- Google has on multiple occasions terminated accounts for no reason with no recourse. You loose access you can't do anything. If you have your own domain you can at least set it up somewhere else. How many website would you need to update with your new email and how would you get thay extra factor mail?
- If I die I don't care if someone else reads my mail, I'm dead. Also you can add a dead man's switch and you should provide your family with access to your passwords etc. in case something does happen.
- if you are worried about expiration, didn't one registrar just offer 100 year registration? Also the process is usually (for. com at least): domain expires, registrar removes DNS until you pay, usually 30 days, then the domain goes to retention where you can pay the +250 fee to get it back which I believe is another 60 days or something that you have to pay and get it back. I have had customers that I would remind over and over only to have them fall into retention and then complain about the fee but they got their domain back.
As evidenced here the impact of account terminations can have a profound impact on a persons life. Email providers like Google should be treated as utilities and regulated as such, they should be legally obligated to communicate with their users, ideally working towards a resolution. Until then you really should be treating said accounts in the same way you would a hotel rental phone.
In my opinion, for the US, the postal service should offer free email addresses to every US resident. The Postal Service is highly regulated, and you won't lose your email over a comment on Youtube.
A great idea in theory, but a large number of Americans wouldn’t trust the government with this (never mind they can do this with paper mail—this is a different scale). I don’t know why we trust corporations any more than that. Convenient UX, I guess.
That is why I suggested the post office. It is highly regulated but separate enough from "the government" (at least in the US).
I expect that many people would still use 3rd party providers for personal email and less important things. But it is certainly nice to be able to have bank statements, tax documents, or any business with government services conducted through a verified email.
Also, the post office would have lots of incentive to implement encryption (s/mime or pgp) as they aren't interested in analyzing messages. They would want to make sure that government services can send secure communication to you.
I disagree with this particular point. The US Postal Service has searched, read, and censored mail during wartime, and it's naive to assume that any provisioning of email service wouldn't have the ability embedded in it at behest of whatever legislation authorizes to the USPS to do so.
Also, given the current political climate, I would be very concerned that the Comstock Laws are coming back. Can you imagine your email provider blocking or maybe even criminally prosecuting people who send you information about contraception, safe sex, abortion, or legal sex work?
I'm not suggesting that anybody would be required to use their government provided email for everything. I am just suggesting that it should be available to every citizen as a right, since a reliable email address is so important to every day life now.
I wouldn't be sending anything through my government email that I would sent through the post mail. I would be cautious about sending anything through email, as it probably ends up in gmail unencrypted as it is, and is transmitted in the open through multiple relays.
But, we also know that Google, Yahoo, and other _do_ scan all your email. I'm not sure why you feel any safer with a huge corporation that has no oversight.
> I'm not sure why you feel any safer with a huge corporation that has no oversight.
A huge corporation with no oversight can, at worst, terminate my account unilaterally. Maybe they want to sue me, but that will go to a neutral arbiter (the courts).
A government run email platform can, at worst, arrest me or send a SWAT team to my house.
Not to mention that account termination is only one way email providers can screw you over. They can bait and switch, take your emails hostage, and start charging premium. They can put ads that look like legitimate emails. They can cut costs, and open your emails up to hackers. They can peek, censor, or tamper with your private emails. They can even impersonate you.
Some people might laugh that away as ridiculous. But who can predict what'll happen in the next few decades? I find it highly unlikely that any single email provider will continue to keep the current level of service for the rest of my lifetime. Enshittification is real.
Your email address is inextricably tied to your online identity. If you don't own your email address, you're handing over control of your digital life to the whims of a company. Because what can you do when your email provider goes rogue? Shed your entire digital identity?
Sure, using your own domain can open you up to mistakes. But at least, you're the one in charge. By borrowing an email address from a company, you lose control. And for what exactly? It's not going to protect you against the loss of access to your emails, contrary to what the article implies. Worse yet, there are no preventative measures you can take unlike with domain expiration.
With all due respect, the article gives the worst advice ever. There's nothing worse than irrevocably handing over the keys to your digital life to an advertising company, whose business model is fundamentally at odds with your best interests.
> Sure, using your own domain can open you up to mistakes. But at least, you're the one in charge.
...Of the management of the domain and the email itself.
But if Google, Microsoft, or one of the other major email providers decides that you, someone else in your subnet, or even your ISP or VPS provider, is not following the rules they've decided are important, they can just...put you in a black hole. And you have no recourse. And your emails will simply never get to people using one of those providers, and you may not even know that it's happening without a user report.
(Note that this is not me saying "And thus you should just give up and use Gmail." I still run my own email server, and I've managed to get it set up in such a way that it's mostly accepted by the megacorps, but it took months to figure out why it was even being blocked, and then I had to switch to a completely different VPS provider to get around the block. If there's a message here, it's "...and therefore we should break up the big providers under antitrust law, because no one should be allowed to be that big.")
I'm not saying that you should host your own email though. Or that you shouldn't, for that matter. All I'm saying is that people should keep the option of switching email providers when things go wrong. Using your own domain is a requirement for that.
The constant parade on HN of Google Cloud Platform paid users who got their accounts shut down for no reason and with no recourse would suggest otherwise.
Would you be open to the nationalization of email services? Curious if your very HN-friendly sentiment also implies agreement with this very HN-unfriendly extension.
There's little need to nationalize, since emails don't have a last-mile or natural monopoly issue.
I think, however, that modern countries should provide all citizens with an official, public, mail address. Restrict them to only send/receive emails to/from a whitelist of publicly registered service providers with very strict personal data governance requirements (government, banks, utilities, medical services, higher education).
You can let private companies continue to offer email addresses for everything else, anonymously and under whatever terms. (Much like how you can still buy a mailbox if you want, but you're always guaranteed to receive the mail at your address.) Just ensure that people aren't cut off from essential services.
Good idea which will work for most people, however it'll be an issue for dissidents or people moving countries. Those can use some other provider, while everyone else (99%?) can be covered by this solution.
I guess there should be a provision against gov services making it mandatory for people to use the gov provided email.
A government that would punish dissidents by locking them out of bank accounts etc. can already do so by extrajudicially freezing their bank accounts in the first place (looking at you, Canada).
In my view those email address should be strictly national and reserved for national-level services, so whenever you move to another country you should get a new email address at the same time as you get a tax ID number.
> The addresses that appear as firstname.lastname@eesti.ee (for example, mariann.mustikamets@eesti.ee) or companyname@eesti.ee (worldsbestransport@eesti.ee) can be used for private correspondence, while it is not part of the public mailbox service. Emails sent to these addresses are not saved in the person's public mailbox but are forwarded to the personal email address they've specified in the Eesti.ee portal (Gmail, Hotmail etc. accounts).
And:
> The decision does not concern people's official personalcode@eesti.ee addresses that can only be used by state agencies.
The latter, which was not discontinued, seems to be closer to what your parent comment was suggesting.
...Why default to restricting to a whitelist? If the government is giving you an email address, you should be able to use that as your only email address, that you use for talking with friends and family, etc.
If someone's abusing the privilege, then there can be restrictions added.
Inbox restrictions: because otherwise every single service ever will start accepting only official government emails to sign up, killing anonymity on the internet (and clogging your official mailbox with not-quite-spam).
Outbox restrictions: because otherwise every citizen who gets a bit of malware on one of their devices will start sending spam and get (temporarily) restricted, and the whole point is to have a reliable address that you know the citizen cannot lose access to. Also because it would be real weird if you could send messages to addresses that cannot reply to you because of the inbox whitelist.
