Originally Posted by ahmlco
Phil, it's not a true alias in the tradition sense of the word. You create the "alias" on the fly and you can have as many of them as you wish.
Google will ignore anything after the plus and before the at sign, so you can make up anything you want when you're entering an email on a site.
I do something similar. Of course, sophisticared spammers could remove the +keyword part from the firstname.lastname@example.org format address, but since few people do this, it works rather well.
Of course, one could start using encrypted front-parts for e-mail addresses, so only the mail server could then transform upon receipt something like email@example.com back into firstname.lastname@example.org
The beauty of the email@example.com system is, that it also allows for server side sorting of e-mail into corresponding IMAP folders, if the server is set up to do so.
The real problem is however, that too many sites use brain-dead input field verification and thus reject firstname.lastname@example.org as an invalid e-mail format. Worse, sometimes you sign up on a site with such an e-mail, and then they redo the site and you can't log in anymore because it's an "invalid" e-mail, often to the point where you can't even turn off receiving mail from them, because to do so you'd have to log in, which you can't do, because the system now rejects that e-mail address format.
Ideally, something like an integration with the keychain would allow the user to store a mail server's public key, which would then be used in conjunction with data detectors and autofill to encrypt the user+keyword part and generate the e-mail address to be filled into the form by the autofill. The mail server, knowing it's private key, would then decrypt the address upon receipt of the e-mail and deliver the message to the proper user, showing both original and decrypted receipient e-mails.
As an additional side effect: all the sites that use e-mail addresses as user names would become more secure, because without compromising the mail server's private and public keys it would be rather difficult to guess the identity of users from their log-in credentials alone.
For this to work well, however, one needs an integrated system like OS X + Server or OS X + iCloud offers. Because the mail server needs to be aware, the system and user need to be able to exchange/sety up encryption keys when e-mail accounts are set up or edited, and the web browser/autofill/keychain system need to be in on it, too, for it to be painless and automatic.