Most people use one or two email addresses for everything: banking, shopping, social media, work, government services, newsletter sign-ups, and every app that requires registration. It's convenient. It's also one of the more effective ways to make yourself easy to track, correlate, and spam.
This isn't just about protecting your inbox. Email is the recovery mechanism for most of your accounts. Whoever controls your email address controls every "forgot my password" link you've ever sent. It's worth taking seriously.
The data trail your email creates
When you use the same address everywhere, you give data brokers and ad platforms a consistent identifier to link your activity across unrelated services. Companies like Acxiom and LiveRamp specialize in exactly this — matching your email hash across datasets from retailers, loyalty programs, and online registrations to build a unified profile of you across contexts you assumed were separate. Your email address doesn't even need to be shared directly. It just needs to appear in enough datasets.
Email metadata compounds this. Every message you send includes headers containing your IP address, email client, server routing path, and timestamps. Your email provider sees all of it, regardless of what the message says. That metadata doesn't disappear when the message does.
What Gmail actually does with your email
Google stopped using email content for ad personalization in June 2017. This is frequently misrepresented — older guides claim Gmail is actively read to target ads, which was true until 2017 and isn't now. What's still accurate: Google processes your email for spam filtering, Smart Reply suggestions, and feature improvements. The company also knows who you correspond with, the frequency and timing of those communications, and everything it can infer from the subject lines and senders it sees in your inbox.
The bigger issue is profile breadth. Gmail is the hub of the Google identity graph. Your inbox connects to Drive, Calendar, Maps, Search, YouTube, and every Google service you use. The email itself isn't the only data point — it's the anchor for everything else. That's the actual concern with using Gmail for sensitive correspondence, not ad targeting specifically.
If you're looking to reduce that exposure, Proton Mail and Tuta offer end-to-end encrypted email with a different business model — no ads, no profile-building. Both have free tiers. Proton Mail's privacy-first architecture has been audited independently. Tuta is a strong alternative, particularly for EU users who want a Berlin-based provider.
Why encrypted email isn't a complete answer
Encrypted email services have a limitation that's easy to miss. Encryption only works when both sender and receiver use the same service. Send a Proton Mail message to a Gmail address, and that message travels unencrypted. The recipient's provider can read it. More importantly, the email header — sender, recipient, subject line, timestamp — is always transmitted in plain text regardless of what service you use. That's a requirement of the SMTP protocol that has existed since the 1980s and wasn't designed with privacy in mind.
For genuinely sensitive conversations, switch away from email entirely. Signal handles voice, messages, and file transfers with end-to-end encryption by default, and doesn't store message metadata. Encrypted email is better than unencrypted email — but it's not a replacement for a proper messaging app when the stakes are high. The comparison of encrypted messaging apps covers the full landscape if you want to assess the options.
The most practical fix: one email per service
The single highest-impact change most people can make is using a unique email address for every service they sign up with. Not a few aliases. One per service, consistently.
This does three things. It breaks the correlation between your accounts — a retailer can't link your shopping history to your newsletter subscriptions because they have different addresses. It identifies the source when your address starts appearing in spam: if [email protected] starts receiving phishing emails, you know Amazon was breached or sold the list. And it gives you a clean kill switch — disable that alias, create a new one, update the account. Five minutes.
The benefits of email aliases covers this in more depth. The practical implementation — browser extensions, mobile apps, catch-all setup — is in the SimpleLogin and Addy.io setup guide. Both services are open-source, have free tiers, and require no technical setup beyond creating an account and installing a browser extension.
How to structure multiple email addresses
Having multiple addresses only helps if you're deliberate about which one goes where. A workable structure:
Primary address — your real address at a provider you trust (Proton Mail, Tuta, or a custom domain). Used only for correspondence that actually matters: your bank, your GP, government services, anything where your identity is verified and the correspondence is sensitive. This address should never appear on a sign-up form.
Aliases — one per external service, created through SimpleLogin or Addy.io. Every retailer, newsletter, app, and online account gets its own alias. When one goes bad, you kill it. The others are unaffected.
Disposable address — a separate Gmail or similar account for Google services, YouTube, and anything where you need a Google-ecosystem login but don't want it connected to your real identity. Used with a VPN or browser isolation so session cookies don't leak across contexts.
The goal isn't to use a different address for everything from the start of your life online — you have existing accounts, and changing all of them at once isn't realistic. The goal is to stop the leak going forward. New sign-up: alias. Existing accounts you care about: change them to aliases when you have five minutes. Existing accounts you don't care about: let them age out.
Data brokers are a related but separate problem — they work from public records and purchase histories, not your inbox. If you want to address that angle, the data broker opt-out guide covers the manual process. Aliases and opt-outs address different parts of the exposure.
VPNs and email: what they actually do
A VPN prevents your email client's IP address from appearing in message headers sent to external recipients — your internet provider sees encrypted traffic, not the content of your email session. That's the relevant protection for email specifically. It doesn't encrypt the email itself, doesn't affect what your email provider can see, and doesn't prevent metadata collection at the server level.
The VPN landscape in 2026 has consolidated significantly. If you're using one, choose a provider with a verified no-logs policy rather than one that just claims it. For email specifically, a VPN is a supporting measure — useful, not transformative. The structural fixes (alias services, provider choice, compartmentalization) matter more.
Where to start
The order that makes the most impact per unit of effort:
Install the SimpleLogin or Addy.io browser extension today and use it for every new sign-up from this point forward. That's the highest-leverage change with the lowest setup cost. Everything else — switching your primary email provider, rebuilding your alias structure for existing accounts, setting up a disposable Google account for services that require one — can happen incrementally. The habit of generating a new alias for every registration takes about two weeks to become automatic. After that, giving a site your real address starts to feel like leaving a door unlocked.
