So at least for .com and .net there's a responsive third party with procedures to work around failing registrars.
On the one hand, using national TLDs can be a problem if the area you live in is no longer considered part of your country (I imagine .ua owners may have that problem in the future with the way things are going). On the other hand, using TLDs like .com/.net/.ai/.io puts your domain under control of foreign law enforcement (US for .com/.net, UK for .ai/.io).
It looks like .io will change jurisdiction. Another thing to consider with regards to jurisdictions. There is a good argument for you own national TLD.
That said, a lot of ccTLDs are not that restrictive. Anyone can register a .uk for example (so, Scottish nationalists have one less thing to deal with in their plans).
In the case of Ukraine they will probably want to allow people in any territory they lost to retain .ua domains as a way of maintaining a claim (that is assuming their rules are restrictive in the first place).
Not to mention the risk that someone else takes possession of said email accounts and domains, in which case they essentially own every account you have that's bound to that email.
In fact the entire reason I stay on free email from a company I don't like is because I think it minimizes the chance I lose access to my email. My conclusion is essentially the exact opposite of the article.
A registrar banning you doesn’t remove your ownership of the domain. File a complaint with ICANN and you will get it back shortly.
was it a very distant location to head out to?
Mandatory reliance of services on other services (whether it is email, phone, or a more explicit identity provider) is generally unfortunate. I think it is best to not look for a perfectly reliable setup, as it is unachievable, but to keep in mind that they are not reliable, to have recovery plans and fallback options if possible, reduce dependence on online services, especially those depending on others. Though a personal domain name still seems more reliable to me than that of an email provider.
It also results in awkward conversations if you have to talk to staff. I had ordered some pet supplies online a while ago registered like this.
Then I go in store more recently and they ask "Do you have an account with us?", I give them that email when asked, which causes them to pause. We went around a few times of them asking what my email was, before getting a manager who thought I was doing something dodgy and decided to try looking up my account by phone number instead of email.
Also can we have things like 2FA in banking apps? I am pretty sure...
Like my idea of thinking is to create a new proton account just for banking and doing the thing as in the article and not really ever linking the two of them or maybe even having a google account if proton causes any issue for my banks.
Even easier: I have a list of pre-generated fantasy addresses on my smartphone and can pass one to randoburgerspot on the fly.
Highly unrecommended if it's important or you're a repeat customer. It is easiest to pick a consistent generation scheme that helps you to remember the email address you gave. Obviously record it somewhere too (a folder for the first you've-just-signed-up email is easy)
For throwaway accounts it doesn't matter what you give.
If I could think of an unambiguous .com, .net, or .org that is a pronounceable word that wasn't registered already by 2001, I'd be maybe willing to try this again.
Not to mention that I've been told by a couple people that they find it to be an awkward email address. Sending to "me" from their perspective should mean sending to themselves.
I keep expecting to have to explain, but the vast majority of the time people don’t ask.
(only half joking)
<yourname>+<arbitrary_str>@gmail.com
steve+randoburger@gmail.com
I use an underscore so my addresses look like evidlo_[placholder]@example.com
Total: $0.35
Storage (GB/month): 0.00 ($0.00)
Emails sent to non-Purelymail accounts: 19 ($0.00)
Emails sent: 19 ($0.00)
Emails sent (GB): 0.00 ($0.00)
Yearly account fee (days): 30 ($0.33)
Shared-domain user fees: $0.02
https://purelymail.com/docs/features
"Subaddressing allows you to tag the email addresses you give out. […] This also works with example_tagged@purelymail.com (in fact, everything after the first symbol- anything not a letter- in an address is ignored for routing) […]"
the "validate email input regex" that mistakenly rejects plus sign have been copy pasted for so long it might live on forever.
Migadu allowed me to use - instead, so firstname-*@ also ends up in my inbox (firstname@).
