ProtonMail has come a long way as a replacement for Gmail as well. Suuuper happy with them, they're really responsive to feature requests and support inquiries. I requested for an iOS feature to choose browsers so I could open all links from PM in Firefox. They had it implemented in a month or something... it a quick fix but that impressed me. hence me shilling here
They recently added ProtonCalendar too.
Switching email isn't nearly as friction-free as switching your browser. Not only do you have to change your email in every service you've registered for, you also need to convince your friends and other contacts to use the new email.
The most important change you can make for your email is to own your own domain. Once you own your own domain, changing providers is much easier since it is transparent to the people that email you.
Even if you decide to keep Gmail, you should switch your email to your own domain.
One worry about tying your identity to your own domain, is the security of your identity (aka your domain) hinges on the security of your registrar. If a bad actor can socially engineer their way into controlling your domain, your entire identity is compromised.
owning your domain and having control of a domain through a trusted registrar is better than relying on the worlds largest advertising company to manage your digital identity (email), which is offered as a free service, that's subject to a catch-all ToS.
An isolated fail in 2014 by one vendor, primarily due to poor support processes, is not a convincing argument to keep all digital identities in Google's possession.
There's also the risk of Google shutting down your account because you do something they don't like. This will lead to a similiar outcome and you won't have any recourse.
I think that GP's point is that "safe" is a tricky word to use when your data is in the custody of the world's largest non-governmental surveillance network with a a catch-all TOS.
But do you lose your domain if google bans your account?
The requirement is being able to switch email providers, especially google, when they lock your account. You don't secure your flow of email with a domain if that domain is managed by google, too.
So my statement was a total comedic effort not to be taken seriously, I'd never suggest anyone use a company on the basis of terrible customer support. That's what the semi-colon parentheses at the end was meant to signify.
To attempt to actually answer your question, I believe the nature of the governance around registrars would ensure you have recourse to transfer your domain in the case that Google be Google. It might not be slick. I don't know. But, it's unlikely they can override the overarching policies for such things and continue being a registrar.
I think the bigger question is how much work it is to update the DNS servers with your registrar and then change your DNS provider. If google locks you out of your email that you use to manage your domain you could be in trouble...
If you don't use your google account for anything but domain registration, what could they even possibly ban you for?
While I am aware that Google tends to have quite a few false positive account bans, it is one of the most extremely unlikely things to happen, if all you do with it is pay for your domain registration.
I generally trust the major cloud providers a bit more than the companies focused on acting as a domain registrar.
The domain registrars are generally a race to the bottom and focused on "add-on" sales as most people are shopping on price and that's going to reflect in the overall quality of the things that most people don't really notice like, y'know, security and validation.
You don't hear a lot of stories about Amazon/GCP/Azure handing over someone's entire account based on a couple digits of a credit card number and it would be a PR nightmare if they did (hell, look at the flak they catch just for the data that people leave public on their services that ends up released... imagine if they handed it to someone). An active account with 2FA/etc enabled and a secure recovery email is probably safe enough for most people.
Spend the extra couple bucks to register through one of those guys instead of JimbosDiscountDomains.
Or… use a smaller registrar which actually charges more in order to provide support which you can contact personally. Most (if not all) large registrars are indeed in a “race to the bottom”, but that does not mean that all registrars are.
(Disclaimer: I work at such a small registrar. No, I’m not going to tell you which one; we aren’t targeting the global market, anyway, only our local area.)
The main issue raised several comments up is portability. No provider locks you to only using their email offering/cloud offerings if you register their domain through them. Even if they did, transferring domains is trivial and well-supported everywhere.
As far as any other objections people usually raise around using hosted email and the like, a domain really has no comparable privacy implications in the real world (you're not handing Google or Microsoft a huge corpus on your life). It's also through their enterprise offerings where as long as your bill is paid they're generally not going to have some automated review suspend your account with no reason, and if they did they have actual support you can get in touch with.
This solves basically all of the problems with using an @gmail.com/@outlook.com/etc email address.
Google, Microsoft and AWS offer registrar services becuase it keeps you in their ecosystem for their higher margin products. THey generally offer competitive pricing for things like doamin registration and don't pull stunts like charging 2x as much for "privacy protection" or the even more dirty tricks like godaddy and other bottom feeders.
I recently trialed hosted email with AWS and while it is very basic it only costs 4/user/month - cheaper than my google apps service. I was also able to register a new domain at market rates and get dns automatically setup (I think?) on AWS as part of the service. Now because I tie my monthly AWS spend with my registrar I'm more confident I can get some customer service as well.
staying inside a vendor's ecosystem for very selective services can actually work out quite well, as long as the seller/customer incentives align and they are relatively commodity services.
I use Namecheap too, but they took forever to add 2FA (it was added a few months to a year ago, maybe?) and I don't have any faith they'll add FIDO2/U2F any time soon.
EDIT: Oh daaamn it looks like they did it! Huh, faith restored. jgc, CloudFlare should follow!
EDIT 2: I'm just full of failures today, CloudFlare supports U2F as well. This is great news all around.
I've been happy with Joker and AWS Route 53. I've used Joker for years and years; at the time they seemed sane both technically and as a business, and that's how it still feels. Route 53 is more recent, but it's been solid and reliable for me. And it's been very nice to control it declaratively with Terraform.
EasyDNS (https://easydns.com), based in Canada has been around for years, and has a good reputation for not blindly actioning DMCA requests (which can be important for some). :)
I agree that that would be catastrophic, but I’m not convinced that using custom DNS changes my risk factor. If someone took over <my name>@gmail.com, they could do as much damage as they could by taking over <my name>@<my domain>.
Yes, but there's still an increase in the attack surface - it's a lot harder to convince a registrar to turn over gmail.com than <my domain>, for most values of <my domain>. It's not a deal breaker, of course, but it's something to consider when looking at the risk factor.
> Even if you decide to keep Gmail, you should switch your email to your own domain.
Do you pay for Google Domains, or just have some other thing forwarding to gmail, and gmail configured to send with that as a 'from' address, which I think is possible? What's your advice?
You can just do forwarding. I’ve run my own mail service since the 80s, and when I need a google login to work with someone I just create it and forward my mail. When the project is over, just delete it. Easy-peasy.
Unless a client wants to use google docs I‘ve never found an account to add any value anyway. I don’t use google search much any more but when I do it works fine without cookies.
And I try chrome occasionally (it’s needed to use google docs) but it uses too many resources to use as any kind of default. It’s also harder to enforce privacy with it.
Oh, ok. In my case some of my servers are over 20 years old, though I run less critical services on them. My newest machines is about 4 months old. My buddy in the rack next to me is a few servers from the same batch as my 20 year old ones. Obviously the most critical stuff runs on the newest hardware but when you’ve had a machine running uninterrupted for a decade or so why mess with it? Annualized cap ex + the op ex is negligible at this point.
As personal servers of course “critical“ is pretty idiosyncratic, though I have used them to start and host various companies overnthe years until it was worth giving them their “own” hardware and identity.
I admit the age of managing a rack full of servers in a colo has largely passed.
There is always a risk of loosing an asset, that includes hijacking. However to reduce forgeting of renewal there is the recipe I have once read here on HN:
Renew your doman for 10 years now, and then every next year do 1 year renewal. If you forget it then you still have 9 years of buffer.
If your domain name provider is serious, almost none: there's a transition period (a few weeks) between the expiration date of your domain and when somebody else can buy it again. So if you forget to renew it, your emails stop working and you'll renew it really quickly ;).
Source: it happened to me last month (the provider being OVH).
Most registrars are going to send you multiple emails leading up to the expiration, when it expires, and after it expires reminding you it expired. You'd have to miss a lot of emails.
And once it has expired, you have (depending on the TLD) over a month of grace period where it's not available for general registration where you can still renew it. You'd have to miss the fact that all of your services were offline for over a month.
I only work with a company who’s team I can actually call. i pay a bit more, but that direct access is great.
It’s actually hard to lose a domain if you have a good registrar. There is 90 day quarantine period even if you cross the renewal treshold. You can also domain lock, which means you need to manually unlock a domain before moving.
That's we something like PayPal is nice, your cards can expire and be replaced without interruption to automatic payments.
And like the email problem, you don't have to go around changing it every couple of years.
I feel your pain.. I accidentally let my main blog domain go a long while ago when I decided to drop most of the domains I was holding.
Beyond this, I've had a few pretty good ones over the years... right now, I've got about 30 of them, and just keep thinking I should let most of them go.
I recall seeing this recently on another HN post, where they had set up a blanket forwarding rule from their Gmail to another email account. Their Gmail later got dinged but the forwarding rule continued to work.
Have to respectfully disagree here...we tried protonmail for ages and it wasn't good. Wet feature adding it sounds like you got lucky but we ask for several features over the course of a year - ranging from simple things such as HTML signatures (that they fully support, they just hide the button on their editor) to more enterprisey user management 2fa enforcement style features and it just didn't hold up in the slightest. No features got added and we ended up going back to o365..for a personal email it's ok though but I wouldn't tout them as responsive to feature requests as this wasn't our experience at all. We were a sma the on their visionary package if that makes a difference.
You don't have to switch overnight, i simply forwarded all my incoming Gmail e-mails to my new account, and then reply to all my Friends (etc.) from my NEW e-mail address. That way they will all, eventually, automagically update me in their address book. It worked very well :)
ProtonMail user for years too. And non-tech people who get my e-mail immediately like (and ask about) the protonmail.com domain, which opens up an avenue to discuss privacy and the upside of non-Google products.
I'm a paying customer (paid for 2 years upfront), and I only found out after paying that ProtonMail has an incredibly poor implementation of 2FA. All it supports is app-based authentication[1].
No support for U2F (FIDO) keys[2].
No support for sending SMS to phones.
In comparison, my Google account is protected with: (a) three distinct U2F FIDO keys that are stored safely in different countries, (b) three separate phones for SMS authentication (my phone, dad's pone, mom's phone), (c) lastly there's the authenticator app which I rarely use. This is so much more versatile and reassuring that ProtonMail's extremely-mininal 2FA implementation.
Also, ProtonMail has no excuse for not supporting SMS-based 2FA. They can send a SMS to your phone, when you setup a new account -- but for some reason can't do this for 2FA. Despite being a paid service, they trying to save on the SMS charges that SMS-based 2FA would incur?
Not sure about the other stuff, but SMS 2FA is generally frowned upon for auth.. though obviously they've decided it's fine for the one time setup just as a verification on signup (not used as 2fa in that case, more like crude proof of identity). U2F has been a challenge for everyone from what I've seen.
I think most people are never going to choose ProtonMail, but it can be good for people who like simplicity and consistency. I don't need a million bajillion options, "plugins" or "apps" for my web mail. Just show me my emails, let me load attachments, and I'm good. That's why I pay for ProtonMail instead of Gmail. Well, that and all the other reasons to distrust Google.
Is there a provider that lets you send emails from free format users on your domain? With catch all addresses the mail goes into my other@domain account. I use a different email address per site. Now with gmail if I want to reply with that account I first need to create it as an alias. If I want to reply from my phone it even needs to be a full account. Is there any way to fix this? Short of using mutt and write the from header myself?
I can do this with fastmail, though fastmail is a subscription (like $5/month? IIRC, mine auto renews every 2 years so not sure). I have my primary email setup as <firstname>@<lastname>.org. If you set your dns records correctly with them, that allows you to use without any ahead of time setup <randomtag>@<firstname>.<lastname>.org. Setting a different tag where I have <firstname> is can be done too, but you need to set those up individually.
replying to emails, I can change <randomtag> to whatever I want.
They also offer random domains that you can setup burners under, though that does involve some ahead of time setup.
Fastmail lets you create wildcard identities like this so you can send from any username at any domain you have with them, but if you are sending from a third party app you usually still need to set up the sending identity in the app itself, which is annoying. The email programs I've tried haven't let me type arbitrary addresses into the 'from' line.
Many programs won't even automatically reply from the same alias the message was received at.
I used protonmail for a week, but i got tired of waiting hours and days for some emails to arrive. some we so late the verification links were no longer active. ugh, if only proton mail was up to par with Gmail.
