The FM Masked Email is insecure in that there is a circumstance under which it can leak your real email.

Do elaborate.

"WARNING: Fastmail Masked Email insecurity" https://www.emaildiscussions.com/showthread.php?t=81287

One concrete vulnerability is mentioned in a linked thread and described here https://news.ycombinator.com/item?id=37791500

I have created a ticket with the Fastmail support asking them more details about the vulnerability you mention in your thread, I’m curious to see their response.

There FM said:

> When forwarding an email as an attachment and later checking the headers of the attached email, I could not find the X-resolved-to header

this is odd, no? This header field should remain.

And regarding that FM Privacy First declaration, this is now 404.

Well they still claim it is impossible to connect different masked emails together. If you as a sender can reliably determine the target email address, then that claim is untrue as well.

Where are they still claiming that?