Given:
1) How critical email is; and
2) Existing mandate of government postal services to guarantee delivery of physical mail to all citizens; that
Government postal services should run a national email service free to all citizens.
In the USA, email would be minimally covered by the same protective laws as physical mail (I don't know if the same protections are available in other countries).
IMAP and POP or a more appropriate mailbox protocol should be supported to allow retrieval of email, and online email size would be relatively small (say 100MB) but you could pay for larger storage like you would a post office box.
I don't trust governments to handle our emails, precisely because it's critical. So critical in fact that government agencies were secretly hoarding them en masse in violation of the law.
Digital technology has given those in power a level of insight and control over people's lives that was previously unheard of in human history. That kind of capability is too tempting and dangerous.
We desperately need a way to separate key digital infrastructure away from corporate or government interests. Putting email in the hands of the government would further diminish what little digital rights we have left.
100MB for storage or per email? For storage, that is way too small. You can easily hit that limit in a few months of light usage. All my utilities send me PDFs each month, and that adds up quickly.
Last year, while doing renovations, the contractor and I were sending PDF drawings back and forth. I would have gone over the limit on a single day.
We need something that lasts a lifetime with full archival and backup.
With respect, I think it's cost prohibitive for the government to provide a free and unlimited service.
Your physical mailbox -- from which you get your paper spam -- has a fixed size, and every day (maybe once a week) you have to empty the box.
If we extend that into the digital realm, it makes sense for the post office to provide a similarly limited post box in the free tier, from which you can use POP to download your messages to your private mailbox for permanent storage.
For truly poor people who can't afford a personal server, they can use a web interface to access email, but they should delete emails (throw out the spam) to keep space in their mailbox.
If you want more storage, you pay for more storage. Right now storage on gmail feels free because Google are scanning your mailbox and building your advertising profile. The government has no ability to get advertising revenue, so you'd pay for it instead.
Finally, there is no requirement for citizens to use the government provided mailbox. Set up a mail forward to your favorite provider and you're done.
Sure, but 100M is prohibitively low. No one will actually use this if it is capped at that.
I do volunteer technical work with some of our homeless shelters. Having access to email is critical. Without it, they have no access to a whole host of government services they need. They don't have their own computer, so they are relying on email as their document storage.
Gmail and other 3rd party email providers constantly cause issues for them. Their login is often tied to a cell phone which gets broken, stolen, and replaced often. Or they cycle through numbers since their service is constantly interrupted due to payment issues. They rarely have any way to gain access back to their email, and their access to many important services is lost.
At least with the post office, there is a physical place you can go to, and have multiple ways to prove your identity and continue to get access to your email, which like I said, is a requirement and lifeline for this population.
What nationalization has to do with what he said? They need to be regulated. It is outrageous that they can say "you violated our policies" and do not explain which policy and how.
The day I worried "What if Google just shuts down my email account with no recourse?" is the day I started migrating my authentication to my own domain email address. Choosing a registrar with proper security in place, this is probably the safest while you are alive.
I’ve read so many accounts of users and whole companies being permanently shut out of their Google accounts that I couldn’t justify the risk any longer. Google genuinely does not care. The number of critical services which rely on our email address is really difficult to grasp until one goes through the exercise of converting to their own domain. Banks. Trading platforms. Phones and computers. Windows. Game consoles. Steam. Google (Maps, YouTube). Cloud storage. Social media. Business applications. Communications like WhatsApp and Teams. Thousands more forums and services you’ve signed up with over the decades. As more services utilise 2FA, all of those are at risk without access to the email account. Even if you can log in, good luck changing settings, passwords, or the email address.
Everyone should buy and use their own domain. Losing access to Gmail is catastrophic. We’re talking hundreds of hours of effort and permanently lost access to irretrievable data, services, contacts, correspondence, one’s digital identity, and even money.
For corporate use, only choose an email provider that has real people at a manned help desk. Google's abysmally opaque support is much too risky for serious business operations.
It is a right blighter if you lose your personal YouTube account with all its carefully curated meme playlists, but at least you aren't missing out on vital business communications.
I used to use YouTube Red and had a playlist of BGM that i would work to on YouTube. Then one day about 20% of the video’s disappeared due to DMCA takedowns. That was the day canceled my subscription and switched to getting everything I care about with yt-dlp.
Even if there is no option for 100 year registration, 10 years is pretty common[0]. Google deactivates an account and deletes all data after 2 years of inactivity[1]. So even if someone stops using the domain, all data would be deleted after 2 years, emails sent to it would bounce for ~8 years, and only then could someone take ownership of the domain. Even if you're using another paid service, your payments would fail, and your account would also be deleted before your domain expires.
About not being worried, that someone could read your mail in the case you're dead:
Always bear in mind you're not writing mails to yourself. The other party writing mails with you, might not be that happy with third parties reading their mails. Privacy is not only about you
> Always bear in mind you're not writing mails to yourself. The other party writing mails with you, might not be that happy with third parties reading their mails. Privacy is not only about you
People mailing me after I'm dead because they don't know I'm dead, probably aren't very close to me. If a marketer decides to send me deep felt confessions he needs to get off his chest, meh.
Worth considering that they can use access to your email to get into other accounts. Someone getting into my Google photos account would definitely affect the privacy of others for instance.
Though I think the way to defend against this is dead man switches for services with sensitive data, not using gmail
I'm still sad because PGP/GPG couldn't make the UX work for signing and encrypting emails 20 years ago. It's still a huge pain to do, even if you're a hobbyist like me.
Encryption/decryption should've been a standard thing everyone does transparently when sending emails with one recipient. Multi-recipient mails should always be signed, automatically.
IMO, GPG for email was mostly a mistake, because email can't be secured enough.
GPG leaves all the headers exposed, and reveals who's talking to whom. That, right there, is a huge security problem. Turns out metadata is often plenty. And it can't even encrypt the subject, which is a footgun of enormous proportions.
Picture a high stakes situation like say, a resistance member in the Russian occupied parts of Ukraine. Yeah, the Russians can't see what you're emailing about, but they can see that 3 people of a given village are sending encrypted messages to each other, and then there's some outside contacts. Gee, what might they be talking about? What conclusions should we make if somebody else also sends mail to this outside contact.
Yeah, the encryption might be strong, but it won't do much to protect those people against the $5 wrench.
GPG for email only works in extremely narrow scenarios, and that makes it a bad tool.
All leak something, but there are differences in what and how much.
> If two people are communicating, the message always needs to know where it's going and in most cases where it's coming from.
Yes, but in this case it'd be actually better to use something like Signal. You want something that's plausibly used often, is always encrypted, and is used for random chit-chat all the time, so that it's hard to tell if anything odd is going on from the outside.
GPG just screams "an important conversation is happening"
> Not encrypting the email subject is an implementation detail really.
And it's still unfixed, despite being a serious problem (it's easy to slip up and put something interesting in the subject).
> GPG just screams "an important conversation is happening"
is just another argument in favour of all email being encrypted.
And yes, there's side-channel/metadata still in the clear, and that's a problem, but still a smaller problem. The only crowd I know working on solutions to minimise/eliminate that problem is the Cwtch project (not product!)
> is just another argument in favour of all email being encrypted.
And that makes GPG unsuitable, because it's such a pain in multiple ways.
> And yes, there's side-channel/metadata still in the clear, and that's a problem, but still a smaller problem.
Absolutely not a "smaller problem". Using GPG in an actually serious scenario like in occupied parts of Ukraine is quite likely to get you imprisoned, tortured, killed or all 3.
GPG mail is only suitable for "polite society" -- situations where your only problem is to securely email documents and account numbers to your accountant, and nothing else.
And that's actually a very narrow application. It's trivial to run into situations where that becomes extremely inadequate.
True, but that's incredibly user unfriendly. The average person isn't good at doing that level of risk evaluation. What's important and what not isn't intuitive.
And we have a much friendlier than GPG system for that: putting that on a website protected by HTTPS.
But that puts all the data on a 3rd party site where I _might_ be able to make a copy of it for myself. It is annoying to get an email from my bank about an "important message", and instead of just sending me the message, I now have to go to the bank's app to read it. Oh, and it disappears after 30 days, so I have no way to archive it or look back on important messages from a year ago.
A government system could easily implement s/mime transparently for all emails sent within that system (meaning any other government agency or registered providers).
IMO the privacy we might discuss in terms of government or community intrusion is different from the privacy you expect from friends with regards to discretion. If I send you an unprofessional email, it ought be your prerogative to make a judgment call for disclosure.
You can always have your password in a password manager with emergency access, if you (not you god forbidden) die, someone close can access all these domains/emails.
The problem is that someone has to squat your domain for you for as long as want to prevent an adversary from registering your domain and intercepting any emails still being delivered to it.
I didn't recommend an email host on purpose because that's not the point I was trying to make. I recommend iCloud since it's the cheapest paid email provider you can get if you have or had any Apple device. Fastmail is a close second.
Unfortunately if you stop paying for fastmail or your Google account becomes inactive, they terminate your account and the email address becomes available for a new user.
I think the concern that your email address is subject to takeover is valid, but unfortunately relying on generic domains isn't the solution.
Citing from Google‘s recent email on account inactivity: ”After a Google Account is deleted, the Gmail address for the deleted account cannot be used again when creating a new Google Account“
For Fastmail, I could not quickly find their policy.
However, I do occasionally receive some emails on my fastmail user address which are not my own, which may indicate that Fastmail user addresses become available after unsubscribing.
The emails are from Steam, with 2FA login codes; I assume they only send those with prior email verification. With only the email address it is apparently not possible to contact Steam and tell them this is not my account (you need to login to contact support, or know a username). The danger here is that many websites (not just Steam) assume an email address is "forever", and the same address can not be used by anybody else.
Fastmail allows to reuse the email when an account is closed. Just before looking this up I tended to be very strongly pro fastmail. Have been using them for years as well. Now I'm not so sure anymore. Because reusing email addresses is quite sketchy :/
> Once an account has been deleted, the username and any addresses on the account can be re-used.
I regularly receive emails sent to a person that enjoys using my email to subscribe to spam. I've also received stuff from another that used it for school and even their bank account.
And if you think verification does it, someone used their phone number and my email to register to Uber. I'd receive all their invoices and stuff. I couldn't log in because that needed phone verification. And it took quite a few rounds of Uber tech support to get them to remove my email.
I agree. iCloud isn’t great but it does the basics fine. It’s a big step down from Google but WELL worth the peace of mind. A few nice privacy features like Hide my Email and Privacy Relay (kind of like a VPN). Plus if you’re using Apple devices it integrates very nicely and makes full device backups quite seamless.
The thing is, my domain registrar can be contacted by phone. They have a support desk. Google will give you the cold shoulder when you are flagged by their AI system unless you can create an outcry on social media.
Your account being terminated with a registrar usually doesn't mean that you lose the domain. You have to find a new provider, and there might be some interruption of service while you do, but then your addresses will resume working.
If your Google account is closed, your Gmail address is lost to you forever.
A registrar terminating an account is very rare. If you stay away from dubious domain names (like disneyfanshop.com) and stay away from tld's from dubious countries, you're pretty safe.
My mother in law’s bank account was drained within a week of her passing.
Evidently someone at the hospital had to have been involved, although we never learned the vector.
It’s really not a stretch to imagine a sophisticated attacker who specializes in identity theft paying off hospital staff for access to dead patient’s info, even phones. It’s the last thing on the families minds.
We already know that insiders at cell providers are working with SIM swappers to compromise SMS verification. Why is it unlikely for hospital staff to do the same?
That's a very specific and small target to aim. Your victim not only has to use an email with their own domain, but they also need to have their domain expire at about the same time as they die. Wait too long and the family already had access to the bank through traditional means.
I tried to log into the “Ethereum” Minecraft account after many years of hiatus and discovered that I didn’t remember the password, and the associated gmail had somehow been deleted. I now use my own domain name for email.
It was Wordpress that offered the 100 year thing, but I think that was more publicity stunt than practical service - it was cheaper than their offerings for companies, so clearly aimed at individuals, but few people would care about their "personal brand" blog for so long after their death, and those that would probably have an estate big enough that they have a company running it while they're alive.
But in any case, AFAIK the maximum registration period for ICANN domains is 10-years into the future.
I keep my personal domain re-registered at least 5 years into the future, specifically so that if I was incapacitated for a year, or randomly decided to go travelling for half a year, or whatever, I won't miss the expiry date. I've had this domain for over 20 years already, so I don't mind 5 years extra, because I know I'm keeping it. Basically, everything the article said.
The domains for my company are all registered for 3 years up-front, and I try to renew them annually to keep at least 2 years before expiry, but I also know that if I died, someone else would either take over or wind up the company, and in either case they can deal with the domains as part of that, and if they have a long grace period, that's fine.
And in terms of the privacy concerns of the article, I have several separate domains that I use when dealing with companies. For a long time, I used addresses based on my main domain name with the company name before the @, but I'd already blocked a load of addresses where the company sold their client list (even some quite random companies like recruitment agencies seem to get tempted by this) and decided to just move to a couple of domains solely for this purpose. They have no obvious relationship to my name, so they're perfect if the e-mail address was later sold on.
To be honest, the biggest issue with dying isn't the registration of my domain names, it's that nobody else would even know HOW to get my e-mail from my private server. Currently, that's less of a problem than it might be as I use gmail as a client, so it fetches using POP from the various accounts on my servers, but if I died and nobody could access my gmail, it'd be a bit harder.
That said, in the UK after you die, the executor of your will has legal authority to contact any company you had dealings with before and take over your account or affairs. So honestly, as long as I document my bank account numbers, and make my property deeds and will easily discoverable, I'm not really too bothered about anything else.
This is something I've struggled to find a solution for. Do you have any suggestions? The best I've come up with is a safe with enough information to provide access to my password manager, but obviously this makes me pretty uncomfortable. I could hand it over to a lawyer as part of my will, maybe?
That coves these kinds of cases reasonably imo: you can invite somebody, and then that person can later request access when that's necessary. That sends you a notification, and they're granted access if you don't object within a preconfigured time window.
Obviously there's some trust required and/or a sufficiently long window, but it's one of the better solutions I've seen.
DO use a your own domain. Advantages far outweigh the disadvantages.
Instead of being at the mercy of whatever email provider you choose, you're free to move your domain where ever you want, without updating "a million" senders.
DO NOT host your own email server though. A couple of decades ago it made perfect sense to do so, but these days it's simply not worth the trouble.
Instead use Google/Outlook/Apple/Whatever to host your custom domain and use their offerings with your custom domain.
My personal domain is hosted by mxroute.com, which has served me well for a lot of years by now. Unlimited email accounts and the only restriction is storage, which i can upgrade. Very little downtime (none i've noticed).
All that's left is to make a backup with regular intervals, which i to do a small local machine using imapsync, which then in turn makes backups of the emails (and regular data) to a local drive and a cloud backup.
Yes, I agree with this, and it is my pattern too. One can replace MXRoute with other providers you are comfortable with. Google is still an acceptable candidate for your custom domain email. I do have Migadu[1] as a throw-everything-in for all new and other domains that are not that important. The idea is, “Can I walk out of this provider and move to another in minutes?” I have experimented and walked in and out of Gmail, Migadu a few times to see how it goes.
For backup, I have tried quite a few, and the simplest I found (for now) is just to run Thunderbird (daily, weekly) and set it to download a local copy via POP. MBOX is an open and acceptable format by most other clients (if you need to change clients).
I will continue to clean up and streamline the processes, but the general idea is to have a backup (preferably local) somewhere, while the primary email can be accessed from your choice of client or the web.
> just to run Thunderbird (daily, weekly) and set it to download a local copy via POP
I considered this option, but instead just setup a local imapserver (Dovecot), i then simply do a one way imapsync, including deletions, from my provider to my local imap server, into each users Maildir.
The reason for imap over Thunderbird is that the machine backs up email for everybody in the household, and with imap and dovecot, i can keep each users email in their homedirectory, and simply run my normal backup to include mail data.
When i eventually migrate to another email provider, the option for automated scripted backups will be a factor.
I also considered simply using Office365 along with a Synology and their HyperBackup package for imap, but what i have now provides the same benefits, with less hardware costs.
I've read that advice, about not hosting your own email server, every week for a few years now, but at least for anyone with a few years of self-hosting experience I would disagree.
There is just a little more checkpoints than 15 years ago. Before, you needed to check your reputation on spamfilters, be careful of viruses and sending rates and dome basic DNS entries.
Nowadays, check that your IPs are clean, subscribe to some monitoring for ip/domain reputation, host your own dns server and correctly use IPv6, DNSSec, Rspamd, Dkim, Dmarc, Spf, autoconfig/autodiscover.
But when it's in place there is nothing special to update or debug.
I would suggest to check ISPconfig as a semi-DIY solution.
I'm not saying it's hard if you know what you're doing, but "correctly use IPv6, DNSSec, Rspamd, Dkim, Dmarc, Spf, autoconfig/autodiscover" is a lot of technology for simply sending and receiving email.
Considering that emails are insecure by design, and any email will have at least 2 participants, and you have no control over where the remote participant sends/receives emails, self hosting for privacy concerns is also pretty much pointless, except of course if you encrypt emails, but then the server doesn't matter anymore, and you might as well just use a public provider.
My argument is that by using a custom domain with a public provider, you will get almost all the benefits of self hosting emails, but none of the disadvantages. You're still in control of your domain, and even if your provider shuts down, you're just a couple of MX records away from your new provider.
You're right about the difficulty and the privacy, but I hope that people will still host their own little part of internet.
The fundamental parts that you can host universally today are still a website and a mail server.
Everyhing else like fileservers, webapps, federated services, streaming, vpns, game servers... have multiple implementations and evolve rapidly every year.
If people no longer host the most fundamental services, it's leaving the play field to the industry. And one day we won't even be able to do it anymore.
>If people no longer host the most fundamental services, it's leaving the play field to the industry.
While i tend to agree, i also fear that this exact phrase is what is keeping email in the dark.
Email in it's current form is old, very old, and everything "modern" about is DKIM, SPF, etc, has been added in the form of X- headers, but besides that, nothing much has changed, and because it needs to be compatible with potentially decades old software, nothing much will change.
At the same time, email has been crucial to business/industry needs, and while alternatives exist, they kinda feel like the "instant messenger" days of the early 2000s, where there were a dozen or more different instant messaging networks, and you needed an account everywhere to be able to talk to people.
Just look back at 2020 and COVID. How many different "Collaboration" platforms did you sign up for just to be able to work ? Teams ? Zoom ? Slack ? Discord ? How many of them are open standards ?
How many different mail providers did you sign up with ? (making spam catching accounts for collaboration platforms doesn't count).
Email is in dire need of a complete rework, but with so many different implementations of both servers and clients, that is not likely to happen fast. By "reducing" the number of participants, it allows changes to the standard to be more radical, and allows for faster propagation of those changes.
As it is now, those changes can only be small, and must be iteratively rolled out. Many of the proposed addons like DKIM has almost a decade behind it (if not more), and it is still not mandatory. Email needs an "email 2.0" which breaks compatibility with older versions.
Is this not an issue for the web then ?
Well, despite having a relatively small amount of browser implementations, as well as a relatively small amount of web server implementations, at least compared to email, if you look at HTTP 2.0, that also took a long time to roll out, but i assume because HTTP has had a couple of decades less than email, the problem is not as widespread yet.
Most deliverable domain names aren't DNSSEC-signed. Does anyone here have good information about the impact of signing on deliverability? It wouldn't surprise me if it was used as a signal somewhere, since DNSSEC adoption is so small and signing selects for the fussiest networks.
> use /Outlook/ to host your custom domain and use their offerings with your custom domain
Well, unless you’re willing to pay for a business Office 365 license, it won’t happen on Outlook anymore. Outlook only supported Godaddy, of all registrars, anyway, but now next in November they will remove custom domain support altogether.
I’ve now migrated to iCloud, which supports any registrar (certainly not what I expected from Apple), and supports some registrars like Cloudflare automatically.
I've been thinking about moving our mails there. Not because i'm unhappy with mxroute, but because it's "one more service", and everybody in the household already uses iCloud.
I'm not too worried about "vendor lock-in" as i have the "exit strategy" already in the form of backups and custom mail domain, so it simply comes down to ease of use.
Well I only had it so I could have the family's devices backupped (excluding Photos because those I backup on OneDrive). But it turned out e-mail, including wildcard-catch-all, is included in iCloud+.
It works well, and I use it through the IMAP protocol.
iCloud limits the number of aliases you can use and it's impossible to reply from those "catch-all" email addresses you create. So iCloud falls short of that.
Also not only there's a payment thing that needs to keep going on (which is with any provider really) but you also have to essentially be on Apple ecosystem. But this can also be excused - at least there is no real lock in here.
But lack of ability to reply from custom catch-call addresses is the real bummer.
> One of my concerns is that, if I were unable to renew my domain (e.g., in case of death), someone else could register it and start receiving my emails. This is a serious issue because your email account is as good as a password due to most websites using it as a way to reset your password.
Gmail won't help you here, since they will deactivate your account after two years of inactivity (See https://support.google.com/accounts/answer/12418290 "When your Google Account has not been used within a 2-year period, your Google Account, that is then deemed inactive, and all of its content and data may be deleted")
But with custom emails, one can do what I do. I have a registrar which allow for a pre-paid balance. I prepaid €500, this will allow automatic renewals a few years after my death.
I’d say there are many better reasons to use your domain than not using one. But then, that would be just for a few and may not cater to everyone.
For one, I always have a heightened sense of admiration for someone whose email comes from their personal or family domain, “Ah! A man/woman of culture.”
Many have already suggested good ideas about death in the comments; here is what I believe. If you are a commoner like most of us, others won’t care enough to wait for your domain to expire and start reading your email. On the other hand, if you become significant enough that people and organizations are waiting to read your emails after capturing your domain after you die (and then lose your domain after years of inactivity), you would have already taken care of that in many possible ways - technically, legally, etc.
I had used my domain (a personal .com) since 2001 and switched to a family domain (another .com) around 2005-2006. A few others use it as a family domain name, and it is expected to increase once the extended family realizes that we own a cool-family-domain-name. I’m hoping that it will likely live on after I die. Unless I die suddenly and live long enough to realize that my family’s younger generation believes in “not worth sending emails from our domain and use a generic one," I will start thinking of an alternative plan.
The argument is mainly that "when you're dead you won't be able to renew the domain and someone can then take over your accounts".