My email address at my hosted domain is like jsmith@jsmith.com, and I have a catchall so I can get mail for *@jsmith.com
Someone eventually bought jsmith.net for his business and now I get a lot of mail meant for jacob@jsmith.net sent to my jsmith.com domain.
Fortunately he uses just the one address and now I set up an autoforwarding rule to forward his jacob@ emails to him.
I made a throwaway/spam account with a silly name back in ~2007, and then in ~2015 someone established a fairly successful company with that name. I now regularly get job applications, tax documents, and employee timesheets to my email. They even signed up for the service that controls their website with my email.
I keep waiting for them to contact me about taking over the address, but as far as I can tell they don't even realize they don't control it.
>Oh, and I highly recommend providers that offer a "catch-all" feature. This way, you can have one main email address and unlimited <put something here>@yourdomain.com email addresses. It's useful to have it separated, like netflix@yourdomain.com, but still receive the emails inside the same inbox.
It would maintain a small pool of immediately-available addresses, since there might be latency in setting up a new one. When I need it, one is removed from the pool, recorded with metadata (e.g. purpose, duration, who to blame if it gets spammed), and in the background the process is started to restock the pool.
During the process I've been marking them in a spreadsheet with their 2FA status (no 2FA, TOTP, security key, etc.) and adding their passwords to a password manager.
This is all in case I ever need to go through the migration process again for whatever reason, or if I lose/break a Yubikey, I will know what I'm signed up for, and will know where to enrol my new Yubikey(s).
It really is a massive hinge for many people that isn't even really considered, most people's entire digital lives would be uprooted if they lost access to their email for whatever reason.
Thankfully that doesn't really ever happen to most "normal" people to my knowledge, since most just use Gmail, but I know it can and has happened through account bans or such.
Wouldn't it be great if Yubico let you back-up and restore a Yubikey?
It's maddening that they haven't come up with a reasonable way to allow a purchaser to register multiple Yubikeys to enable freely restoring backups between them. (Think of if analogously to buying multiple padlocks keyed the same from the factory.)
I'd prefer to be able to just set the same DKEK on the devices myself. Failing that I'd settle for Yubico being the arbiter. It would make the devices substantially more useful and less scary in loss / destruction scenarios.
My point is that there should be a mechanism to extract key material in an encrypted form. The backup could only be restored onto properly-prepared hardware (either by way of a device master key held under escrow by Yubico, or by an initial "seed" set by the user when commissioning the hardware).
Setting up multiple keys at the same time isn't just inconvenient, but actually defeats the purpose of backup. If both keys have to be present in the same place at the same time it's not a backup.
The workflow with tokens that can't be backed-up creates needless labor and risk. HSM vendors have solved this problem (albeit with tremendous vendor lock-in) but apparently that's too difficult for consumer token vendors to handle.
After setting them up, I store one or more at various other locations. The core services people use them for rarely change, and adoption outside of those important services is slow. Even if you only kept one at home and one on your person at all times, this might mean a key would survive something like a house fire.
If given the choice between a hardware token and a passkey, I would prefer the former since it is almost impossible for it to be tampered with (especially without physical access to it).
I do see your point about HSMs and see why people would want such features (especially if there are multiple interested parties involved).
That's the opposite of what would be good for general security, though. I want people using these devices for as many services as possible. Heck, I even enjoy the FIDO workflow when I've used it in corporate settings (where I have a recovery method that doesn't involve begging a FAANG company to please, please, please give me back access to my stuff). I would love to use it for personal stuff instead of mucking with a password vault, TOTP, etc.
I guess the argument could be made for using these devices only w/ your "digital feudal lord" of choice (Google, Microsoft, Facebook, etc) with the expectation that all other services you use would federate authentication with those various fiefdoms. I don't see that happening with banks, for example. (Banks would be a great example of a place where I'd want to see token-based authentication adopted. I am so goddamned tired of SMS "authentication" being used w/ to arbitrate access to my money.)
I also find the idea of companies federating their authentication with the big digital feudal lords, to the exclusion of local authentication, repugnant.
My problem w/ tokens as they are now comes down to the "you must have both tokens in the same place to enroll new accounts" workflow being bogus. It creates make-work for people. Any technological "solution" that creates make-work for people is wrong, full stop. For me this workflow would discourage using the token in favor of technologies I can back-up (like passwords and TOTP seeds). For "normies" people are just going to lose their tokens and be in account recovery hell.
Here's my pitch for how I think it could work:
Token vendor sells a very simple embedded device to "brand" tokens. The device has no communication capability beyond a display and a USB port to connect tokens. This "branding iron" is enrolled w/ a vendor-signed certificate at the factory. The tokens are probably already enrolled w/ a vendor-signed certificate at the factory. This establishes a root of trust for the tokens and the "branding iron". I don't have to trust the vendor for anything more than a hardware root of trust.
The end user would use the "branding iron" to create a master key and enroll it onto their tokens. The ergonomics are very important but, functionally, it's just spinning a suitably large random key, showing it to the user so they can make an offline copy, and loading that key onto tokens. There are a ton of ergonomic decisions to A/B test (does it have a PIN pad, does it use a Bitcoin wallet-style key phrase presentation method, etc), but the functional purpose is simple.
The user would plug their tokens into the "branding iron", which would wipe them clean and, using the root-of-trust shared between the devices, load the master key into all the tokens.
This makes encrypted backups portable between tokens. The backups could be stored anywhere. (I like the idea, since a lot of tokens are HID keyboards, of just having the token "type" the backup into an email or a text file.)
It is possible, using a cryptocurrency hardware wallet allowing to install tiny apps on the hardware wallets. These wallets are meant to initialized by a "seed" and there's a protocol to easily write down that seed (a list of words, all coming from a dictionary of 2048 words and the list of words contains a checksum in [part of] the last word).
Now from that seed, cryptocurrencies hardware wallet can derive any secret. And it's possible to derive a secret that's used like Yubikey.
So as long as you have your "seed" backed up somewhere, you can duplicate your 2FA key.
I did test the old U2F version, pre FIDO2/webauthn, using early Ledger Nano hardware wallets and it worked.
I think there's now a more recent version available but haven't checked that. A Ledger Nano S Plus, from their website, costs 70 EUR / 80 USD. I'd say it's not too pricey to try it and see if it could suit you. Check their available apps first and see if there's one that can simulate a Yubikey (or a similar 2FA security key).
I know HN loves to hate on cryptocurrencies but I'd say that at least the crypo-bros got the "you cannot trust your computer" part right. The attack surface of a cryptocurrency hardware wallet is not only minimal: it's minimal on purpose, built on the premises that computers were not devices to be trusted. They're literally built with the idea that they can be used on a compromised computer and you should still be safe, so there's that.
Yes. That's a thing with some HSMs, too. That's where I've had experience with this kind of protocol.
As it stands Yubico's tokens are unusable to me for personal purposes because they can't be backed-up and restored.
Step 1 : go with the one company that's known worldwide for abusive & permanent bans with no recourse.
This post is a bit too generic, but it's true that using your own domain for mailing is the best solution to avoid getting locked out. Although you need to pick a good registrar, too...
The saddest thing though is that in some ways Gmail is harder to hack into than some registrars. I remember a postmortem write-up from a guy who had his personal domain easily hijacked by social engineering someone at the domain registrar, which then served as the foothold of a larger identity theft attack against him. Google, by virtue of simply not even doing customer service, is much harder to social engineer, so the author of that piece pointed out that ironically if he'd put more of his eggs in the GOOG basket, he'd have been safer.
This seems like a potential rabbit hole.
Use a different domain with your registrar than the domain you’re registering. Same thing with DNS host. Do you have two domains with two registrars and two DNS hosts? Presumably if either one gets compromised, the control of one domain could be used to gain control of the other. And you’ve quadrupled your attack surface by having two domains with two registrars and two DNS providers.
I don’t disagree with you, but I also don’t know a robust solution for this (happy to hear one, if you have it).
Downloading email via POP or IMAP? Ever since I started using email in the 90's. I never deviated from it. In the old days, even the free mail hosts gave you POP access.
My own domain? Doing it for over 20 years.
Gmail will no longer support checking emails from third-party accounts via POP (support.google.com) https://news.ycombinator.com/item?id=45439670 - 6 days ago, 372 comments
It certainly does not get around the ...if your account gets banned maybe the forwards will still work... concept but in general something like https://github.com/joeyates/imap-backup to backup your email and then add them to a typical backup process with your other files works well.
1. 1 custom domain (<simple-word-or-two>.com): this will be used for friends, family and any online accounts that know me IRL.
Use Fastmail masked addresses with my custom domain where it makes sense like an online account for amazon.
2. 1 custom domain (<online-nickname>.xyz): this will be used for a blog, professional IRL interviews, correspondence, github.
Use Fastmail masked addresses with my custom domain where it makes sense.
3. Masked emails using fastmail.com: for online accounts that are ephemeral, random newsletter signups etc. Don't want to associate any of my custom domains or IRL identity. Don't care if these are portable.
My main goals are:
- Separate my online identity/alias used for my blog (2) from gov entities, banks etc (1).
- for more anonymity/privacy use the fastmail.com domain with masked addresses to blend in with others on this domain.
I'd love feedback and to read what you do if you want to share :)
The only thing that I would add is that I prefer to "salt" my single-purpose email addresses with a bunch of random characters to prevent enumeration attacks, since it would be trivial to figure out the email address that I use for different services by just guessing. If I used amazon@domain.net, I might also use uber@domain.net, etc. Adding a salt prevents this from happening.
I got banned by .xyz once. I did manage to get it cleared up, but being banned by the TLD itself is pretty unpleasant. It's hard to even figure out that's what happened. And then I had to "prove" I was no longer distributing malware, with a list of what things I'd done to clean up the site and prevent further malware distribution - which was difficult as I was never distributing malware to begin with. Just a static website for a wordle variant, no ads or other 3rd party content.
1. Email providers need to be required to forward your email to your new address for a year if you ever lose your email for any reason.
2. Domain registrars need to save your domain name for a year and allow you ample time to reregister if you ever let it lapse for any reason.
Then use mail client instead of webmail. I use thunderbird and have multiple boxes I just backup Thunderbird profiles folder to my NAS.
To have copy of all your mails locally or to back them up to NAS, having desktop mail client is much easier way than setting up mail server.
A light Google search tells me that it is possible with several different providers to pay for up to 10 years in advance. Still, the exact same issues can happen at the 10 years and 1 day mark! How do large corporations handle this problem? Do they have a special contract where the domain register will always keep the domain registered, then bill the corporation directly? That seems like a business venture with juicy margins.
In before:
* running your own mail is too much of a burden
* I used to host my own mail but I couldn’t figure out DNS or used a bad IP or something and Microsoft/Gmail won’t accept my mail
* if “they” want to ban you they will just seize your domain or kick down your door and shoot your dog
* it’s good that they can ban you from your email because I don’t like spam
Edit: lol, I was not in fact “in before” the comment about domain seizures. Unbelievable.
For most people, who are not doing anything shady/controversial with their domain and are using a .com or .net domain (which are price regulated by ICANN), are not using a shady registrar and will always have the cash on hand to renew as needed, the answer will be Google and co.
Its a good idea to set up auto-renew on a credit card, so you can be sure it will go through and you won't forget to renew it.
Most domain registrars will at least have some customer support.
But good luck getting support for a free gmail account.
As a bonus, if you install notmuch you get quick offline searches and can "mine" your email with shell scripts (or easily share it with sam altman if you're into that kind of thing).
(Alternatively, if you prefer being GUI, just install Thunderbird – this can also download your full imap and give you local search. You don't even have to use Thunderbird for it to be useful as a backup; it's probably the easiest way to quickly become more independent from google randomly deciding your account should be locked, which does happen.)
If I host my blog, assuming I actually start making posts, on GitHub with a custom domain, when I die then the domain will likely expire and the blog is no longer accessible. If I keep it with my GitHub .io url, it’ll be there for as long as the account is there.
The author makes a good point, your email address is (arguably) more important than your home address. Perhaps there already are, but I hope for better safeguards against these kinds of attacks.
1. Specific known compromised TO addresses are sent to devnull.
2. Specific FROM senders are whitelisted.
3. Three or sometimes four heuristics engines evaluate. If any of them pass the mail, it goes to a separate new-senders inbox. I thus get maybe a dozen spam messages per week in that box - and five figures of messages rejected.
I used to tweak it a lot, now I just occasionally add another FROM address to the whitelist.
We need a law that just like you are required to let people drop from a mailing list, there's a law requiring one ack or click on a link to join a list. I always get on legit lists that will stop once I request. But in a month I get 100+ new lists often sending me 10-50 messages a day.
2) in case of hard to remember address, what do you do if asked to write it down with no access to your records? (It happened to me once before)
Something someone couldn’t guess, like:
<uuid>@domain.com
c4694056-63dd-476f-9823-2548aa3d754a@domain.com
> in case of hard to remember address, what do you do if asked to write it down with no access to your records?
It’s a tradeoff. You’d probably want to use the cryptographically secure addresses sparingly.
Another option would be to use your password manager to create a “memorable” password, which is usually multiple random words, like:
essay-curve-white-cable@domain.com
But again there’s only so many of these you’ll memorize, so use sparingly. Compare it to the cost of just changing the email. Maybe with a bank it’s more work and risk, so it’s worth the added effort, but if it’s the email you use to order pizza, just change it.
Say someone gets into an account you use to purchase stuff (Amazon, etc), but they don’t have access to your email account. They sign you up for this mail flood, then start buying stuff with your Amazon account, and legitimate notifications of purchases are lost in the noise with many thousands of emails from everything from Apple to Chuck’s Boat Rentals.
Using a unique and unguessable email lowers the chances of a more important account being affected (obviously at some point we’re splitting hairs).
2) Yes, this is a problem.
About once a month I go and drop myself from the latest lists. There are many magazines and whatnot where you can sign someone up for 100+ mails a day. Only a very few of them send you a message you have to ack to start the flood. Most just start the firehose without checking.
I'd like to hear what other people do to address this.
Not sure what's the best way to handle this, I had my gmail account since the early days and it's baked into so many important accounts. It definitely crosses my mind what it'd be really difficult if I were blocked out somehow.
Personal email domains makes you very identifiable just by lookung at your domain.
Using aliasing services (e.g. Mozilla Relay, Addy.io, etc.) with their default address generation ensures your email address itself does not disclose your domains when the eventual data breach occurs.
Plus catch-all addresses makes you an easy target for spam by sending to any email address on that domain vs need to know specific email address on typical email services.
Also when you pick an email provider, pick one with a good privacy policy.
Are there registrars that let you walk in with a physical ID to proof you are you in case your email gets compromised and they get access to the registrar? Any experience with that?
There's a chance forwarding is better than fetching. I once had a Gmail account stolen, and account recovery was locked for some reason, but email forwarding had been set up and I was still able to get all emails the address received.
In case it's relevant, I happen to use Fastmail now and their "mail fetch" feature involves imap.
Before SPF and the like, it used to be trivial to also send email with a different From address (like your existing Gmail address) from your own server, but that’s not the case anymore.
They can also serve as a sort of snapshot of a certain point in time that’s very effective at jogging your memory. I’ve had occasions where old emails reminded me of things that happened that I’d nearly forgotten or conflated details about.
Why bet on that instead of doing it the other way around (i.e. making the self-operated mail server the primary that forwards to the service provider inbox), or at least practicing doing so by pointing the MX records accordingly?
The forwarding MX would need to support things like ARC and DKIM, though, or the forwarded emails themselves run a high risk of getting dropped as spam by the third-party provider.
What I’m slowly doing is staggering my addresses by importance - trying to separate personal from all the spam / registration / etc.
Saying that it’s probably been years since I used email to actually message someone.
(alternatives for other OS: https://alternativeto.net/software/mailsteward/)
Then I put the database on multiple backup locations regularly.
Another thing, some people do not already know: If you don't need a throwaway-adress for some services, and you just want to make your mailbox more structured, you can use '+' before the '@' to add another word to your email adress.
Like: your.name+randomName@gmail.com
The +randomName will be ignored and the emails are received at your.name@gmail.com. But most Servers (I use) will put a '[randomName]' before the subject of the received email. Which can be quite handy for handling your emails. Even more, if the company uses multiple different adresses to send you emails.
I've switched 3 years ago to a hosted forwarding service forwardemail.net
Pros:
* Allows to switch email providers if needed
* Allows to forward email to multiple providers
* Allows to store backups of emails
* Allows to have emails on multiple domains for different contexts (personal/professional/projects/etc.)
* Allows to have different email addresses per service. If you get spam on that email address you can just stop forwarding emails for it.
* Allows to have reliable mail rules based on the email address
* Allows also to send emails from multiple addressses
* Most spam is filtered before it reaches the inbox
* Open source
* Would be easy to switch to a different email forwarding service if needed (or self host it).
* Excellent track record over 8+ years
Cons:
* They have the potential to snoop on your emails. Any service that's really important would have 2FA enabled, so I accept the risk.
* They have the potential to send emails on your behalf - again, they've earned my trust, so I accept the risk for that.
* Add another point possible failure. So far I haven't noticed any issues with it.
* There's greylisting that delays emails for 5 minutes if they are not on the whitelist, which affects some of less common sending services.
* In very rare cases, some services ban registering with a forwarding email addresses.
* You need to make sure you don't lose your domain. I renew it 5 years before expiry with a reputable domain registrar (NameCheap).
Overall, it's been working great for me.
The contractual requirements that ICANN imposes upon registrars. They can’t just take your domain for any old reason. The rules are fairly well defined and registrars can lose their accreditation if they do not follow them.
https://www.icann.org/en/contracted-parties/accredited-regis...
This is not sufficient. Even your domain can be seized. There is no way for any service dependent on the DNS System to be irrevocably owned.
All you need to do is get an ISO-3166-1 alpha-2 code issued for you, and then never change your name, and you're golden.
https://en.wikipedia.org/wiki/Top-level_domain#Historical_do...
Substitute “criminal activity” with “someone with power that doesn’t like what you’re doing”.
Consider the eBay stalking scandal [1] and ask if those doing the stalking would be willing to bribe or coerce someone to seize the blogger’s domain.
Trademark makes sense, ICANN has a whole program around that: https://www.icann.org/resources/pages/trademark-infringement...
As for political pressure, do we have any examples?
Consider the eBay stalking scandal [1] and ask if those doing the stalking would be willing to bribe or coerce someone to seize the blogger’s domain.
Has ICANN (or registry) ever been bribed or coerced? I understand a low quality registrar can, and can possibly take over a domain, but there is recourse (and punishment such as loss of registrar status) around these situations. I would of course avoid these micronation tlds and stick to well established tlds like com/net/org.
Not that I know of. But it would be quite remarkable for an organization with a global choke point to resist attempts at influence indefinitely.
The upstream comment correctly mentioned owning a domain name being insufficient to be unbannable. There’s no mechanism with owning a domain, or DNS, that’s able to be defended by an individual (nothing like encryption, for example). It’s just someone with more power that allows it, until they don’t.