this post was submitted on 24 Jan 2025
9 points (100.0% liked)

Privacy

4902 readers
98 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
9
Thoughts about using a custom domain for personal email? (slrpnk.net)
submitted 4 weeks ago* (last edited 4 weeks ago) by Sunny@slrpnk.net to c/privacy@lemmy.world
9 comments fedilink hide all child comments
 

Hi there!

Context: After the recent debacle with Proton I was finally pushed to look for other alternatives. I had already wanted to change services for a while so it was nice to get the final push. It's still a good service, open-source and all. I personally just wanted to look for something else. However, I had not realised how deeply I was integrated into the email+alias feature they had, and how much work it is to change out of this, I have a fair amount of accounts.

I have now found a new email provider and bought a new domain. However I've got a few questions for those to who rock custom domains:

  1. Do you use random strings before the @ sign? Or do you use it like lemmy@example.com?
  2. Because I'm considering using this as a catch-all address, doesn't this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?
  3. As far as I've understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?

Thanks for any input, experiences or thoughts about this.

Ps. My threatmodel isn't that complex, I mainly want to stop spam from any potential services selling my email.

top 9 comments
sorted by: hot top controversial new old
[–] cygnus@lemmy.ca 3 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

In my book, it's essential. I'll never use email without a custom domain, because otherwise you're completely beholden to whatever email provider you signed up with. I've migrated providers many times (probably 6 or 7 now) and never had to change my email address. I have:

  • Work domain
  • Personal domains (one for myself and family, one for my band, a few others)
  • Domain for aliases / signups

I'm currently with Fastmail which can generate aliases on the fly with your custom domain of choice, and they allow a ridiculous number of domains (100?) on your account.

Do you use random strings before the @ sign? Or do you use it like lemmy@example.com?

I use random strings when I sign up for an online service, but the emails I actually give to people are firstname@domain

Because I’m considering using this as a catch-all address, doesn’t this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?

The only counter I know of is to create specific aliases rather than use a wildcard. However, in practice, I only very rarely get emails at my wildcard domain (one a year, if even)

As far as I’ve understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?

Exactly, so there's zero downtime and you don't have to change your email everywhere. The only annoyances I've run into are migrating away from Proton because it's encrypted and a huge PITA to get out of, and having to redo my automation filters when switching providers.

[–] Sunny@slrpnk.net 1 points 4 weeks ago

Thanks a lot! This was helpful and I too landed on Fastmail after hearing they're supporting (and helping develop) open standards.

[–] Zachariah@lemmy.world 2 points 4 weeks ago* (last edited 4 weeks ago)

I have a domain specifically for email. It’s a catch-all and points to whichever email provider I feel like. I have admin@…, info@…, etc. sent to :blackhole: to prevent most common random spam. I use [entity]@example.com and make up email addresses on the fly for each entity I interact with. If it ever starts receiving spam, I :blackhole: it.

I use https://www.mxroute.com/ to manage my forwarders. This allows me to route certain aliases to multiple inboxes and uses cPanel so it’s a familiar interface if you’ve ever used it. I paid like for 10 years at once because it averaged out to being super-cheap yearly that way.

In the past my web hosting provider had catch-alls but they removed that feature.

[–] evujumenuk@lemmy.world 2 points 4 weeks ago

If you only ever use services that let you sign up with arbitrary addresses, then sure, you gain resilience against mail provider shenanigans at the expense of exposing a non-agile identifier — the domain name you bought — to any third party you provide with an address.

However, in a confused attempt to stamp out single-use mail services, some sites are rejecting mail addresses that don't originate from one of the big mail providers, like Gmail, iCloud, Outlook. 'Please provide your real mail address', they'd say.

If you aren't using any such service, you can use your own domain. Be wary of services that bounce messages to your "actual" inbox without rewriting the involved addresses (Cloudflare offers something like this, I don't get why though), as that can lead to deliverability issues due to DMARC.

The IAB publishes some Gmail-specific guidance on how to 'normalize' plus-addresses to 'real' inboxes, so that's something that doesn't really do anything for you anymore. Out of the large mail services, iCloud is somewhat notable for offering single-use addresses under the same @icloud.com domain name they use for standard addresses, without having to register extra accounts or other annoying requirements. So websites that want to lock out single-use iCloud addresses would have to block iCloud addresses entirely, which is something they'll most probably refrain from doing.

[–] MNByChoice@midwest.social 1 points 4 weeks ago (1 children)

They are great.

Just be careful if paying a host. Their prices will go up. Sometimes a lot.

I started on a cheap plan, now I pay 12x. Not enough in actual dollars to self-host, but it is annoying. (Which is why they raised prices.)

[–] Tangent5280@lemmy.world 1 points 3 weeks ago (1 children)

You're talking about the actual VPS hosts roght, and not the domain name merchant rent? If I buy the domain exampleblog.com from godaddy for example, will they raise the rent I have to pay them every year after a couple years, after I grow a following for my blog?

[–] MNByChoice@midwest.social 2 points 3 weeks ago

Yes, rent on the service not the domain name.

[–] Rivalarrival@lemmy.today 0 points 4 weeks ago* (last edited 4 weeks ago) (1 children)

  1. I often use "[name-of-service]@mydomain.com". When I start getting spam to one of those addresses, it's immediately obvious who is selling email addresses.

  2. That was one of my concerns, but I haven't really seen it happen. I rarely get mail to random addresses I've never used.

You will get spam for every address you widely publish, though, which can mean you get multiple copies of the same spam.

[–] undefined@lemmy.hogru.ch 1 points 4 weeks ago

Ditto that, with the exception that I’ve had two addresses leaked from Scentbird of all places.

I guess their backend/database security is just trashed because they’ve shown up multiple times on haveibeenp3wned.