That argument can be turned around and argue the opposite, I feel very good knowing that while I'm alive I'm in control of ensuring my domain remains under my control.
If I feel like I'm about to expire, I guess I'll probably renew for 10 years or something. Actually, that's a good idea, I'm gonna do that now, and just keep adding a year every year anyway, that way if I can't renew anymore, it's always at minimum mine for the coming 10 years.
It might be a good idea to keep it at least one year under the limit that registrars set. If you ever want to move to a different registrar, you usually have to add (and pay for) an additional year, and you can't do that if you're at the max (often 10). I recommend 9 years.
Aside from the fact that the author of the blog doesn't really provide any "reasons" in their blog ...
There are ZERO reasons not to use your own domain name for email.
The biggest reason TO use your own domain name is that you are not subject to the corporate whims of your ISP, cloud-email provider or whatever. You get to choose, and you get to choose when to switch.
The only thing you should NOT do is attempt to host your own email server on a home internet connection. Not only do most home ISPs (quite rightly, IMHO) block port 25, but also most home ISP IP ranges are on blocklists.
To make it clear: Nothing wrong with running your on mailserver. Just don't do it on a home internet connection and then bitch and moan about how its not working !
I worried about this before setting up email on my domain, but in the end, it hasn't been a problem yet. And if it ever is, I can just use my gmail account for that thing only. I've already got it forwarding to my new email anyhow, so it doesn't make much difference in the long run.
I've been slowly converting accounts over to the new email for about a year now I think.
You can still send through commercial services. My own email is received through Cloudflare (which does forwarding with SRS) and sent via Amazon SES (a paid service, but pennies per month for manual, personal email).
Maybe I'm mistaken, but I've read that some blacklists operate on the guilty until proven innocent basis and owner needs to prove that he is legit first, to each blocklist separately. Is it true?
I also regularly see comments like "just configure DMARK, and BLA and BLABLA and another ten items, and maintain them up to date forever, and you will be fine". Would I need to learn and do all this if want to use custom domain with some provider like Protonmail or Fastmail?
Services like Fastmail provide clear step-by-step instructions on what you need to configure. Typically you need to add some DNS records (MX, SPF, DMARC, DKIM), and that's it. It sounds way worse than it is and it takes 10 minutes tops if you've never done it before, less if you know what you're doing.
Getting out of blacklists is you email provider's problem, not yours. I've never heard of any domain owner who is not hosting their own server run into this. I can see it happening if you use the same domain for your servers, one of them gets compromised and starts sending lots of spam. So you should probably avoid using your personal domains for your servers, and definitely skip crappy TLDs like .xyz, and you'll be fine:
> Maybe I'm mistaken, but I've read that some blacklists operate on the guilty until proven innocent basis and owner needs to prove that he is legit first, to each blocklist separately.
No, I don't know of any public blocklists that operate that way.
The big providers (msft & goog) have reputation mechanisms though, which can be volatile for a new domain. Getting that reputation to a hard blacklist requires that you genuinely spam, but some early mails may end up in junk folders anyway.
> Would I need to learn and do all this if want to use custom domain with some provider like Protonmail or Fastmail?
No. Your provider will give you instructions on how to set up your DNS records. The last relevant standard is from 2015, it's somewhat unlikely that you'll have to update these things often. Your provider should tell you if anything needs updating.
Hosting your own email system in its entirety out of your domain, i.e. becoming a mail host, does run into this, yes. Primarily around sending issues to other major hosts - you can do it and email yourself / within your domain just fine, but Gmail will probably block your messages.
Using your domain with an established provider has absolutely zero of those issues. That's super simple and works everywhere immediately.
Fastmail supports "masked email", a feature for generating random email addresses. This has 1Password integration and can be set-up on your own domain:
Even before this, Fastmail supported subdomain aliasing. Which you could have on any email host that has customizable forwarding. Including Google Suite (although with GS sending emails from such "aliases" will fail DKIM, not ideal):
The effect is that you're not going to reuse the same email address. Granted, this may not help with anonymity when the address is reviewed by a human. But anonymity is getting harder anyway, e.g., Gmail requires activation via a phone call, so you have to trust Google to not share your profile.
Once upon a time, Twitter was not releasing back unused usernames. But now they've announced that they are. Also, Yahoo. Gmail is well behaved, but it's incredibly frustrating to create a new Gmail username. Sooner or later Google will at least think about reusing usernames, and you won't have any control over it.
On domains, I register my personal domain names for 10 years in advance. If I'd die now, my family would have about 9 years to take control, if it helps them in any way; and if not, then why would I care?
Let's say that I'm setting up a subdomain, like masked.mydomain.com, and then set a wildcard forwarding rule such that I get all email for *@masked.mydomain.com. Let's say that I subscribe to some service with a username like: blue.velvet9573@masked.mydomain.com
Receiving email on that subdomain is perfectly OK, the problem happens when you want to reply / send with such email addresses in “From”.
For it to work, “blue.velvet9573” should be an alias defined in the Google Workplace admin. Otherwise, even though Gmail is perfectly happy to accept any aliases, the issue is that emails won't get DKIM-signed unless that alias is an alias defined in Google Workplace. And you can only have 30 aliases per user.
I've gone back and forth on this. It's frustrating there is no way to provide yourself a fully "grounded" digital footprint in the same way your financial footprint is grounded to the US legal system. AKA in a financial/legal sense if I am the victim of massive identity theft or fraud, locked out of all of my assets, I can physically go into a bank or police station and find a "throat to choke" to start making things right. But if you are completely 100% pwned online you are basically at the mercy of customer support! And email is the critical link in the identity chain. So you want to choose an email provider or domain host that has a findable throat to choke.
For me I've tried to move most of my most critical accounts to a fastmail email address. Are they perfect? Of course not. But I pay them, so I know they won't capriciously ban my account without warning or recourse. I know if I file a support ticket someone will see it and get me on the right track.
Moving to my own domain is tempting but as far as I can tell just adds another layer of trouble to this. Am I confident namecheap support will come through in a Very Bad Scenario? Kind of? Not really?
How is this any different with all other things? Like real address- someone will receive your mails. Your phone number - someone will get your calls and SMS'es, viber messages (doesn't require email login), etc.
Reasons stated taken, now reasons to have a personal domain:
- not being bound to a specific third party :: even if you do not host your mails with your domain you can transfer it to another vendor, without changing addresses, aliases etc so transparently for your correspondent;
- mails and website, a single domain :: easy to reach you since typically mails are meant to communicate not to be secret tools for a selected cohort of friends;
- since the domain is like a postal address, something a Citizen should have to be, well a Netizen need it as well, and it's the basic brick to form own digital life in a connected society, domain, mail, personal website, perhaps homeserver are the tools of the trade like a home, a car, dresses and so on are for the physical world.
When I'll be dead those who eventually snoop my mails (that are certainly already snooped by gazzilion of third party at least in automatic ways for generic data mining, antivirus scan and so on) I'm pretty sure I'll not care... If I'll have heirs they'll be already instructed on what to do as for anything else.
Once you have Hide My Email set up, you don't have to log in again. I just forward to another email account that is not on iCloud. The unique email address I generated is saved in 1Password.
You have to pay for icloud for the rest of your life though.
I personally had issues with Apple overbilling me and not fixing it, and have shifted away from icloud and it's a huge problem for me, because while most accounts will let me change my email, some accounts will not.
I registered a throwaway domain for $10 and i'm using that domain that's the combination of two random english words dot com, and now I use simpleloginolyourall, but I own the alias domain and I can always redirect it with a catchall if I ever want to switch services or use the address with a different alias email provider.
To be fair, it's not currently that bad, because the minimum price for hidemyemail is a few bucks a month, but apple can always change that and it's far easier to pay for a domain then when you want to switch email providers in the future.
> You have to pay for icloud for the rest of your life though.
Isn't that true for all email providers nowadays? I used to have free email inbox with my domain, but not anymore. The cheapest layer for iCloud+ is $1/month.
Yeah, but it's better to be locked to paying a domain that you can migrate between providers for competition, than apple who's devices you may not use in the future or can change their pricing however they like.
It's better to own and not to rent in my opinion. Although, I appreciate the privacy arguments either way. Maybe use icloud hide my email for the things you want to keep the most private?
From what I have heard, you lose access to reply to emails received through Hide My Email if you stop paying. You still receive the emails. When you use "Sign in with Apple" you use an anonymized email as well, and those don't require you to pay.
It is a bit of a hassle saving the generated mail address, since it’s hidden away in the settings and from there you have to copy to your password manager.
I have both my own non-identifiable domain which I use for email - and a domain of my own name which I picked up when the original owner let it expire. I had to bid to get it from a broker who squatted it but it didn't cost much.
My namesake was a famous (in some circles) wealthy person and I did start getting his emails. Quite a lot initially, and I replied to let the senders know.
That was probably twenty years ago and I'm still regularly invited to galleries for viewings as he obviously collected art. I gave up trying to get off those gallery mailing lists and now just bin them.
I have one too, but realized that it’s kinda pointless. If it’s only you receiving emails at your domain, it’s clear that if you sign up for a Facebook account and a Google account and a shopping website, that it’s always the same person.
The advantage of big email providers is that it could be anyone. I just wouldn’t use Google.
Fastmail offers email redirects like the iCloud anonymization service.
I agree that's a possibility, but I'd rather the chance some of those accounts get linked than give my data to Google.
The reason I did that wasn't privacy in the first place, so any privacy benefits are a bonus.
I did it so I can easily block spam from a business, easily 'unsubscribe' to any list without jumping through hoops, and can also see which businesses are not playing nice by sharing my data.
I agree. I would use protonmail or something else for signing up for websites, as a domain would be linked to me (unless I buy dozens of domain names anonymously).
For Git commits or communication tied to my real identity, then yeah I'd use my own domain name. But for anonymity, nope.
> One of my concerns is that, if I were unable to renew my domain … someone else could register it and start receiving my emails
And what happens if your email provider does the same? What happens if they close your account because you were unable to login and they give your handle to somebody else? What happens when they suspend your account because you logged into something they don't approve of?
TFA is a weak, self-defeating argument against best practice. Own your domain, register it for a long time.
I think all the time is stretching. Reputable registrars selling domains from reputable registries do not generally do this.
In in doubt, stick to dot-com
Again, anything that could happen to you and your domain could happen to an email provider and their domains, on top of them choosing to lock you out, give away your address, downtime, etc etc etc.
Owning your identity more than less by having control over your email domain is way more valuable. Yes you have to manage it and not "forget" to renew the domain but c'mon. (What about social services like mastodon and bluesky leaning pretty heavy into encouraging you to have your own identity domain and all on their platforms?)
As far as privacy yes maybe not having Eduardobautista123homeaddress.com is a good idea and something a bit less identifiable helps but you can make up some more generic names etc.
As for blacklists this problem is overblown. The big providers are getting better at accepting solid SPF and DKIM records for good deliverability and if you're not spamming you should be good. There's seems to be more of a problem anecdotally with corporate enterprise spam services that block custom domains more frequently just based on weak indicators like "unfamiliar" but I think as the trend is for solid SPF etc they will all standardize on that stuff.
It's just one of those things where if you're going to own it you have to own it. Manage it. Take care of it. But afterall, it is your identity and can stick with you for a long long time. I'm sure there's many of us who have had email addresses (that aren't fluffball69@hotmail.com) for decades now.
I think that the article confuses privacy with anonymity. A gmail.com address does not stand out as much, but it is much less private than a self-hosted account on a domain and servers that I own and control.
In my view, privacy is not about being inrecognizable, it's about having control over what aspects of my identity are revealed to the public. A custom domain (unless you're using your last name or something similar) reveals very little about you except maybe your pseudonym and the fact you probably run your own email.
If you're looking for anonymity, email is a very bad place to start.
That being said, I still use my gmail occasionally, mainly for things that need 100% uptime and can't ever get filtered by the recipient's spam filter. My doctor's appointments, electronic ID, for example, still have my Gmail set as a backup address, mainly to prevent me losing basic services in case of some catastrophic failure of my servers.
Overall, running email yourself is fairly complicated, and probably one of the last things you ever want to do self-hosting-wise.
I use posteo, which satisfies the suggested requirements of being relatively cheap and the domain does not belong to me.
However, doesn't this allow a sibling to the described threat model? If posteo go bust, their domain could be claimed by someone else. Then, even if I change email providers, senders who haven't updated their address books will keep sending email to my old posteo address.
I think the points in the linked post are interesting and worth thinking about, but I don't think the answer is never use your own domain for email. Instead, maybe, just think twice, and have an answer ready to the question of what happens to your email if the domain name is lost.
Keep in mind that Posteo recycles email addresses after a few months or so once the account is unpaid and/or deleted. This means, unless you have a difficult to guess or uncommon email address on Posteo, the chances that someone else might intentionally or inadvertently get your old email address is higher.
But I like the fact that Posteo allows prepaid credit balance in the account (but it allows only a maximum balance of EUR 60). That could help in keeping one’s address alive for longer.
> most websites using it as a way to reset your password
> Privacy... I am starting to use iCloud's Hide My Email to change my email address on accounts I have created
> domain name can be the weakest link to accessing your online accounts
Much of your stress points seem actually about using email for user accounts. I think the problem is more that we've abused emails, using them as a form of identification, partly thanks to data collection. This system has many flaws anyway, which is why moving forward, we'll (I hope) adapt other more suited systems for authentication.
But it’s at least easier to get a new email address or have several (or an infinite number of them) compared to having accounts tied to a phone number. I’d actually prefer a system that uses email addresses as opposed to phone numbers.
Even though the points are sound, I don't agree with the conclusion. You're effectively giving away more freedom and putting more trust in services that can lock you out of your digital life.
The author points out real risks when running your own domain. When you host your own domain, you must treat that and its registrar as a risk vector like your inbox, including 2FA, locking domain transfer, auto-renew, backup email accounts, and update payment details. Like the author I too run my own email out of my domain, and I love the flexibility, but it requires vigilance.
One serious issue is how much email became the de-facto identity of the Internet. This is the ultimate reason why all the above is necessary.
> Another concern is privacy. Using a unique domain name for email stands out, especially when it has your name.
I never really thought of this, but it's a good point. I'm beginning to trust Apple more to forward random email addresses to me.
> One of my concerns is that, if I were unable to renew my domain (e.g., in case of death), someone else could register it and start receiving my emails.
I also pay my domain name a few years forwards, just so in case I die, my family doesn't right away lose their email as well.
It it a good point? What’s the threat? How can you be “private” when you have a unique id associated with every email address?
If you’re that paranoid, you might as well name your account bsuwbeu7262@gmail. But you could just have a goofball domain as well complete the du rigour registration privacy service all registrars support.
Not really the point but all the grandfathered free google workspace setups I've been aware of have been phased out over the last few years, surprised the authour still has one.
I had to stop using my own domain and fastmail because I lost not one, but two very important job offers due to my emails not getting received. Not spammed, just outright not received. I also frequently (30% of the time) don't get "verify your email address" emails from websites these days when using my own domain+fastmail.
I'm back to gmail and resent having to do so. But it's the only option to not constantly be worried about important emails not making it.
And furthermore using Google mail for business purposes doesn't have unprofessional stigma anymore, especially amongst younger people (naturally meaning under 50).
Using Google Mail sure, but using Google's domain sure as heck does.
I cringe every time I see a business card printed with a gmail.com or similar, or on the side of someone's van.
If you can go through the effort of registering a business and having a professional looking logo plastered all over your vans, business card etc, you can almost certainly register a domain for your email.
Purely anecdotal from the UK, but it seems like the more professional the email address and website the more likely it is you're not dealing with a real trades person.
Genuine tradespeople are often always fully booked months in advance and they don't want to be dealing with random emails all of the time, most of which will be time wasters.
For regular businesses though, I agree, it looks bad.
I'm in the UK, and that's where I tend to see it most, on trade-person vans.
If they've gone through the effort to get some nice logo design vinyl on their van, why not get a matching email domain for their "company"?
For me, seeing a Gmail etc on the side of an otherwise nicely decorated van shows a lack of attention to detail, and that's not what I want in a trade-person, who typically I only hire for the tasks beyond my capability/skill level.
They'll care after they accidentally email their entire company's accounts to some random gmail account after receiving a phishing 'hi, I'm your new accountant at audit_firm_you're_using' email.
If you don't use a corporate domain for your company's correspondence your customers have _no way_ to tell who's a legitimate employee of your firm and who's spoofing when they get an email.
Yeah, that's true for companies that have several employees with customer contact. But many individual companies/self-employed workers don't have that.
Even if you're a sole trader, if you use companyname@bigemailprovider anybody can create companyname.secretary@bigemailprovider and phish/steal your customers by pretending to be a member of your staff. Your customers will assume good faith unless their approach is blatantly scammy.
I dont see any reason from this post not to use a own domain. Only reasons to start using cryptography for emails to sign or encrypt mails. Unfortunately it still has not been standardized to use cryptography in mails. Only few custom, and (afaik) no by default installed mail programms support cryptography without plugins. Also the work involved to set it up and use it across multiple devices and plattforms is could need a big boost.
Gmail recently decided to start flagging just about all of my @custom-domain emails that I have set to forward to it as spam. No amount of marking 'not spam' has made it stop. Fortunately, a filter to make sure they don't go to spam works. And almost all of the actual spam is to the raw gmail address, not the unique custom emails I give out when businesses or new website signups insist on one.
The main reasons for me that I stopped using my own domain:
- some sites will just silently refuse to accept addresses on unknown domains and signing up becomes impossible
- worse, some sites accept it for sign up, but later on refuse to send a password reset
- every time you have you write down or say out our your email address to a non-technical person, you are then obligated to host a mini Q&A on domain names and how email works
I co-founded a vanity e-mail provider around 2000, and we 1) registered about 60,000 domains that we provided e-mail for, and we never had problems like that despite tens of thousands of those domains being with then-obscure ccTLDs, 2) a bit later launched the .name top-level domain, and for that we had some very limited initial teething problems because people back then still stupidly used regexes that assumed tld's could only be 2-3 characters. Aside from that it was not a problem, and it resolved itself more than 20 years ago.
I'n the 25+ years of having my own personal domain this has never been an issue for anything but really obscure TLDs unless your mail host fails to stay off blacklists.
With respect to saying it out loud, I occasionally have to repeat my e-mail address once, but that's usually all it takes; we must be dealing with very different people.
> With respect to saying it out loud, I occasionally have to repeat my e-mail address once, but that's usually all it takes; we must be dealing with very different people.
It's not so much having to repeat myself - it's just me@myname.com - but people who apparently have never encountered an address that isn't @gmail.com etc before, who then want to have a 10 minute Q&A/tutorial session where I explain to them how domain names work, how anyone - yes, even you - can buy a domain, how email works, etc. Some people have just never looked behind the curtain, and I understand their curiosity. It's just sometimes quite annoying when I just need to get on with something.
> but people who apparently have never encountered an address that isn't @gmail.com etc before
I've just never had that occur in the 30 years I've used e-mail, and it seems absolutely bizarre given that most people deal with e-mails from schools, or workplaces, or all kinds of other providers all the time.
I get the occasional question of how I got <mylastname>.com, and that's it.
Giving in to sites refusing to take custom domains is what leads to for example self hosted email being so difficult now because the big 3 run the show and defacto control internet mail.
We should also stop "dumbing down" to a point of sacrificing security and anonymity because people are unable to take down an email address in 2023. Remember when Google and others wanted to get rid of urls and use just words because "it is too difficult for people to remember urls"?
People used to remember multiple phone numbers in their head!
Humans can learn, we should stop encouraging brain lazyness, it leads to mobs of idiots who think another man won the presidency no matter how much evidence you provide that it's not the case.
The whole concept of "custom domain" is absurd - a domain is a domain... Or why does Google use that google.com custom domain instead of a respectable one like ibm.com ?
I have had my firstname lastname domain (.dk as I am danish) since 2001 and have never seen a website refusing my domain or refuse to send a password reset.
I also have not had issues with giving the address to a non-technical person, only issue I have had is that the risk of spelling mistakes are higher than @gmail.com
I've had all of these issues and more but only with my address that uses an unusual TLD.
As a joke I've considered creating an inbox at something like atdot@atdotatdot.com just so I can cause havoc when someone freaks out over my address or the subsequent use of NATO phonetics over the phone.
This is like saying because their services suck, then I should downgrade my workflow accordingly.. even though I have never came across a service that will deny unknown domain, but if they do, I will just walk away, it gives you an idea what service is that anyway.
For the QA part, deal with it as if it’s a company email, definitely it won’t be at gmail or yahoo.
These are all the exact reasons to do it!
-the more of us who won't sign up because they won't take our domain-bsased email the quicker they will see these failed sign-ups and the reason, and adjust.
- hmm. Let the account go dead I guess. They pay for that.
- great, the more ppl who understand, the better!
This is very surprising as even my aging non-technical mother uses a custom domain and never complained once that she had her email address refused somewhere.
While stupid, that's more likely to be because of the TLD than anything general with custom domains. I can guarantee that your bank deals with thousands of different "custom" domains.
I agree. Using a custom email sounds cool first, but sucks in real life when you have to give someone your mail address and they don't understand how to write it, what it means, how it works, and when it is rejected by the system they're typing it into. That's the reason I'm migrating back to a normal mail address.
The older I get the more I kinda regret getting a custom domain for my email. I do like that I can take my email with me if I want to change service provider, or I can do the hosting myself, if I really wanted to. It's nice to be in control, but sometimes, sometimes it would be nice to just have a stupid generic email account and not having to bother with hosting companies.
There is a certain silly charm of being presented with a 20 year old Yahoo! Mail account or someone who insist that their Hotmail address is just fine. These people do not worry about email and that must be really nice.
One word of warning regarding when using a custom domain: Be really careful about giving out email address to others. I have my own, that of my sister and one for a friend that I haven't seen i five years. The coordination required when/if you need to move providers due to e.g. cost or policy changes can be a nightmare.
> but sometimes, sometimes it would be nice to just have a stupid generic email account
Ok.. then have one then, you can have both you know, one generic and other with custom domain at the same time, use the generic one in the services as if you never owned a domain, and the other as if you don’t have generic, I don’t see the issue here.
I've had my firstname @ my lastname .com for 25+ years now, and it's never been more tedious than repeating it once. People deal with other domains in e-mail addresses all the time.
