief table [2][4]. Directionally that means the community is smaller and fewer people document edge cases.

Who should use this / who shouldn’t

Use AnonAddy if:

You sign up for a lot of services and want each one to get a unique alias so you can trace which one sold your address.
You want to self-host and completely control your email aliasing infrastructure.
You want GPG encryption on forwarded mail, not just forwarding.
You need to reply from aliases anonymously — not just receive.
You’re using it for personal or internal business use and the AGPL license isn’t an issue.
You’re already comfortable managing a Linux VPS, or you’re willing to pay someone to set it up once.

Use addy.io’s managed cloud instead of self-hosting if:

You want all the features without setting up a mail server. The managed tier is $1–3/month — not worth the complexity of self-hosting for most founders.
You’re not a developer and don’t have one to help with deployment.

Use SimpleLogin instead if:

You’re already a Proton subscriber (ProtonMail, ProtonVPN, ProtonDrive) — SimpleLogin is likely included in your plan.
You prefer the Proton ecosystem’s long-term sustainability narrative over an independent project [2].

Skip both (use throwaway services) if:

You only need a fake inbox for a one-time signup. Mailinator or 10minutemail is faster and simpler [4].

Skip both (solve the root problem) if:

Your real spam problem is that you’ve already over-exposed your email. Alias services help going forward; they don’t clean up what’s already out there.

Alternatives worth considering

From the SaaSHub competitors list and the comparison data [4][2]:

SimpleLogin — the most direct alternative. Acquired by Proton, open-source, self-hostable. Better ecosystem documentation, easier Proton integration, free tier caps at 10 aliases. If you’re in the Proton ecosystem, start here [2][4].
Firefox Relay — Mozilla’s alias service. No self-hosting, no custom domains, no open source. Only advantage is tight Firefox browser integration [2][4].
Mailinator — public inboxes, no account required, not private. For throwaway testing only [4].
Guerrilla Mail — similar to Mailinator. No persistence, no reply capability [4].
10 Minute Mail — ephemeral by design. Not for persistent aliasing [4].
33Mail — older alias service, less feature-rich than AnonAddy or SimpleLogin.
Spamgourmet — limited-use aliases that expire after N emails. Interesting model but minimal active development [4].

For a founder choosing between self-hosting options: the realistic shortlist is AnonAddy vs SimpleLogin. AnonAddy if you want to be fully independent of any third party and are comfortable with mail server setup. SimpleLogin if you want an easier path and are okay with Proton as your trust anchor.

Bottom line

AnonAddy solves a real problem cleanly: it keeps your real email address off every signup form, newsletter, and checkout page, while giving you the ability to reply from aliases, encrypt incoming mail with your own GPG keys, and nuke any alias that starts getting spam. The managed addy.io service is genuinely cheap — $1–3/month is noise in any founder’s budget — which means self-hosting is a choice about trust and control rather than cost. The catch is that self-hosting involves a real mail server, not just a Docker container, and the setup complexity is proportional to how seriously you take email infrastructure. For non-technical founders, the addy.io managed tier is the practical answer. For developers who want to own the full stack, the Docker path works but budget more time than the README suggests for getting deliverability right. Either way, the habit of generating a unique alias per service — amazon@yourdomain.com, linkedin@yourdomain.com, newsletter@yourdomain.com — is one of the highest-leverage privacy habits a founder can build. AnonAddy is one of the better tools for making that habit sustainable.

Sources

ChatOdyssey — SimpleLogin Review: Is Proton’s Email Alias Service Right for You? — Contains AnonAddy vs SimpleLogin feature comparison table. https://www.chatodyssey.com/email-aliases/simplelogin-review
SaaSHub — AnonAddy Alternatives & Competitors — Competitors list, category comparisons, and product description. https://www.saashub.com/anonaddy-alternatives

Primary sources: