Become unbannable from your email

Counterpoint: I lost a domain when a registrar went out of business, and another when a registrar bumped the price 10x and refused to give me authenticode unless I physically show up to their office. Sure, I cheapened out and used shady cheap registrars, and this all happened a while ago so things are probably more regulated now, but for comparison I never permanently lost access to hosted email. (Losing access temporarily is another thing, Google likes blocking me from my own account when travelling.)

Been doing this for years, and surprised he didn't seem to mention the other benefit: "infinity" email addresses. Oh, rando burger spot wants an email for some free fries? Great, hit me up at randoburgerspot@"mydomain".com .

Over the past few weeks I've been systematically migrating every one of my accounts to a domain under my control.

During the process I've been marking them in a spreadsheet with their 2FA status (no 2FA, TOTP, security key, etc.) and adding their passwords to a password manager.

This is all in case I ever need to go through the migration process again for whatever reason, or if I lose/break a Yubikey, I will know what I'm signed up for, and will know where to enrol my new Yubikey(s).

It really is a massive hinge for many people that isn't even really considered, most people's entire digital lives would be uprooted if they lost access to their email for whatever reason.

Thankfully that doesn't really ever happen to most "normal" people to my knowledge, since most just use Gmail, but I know it can and has happened through account bans or such.

"How to become unbannable"

Step 1 : go with the one company that's known worldwide for abusive & permanent bans with no recourse.

This post is a bit too generic, but it's true that using your own domain for mailing is the best solution to avoid getting locked out. Although you need to pick a good registrar, too...

Anyone wanna share their email strategy? I'm thinking of going for the following but I'm still undecided:

1. 1 custom domain (<simple-word-or-two>.com): this will be used for friends, family and any online accounts that know me IRL.

Use Fastmail masked addresses with my custom domain where it makes sense like an online account for amazon.

2. 1 custom domain (<online-nickname>.xyz): this will be used for a blog, professional IRL interviews, correspondence, github.

Use Fastmail masked addresses with my custom domain where it makes sense.

3. Masked emails using fastmail.com: for online accounts that are ephemeral, random newsletter signups etc. Don't want to associate any of my custom domains or IRL identity. Don't care if these are portable.

My main goals are:

- Separate my online identity/alias used for my blog (2) from gov entities, banks etc (1).

- for more anonymity/privacy use the fastmail.com domain with masked addresses to blend in with others on this domain.

I'd love feedback and to read what you do if you want to share :)

I've been doing this for years, though I don't really think of it as "having a backup" so much as "using an IMAP client". Works fine. It's really useful to be able to make up a new email address for every company who wants one; they each get their own folder. If I get any unexpected mail, it's obvious where it came from and easy to deal with, though in practice this rarely happens.

Forwarding emails is problematic especially if your provider for the primary mx does not have great spam filtering and then you end up sending spam to your backup account.

It certainly does not get around the ...if your account gets banned maybe the forwards will still work... concept but in general something like https://github.com/joeyates/imap-backup to backup your email and then add them to a typical backup process with your other files works well.

I think there are two pieces of legislation needed here:

1. Email providers need to be required to forward your email to your new address for a year if you ever lose your email for any reason.

2. Domain registrars need to save your domain name for a year and allow you ample time to reregister if you ever let it lapse for any reason.

You don’t have to have a single email address. I have plenty and various providers.

Then use mail client instead of webmail. I use thunderbird and have multiple boxes I just backup Thunderbird profiles folder to my NAS.

That's good but make sure you don't lose the domain. Ever.

Looks like a good intro for people who want partial self-hosting, which is better than leaving it with a megacorp (especially for non-professional email).

In before:

* running your own mail is too much of a burden

* I used to host my own mail but I couldn’t figure out DNS or used a bad IP or something and Microsoft/Gmail won’t accept my mail

* if “they” want to ban you they will just seize your domain or kick down your door and shoot your dog

* it’s good that they can ban you from your email because I don’t like spam

Edit: lol, I was not in fact “in before” the comment about domain seizures. Unbelievable.

I guess the real question here is: Who is more likely to ban you, Google and co or your domain registar?

For most people, who are not doing anything shady/controversial with their domain and are using a .com or .net domain (which are price regulated by ICANN), are not using a shady registrar and will always have the cash on hand to renew as needed, the answer will be Google and co.

Its a good idea to set up auto-renew on a credit card, so you can be sure it will go through and you won't forget to renew it.

I more or less disagree with two points this article makes.

You don't have to go with a major mail hosting service to prevent deliverability issues. Any one of the hundreds of thousands of small local hosting providers should do. I've been with two tiny, local, "boutique" hosters for over 20 years and never noticed any issues. I also have it on good authority that entirely self-hosted e-mail is not as tricky as some like to claim. Set up your SPF, DKIM, and DMARC properly, and obviously don't send any spam or be an open relay, and even Google and Microsoft should have no worries doing business with you. Heck, if abuse scores were that important, Google and Microsoft would be the first hosts anyone would ban.

Also, catch-all is a terrible idea. I used to do it in the mid-2000s. Think about your current spam levels and multiply it by a thousand when every spammer can try jack@, john@, joe@, etc., and everything is delivered. Add to that all the spammers that use something@your-domain as a fake sender, so you get all the non-delivery reports. Ugh.

I used to do this to track leaks and non-consensual passing on of my address (the old registering at Company X with company-x@). This worked a few times, but after a few years I noticed that the amount of breaches and leaks soon make it useless. At this point, according to HaveIBeenPwned, most of the addresses I ever used have been in 20+ leaks each. It just not worth the effort anymore.

Highly recommend mbsync/isync for backing up your email. Quite simple to set up for fastmail, gmail. Everyone recommends n+1 backups of everything else, why should your email be less deserving?

As a bonus, if you install notmuch you get quick offline searches and can "mine" your email with shell scripts (or easily share it with sam altman if you're into that kind of thing).

(Alternatively, if you prefer being GUI, just install Thunderbird – this can also download your full imap and give you local search. You don't even have to use Thunderbird for it to be useful as a backup; it's probably the easiest way to quickly become more independent from google randomly deciding your account should be locked, which does happen.)

I learned this lesson when switching away from the first ISP I had email through. Rather than switching to another transient ISP email, I registered a domain. I've been through a couple of email providers but my email address never needs to change again.

I am actually working on doing the opposite and getting rid of my custom domains. I’m not really doing anything with them except spending money to have them. Working on getting all my socials to basically match with a similar username and just go from there.

If I host my blog, assuming I actually start making posts, on GitHub with a custom domain, when I die then the domain will likely expire and the blog is no longer accessible. If I keep it with my GitHub .io url, it’ll be there for as long as the account is there.

There are online services where a bad actor can enter your email to automatically sign you up for hundreds, thousands of marketing emails. In the event that that happens, given that you have full control over the domain, you could just divert whatever <x>@yourdomain.com to a black hole. What will happen when email attacks become more advanced--to the point of signing up thousands of different <x'>@yourdomain.com? What strategy would one have then? You would most certainly have to part ways with that domain.

The author makes a good point, your email address is (arguably) more important than your home address. Perhaps there already are, but I hope for better safeguards against these kinds of attacks.

How does Google paid email service work with catch all email addresses? Can you send with an arbitrary alias without setting up a separate identity? Will it automatically respond to the correct alias?

We are all so vulnerable and have no protections. This is where government should be stepping in, but they won't until it happens to enough important people. This is fundamental

I'm thinking about trying something similar to this on top of AWS SES. They make it fairly trivial to accept email and store it to S3. So email forwarding would be straight to S3 backup. But still would need a system to backup these emails to some local storage.

Not sure what's the best way to handle this, I had my gmail account since the early days and it's baked into so many important accounts. It definitely crosses my mind what it'd be really difficult if I were blocked out somehow.

Forwarding mail is problematic. If you forward spam, your spam score can increase and suddenly you‘re on a blacklist.

Also when you pick an email provider, pick one with a good privacy policy.

Creating aliases for the addresses you are actually using, e.g. a netflix@ signup is preferred over a general catch all, .. and all that spam senders can generate approach.

I have the opposite thoughts on email domains.

Personal email domains makes you very identifiable just by lookung at your domain.

Using aliasing services (e.g. Mozilla Relay, Addy.io, etc.) with their default address generation ensures your email address itself does not disclose your domains when the eventual data breach occurs.

Plus catch-all addresses makes you an easy target for spam by sending to any email address on that domain vs need to know specific email address on typical email services.

This was actually way more actionable than I was expecting

I’ve considered running an email server on my personal domain for some time, but the effort of changing my email hasn’t felt worth it to me, given how many services I’ve signed up for with my current email (a Gmail address). Is anyone aware of any strategies to make this easier? It’d be nice if I could set up forwarding so services would automatically use my new email, but I’m not sure if something like that exists.

That's fine for your own domain, but I usually download my emails via IMAP and don't leave anything on the remote server. Finally, do you really keep your emails? Emails are ephemeral, often just informative, and if there's anything important, I process it and delete the email. I may archive 'sentimental' emails, but I rarely search the archive as I mainly delete emails.

When I see suggestions to "own" your email domain, how do you manage the chicken-egg problem of needing an email address in the first place to register the domain you want to lease?

Are there registrars that let you walk in with a physical ID to proof you are you in case your email gets compromised and they get access to the registrar? Any experience with that?

> With this solution, there's a high chance that if they ban you by mistake (AI bots are to blame), they will not disable the forwarding mechanism.

Why bet on that instead of doing it the other way around (i.e. making the self-operated mail server the primary that forwards to the service provider inbox), or at least practicing doing so by pointing the MX records accordingly?

Doing this is worth it on sole reason you get to degoogle yourself (you can host email on iCloud+ plan).

What I’m slowly doing is staggering my addresses by importance - trying to separate personal from all the spam / registration / etc.

Saying that it’s probably been years since I used email to actually message someone.

I have my own domain trallnag.com for this purpose, but it's always a huge pain to spell the domain to someone in person or over the phone. The leaf being a made up word does not make things simpler. So for these cases I've started to fall back on gmail.com or outlook.com

I like email forwarding services like mailgw [1]. If my email provider gives me problems, I can just forward to a different one.

[1] https://www.mailgw.com

Anyone else have a .io domain and worried about the future?

My gmail backup solution is a Synology NAS, set up to continuously backup GDrive, and then I periodically click export to GDrive at takeout.google.com

Services should allow secondary email addresses.

The counterpoint for having your own domain is that emails you send have a good chance of being classified as spam.

Some pointed to already, but hosting anything at google is not the way forward.

I am using my own Mail Server (mailcow) beside my old gmail and other adresses. But for convenient, searchable offline Backups, I use Mailsteward (macOS) ... if it is of interest for someone: https://mailsteward.com

(alternatives for other OS: https://alternativeto.net/software/mailsteward/)

Then I put the database on multiple backup locations regularly.

Another thing, some people do not already know: If you don't need a throwaway-adress for some services, and you just want to make your mailbox more structured, you can use '+' before the '@' to add another word to your email adress.

Like: your.name+randomName@gmail.com

The +randomName will be ignored and the emails are received at your.name@gmail.com. But most Servers (I use) will put a '[randomName]' before the subject of the received email. Which can be quite handy for handling your emails. Even more, if the company uses multiple different adresses to send you emails.

I've self hosted my email forwarding service on my own domain for over a decade, but eventually gave up because of deliverability issues that were out of my control - primarily with Microsoft's email services.

I've switched 3 years ago to a hosted forwarding service forwardemail.net

Pros:

* Allows to switch email providers if needed

* Allows to forward email to multiple providers

* Allows to store backups of emails

* Allows to have emails on multiple domains for different contexts (personal/professional/projects/etc.)

* Allows to have different email addresses per service. If you get spam on that email address you can just stop forwarding emails for it.

* Allows to have reliable mail rules based on the email address

* Allows also to send emails from multiple addressses

* Most spam is filtered before it reaches the inbox

* Open source

* Would be easy to switch to a different email forwarding service if needed (or self host it).

* Excellent track record over 8+ years

Cons:

* They have the potential to snoop on your emails. Any service that's really important would have 2FA enabled, so I accept the risk.

* They have the potential to send emails on your behalf - again, they've earned my trust, so I accept the risk for that.

* Add another point possible failure. So far I haven't noticed any issues with it.

* There's greylisting that delays emails for 5 minutes if they are not on the whitelist, which affects some of less common sending services.

* In very rare cases, some services ban registering with a forwarding email addresses.

* You need to make sure you don't lose your domain. I renew it 5 years before expiry with a reputable domain registrar (NameCheap).

Overall, it's been working great for me.

Another huge thing is that if you get banned from Google you (might) also lose "Sign in with <bigcorp>" - so you lose access to a lot more thing than just your email.

I never really understood why "owning" a domain is any more owning than you own your Gmail address: a company is letting you use it and that works until they don't. What an I missing?

TL;DR: Step 1: Get Your Own Domain Step 2: Make Backups

This is not sufficient. Even your domain can be seized. There is no way for any service dependent on the DNS System to be irrevocably owned.