One of my mail domain's can only be registered for a year at a time, which really bothers me, I feel like it leaves the risk of losing it higher than others which I can register for longer.
I don't know if there's a way around it, but for the record, it's a .es domain, and I am not Spanish, nor do I live in Spain.
The Danish .dk domains have a nice feature, if you don't pay then they aren't freed right away, they are "quarantined" for a few months. In this period you're the only one who can renew it.
I believe all mainstream TLDs have this feature. In the past it used to be a nonissue when you renewed the domain in the grace period. Nowadays you just pay more but it still works.
Don't do it with a very desirable domain name though. The registrar might decide to grab it for themselves.
That's a useful feature; It's not impossible to be a little behind with renewal, particularly when it has to be done so often, a bit of a grace period for something so important should be a requirement.
It's very tld dependant. .com and .edu have been there forever, so there are no problems.
But .xyz are usually spammy domains, so they are rejected by default.
My personnal .email address is also often rejected because the tld is quite recent.
The sites I have the most problems with are:
- small shops
- state own ones
- public utilities
Some bugs are not even pure rejection. E.G: my electricity provider, for the longest time, accepted my email when subscribing or using "forget password", but not when login.
On site once tried to autocorrect my email (!), to "fix" the tld.
Oh right, sorry, I hadn’t even thought about other TLDs. I wonder if the rising popularity of .io and .ai domains has shone some light on this issue? Though they are ccTLDs…
I somewhat agree with this. I do believe that a larger provider is less likely to lose their domains than an individual is (there are always exceptions).
Domains expiring is one reason why I always have my domains paid for 10 years in the future and renew every year to extend it by a year. I’d like to see service providers who work on a prepaid credit model (not a monthly or annual charge model, where the cards or payment methods may have been closed or canceled) and renew the domain automatically every year as long as there’s a balance in the account.
Last I checked, even Cloudflare doesn’t allow prepaid credit balances to be used for domain renewals and insists on charging the payment method on file. And it’s not even the case that people haven’t asked for it. Cloudflare’s billing policies are weird. This is one of the reasons why I’ve avoided transferring domains to it.
I wish ICANN would allow paying for domains (at least the most common TLDs) for a longer period though. If my domains aren’t renewed in 10 years after I’m gone and someone is dependent on those, there’s nothing much that can be done.
Email service providers can also disappear, or shut down your account without recourse. By contrast, if a domain registrar shuts down, you can use another without impact to anyone else, and there are strong protections.
I sometimes wonder if I should set up email with custom domain, but then I read how it will be quickly blacklisted by everyone and your mail simply won't be reaching anyone. That is the biggest problem I think, not the domain payments.
Like dieting and exercise, the trick is to start now to reap the benefits down the line.
I've been hosting my own email for about 10 years now. I started using it just for throwaway accounts and I've been ramping up usage slowly ever since. By the time GMail blocked my account with no explanation I had a fully-functioning domain with good reputation ready to go.
I've been using several domains for years and it's a non-issue. Some of them are located in the worst TLDs possible: the cost free .tk and .cf. No delivery issues whatsoever because I use decent email providers and don't spam.
I plan to move to Protonmail, but debate about creating custom domain or not. Even regular protommail domain is sometimes banned (read in the news about several cases of this, for now only in the authoritarian hellholes) which is bad for sych critical service as email.
I recently discovered that some recruiters were excluding my resume, because my email looked "so good", that they thought it was a scam. They preferred something lime "joe.shmow.roleandposition@hotmail.com". Oh well.
> if I were unable to renew my domain (e.g., in case of death),
While I agree about the “losing control” issue, however, when you own a domain you actually own it, not renting it, not lease it, It is yours, and unless you do something clearly illegal no one can just take it, an email in another provider however, they can delete your email with all its content anytime, and most of the times you can’t do anything about it because it’s written in a TOS that was revised a few months ago.
> Another concern is privacy. Using a unique domain name for email stands out,
True, but you can use a masked email with your own domain too, several services provide that, masked email -> your domain email, so you can have iCloud masked email sent to your domain one.
Having your own domain as an email provides a lot of advantages, The top one is you are provider agnostic, if you don’t like X provider, just change your MX, SPF, etc. DNS and you are good to go in a few minutes, now imagine if that would be something@gmail and you wanted to change to another@gmail, You have to go to all the services you are using and signed up for (assuming you have a list of them say in a password vault), change each, verify each, and then update your password vault so the new email is used, good luck with a whole week work.
Another big advantage of using your own domain is the concept of separation of concerns, If that site is breached, not only you will know faster than the site admin, but that email is only valid for that account, and useless elsewhere. Additionally, anyone who is using OSINT against you, will not be able to pull out all the services you are using/used with that email, that also works if you have masked emails.
Just keep in mind, if you use your own domain try as much as possible to have a .com one, I noticed some providers (MS Exchange/Outlook) mark some domains that are not .com as spam.
Lastly, emails are NOT secure, the protocol was not designed with security in mind, no matter if the provider is promising top notch security, it is not, the only time it is secure if PGP is used by both parties.
> when you own a domain you actually own it, not renting it, not lease it, It is yours, and unless you do something clearly illegal no one can just take it
Since when did something you “own” require recurring renewal fees or else it’s repossessed by the place you got it from. That is essentially the very foundational difference between a lease/rent and “own”. Further, “no one can just take it” is so clearly misguided and factually wrong which even a basic google search can uncover countless examples of it happening.
Although I have my own domain for some mail, I've been using pobox.com for this and other reasons since 2009. It's quite cheap and safe redirect since it now belongs to fastmail.
>Although I have my own domain for some mail, I've been using pobox.com for this and other reasons since 2009. It's quite cheap and safe redirect since it now belongs to fastmail.
Same, both in owning my own domain name and using pobox.com. Customer since 1996 and primary email address since 1999 because my college address closed at graduation. Since then my email has been hosted at ISPs, at various other providers, and at a Google Apps site, but it doesn't matter because the pobox address never changes. My college address works again, but I've long since used the pobox address in too many places to mass migrate away.
Years ago, before it got "corporatized", Pobox's FAQs had one entry that went something like:
Q: How do I know you'll be around in the future?
A: How do we know you'll be? Ha, didn't think of that, did you?
I own <initial><last name>.com and <first name><last name>.com and I'm paying for Fastmail, but I hesitate to give these addresses out widely. I can see many benefits to domain email but I don't want people to think this is just a vanity address, especially as I don't work in IT or have a business or website. I'm an accountant (not public facing) and I think my <initial><last name>@<well-known provider> actually looks more professional on my CV (although I wouldn't use it for actual work - I have my address at my employer for that).
You don't really need email in that case but this is why you organize your life to let those that come after you know what you have.
> someone else could register it and start receiving my emails.
They could still do that if you die and the executor of your estate decides to not renew the domain or email service. You're dead though, what do you care?
- Google has on multiple occasions terminated accounts for no reason with no recourse. You loose access you can't do anything. If you have your own domain you can at least set it up somewhere else. How many website would you need to update with your new email and how would you get thay extra factor mail?
- If I die I don't care if someone else reads my mail, I'm dead. Also you can add a dead man's switch and you should provide your family with access to your passwords etc. in case something does happen.
- if you are worried about expiration, didn't one registrar just offer 100 year registration? Also the process is usually (for. com at least): domain expires, registrar removes DNS until you pay, usually 30 days, then the domain goes to retention where you can pay the +250 fee to get it back which I believe is another 60 days or something that you have to pay and get it back. I have had customers that I would remind over and over only to have them fall into retention and then complain about the fee but they got their domain back.