Ask HN: How do you solve the domain registration, custom email circular problem

25 points by wanderingmind ↗ HN
I'm looking to transition from gmail to a paid vendor (ex: Fastmail). However, as suggested in HN multiple times, I want an email with a custom domain name. However, the domain registrars like Namecheap will require an email for registration. What email to use for registration and what if I lose that email access (Gmail block). Ideally, looks like I will need 2 domains registered at 2 separate registrars and 2 separate email providers for cross-registering. Is there a simpler/cheaper way to solve this problem?

15 comments

[ 0.22 ms ] story [ 50.9 ms ] thread
What I have is two domains that have differing expiration times. But it hasn’t really been a problem.
Do you have a "default" e-mail account like "your_name123@your_isp.net"?

Obvious downside: you gotta keep real careful track of where you use an e-mail address like that. If it's your "final/reset" contact, and you change ISP's...

If you decide to use a webmail site, you can use the default email they provide as the registration email for the domain. Then, use the same webmail with the custom email too.

I use Protonmail for both and it works perfectly.

You could get a free email from a provider you trust. I have my domain's email in protonmail and use an email from another provider for my domain registration. I only use that email for important accounts, specially ones that I need to be able to access to control my domain (domain registration, bank, DNS/VPS hosting, etc)
Anybody know any good, tested practices for reducing the risk of your Gmail/whatever getting blocked? Do you think if you don't use it for social purposes, don't buy or sell from Google services with it, always log in from nonsuspicious IPs in the same country, etc, that your chances of a ban will be significantly reduced?
No, that's the exactly problem. Nobody knows why they ban accounts. And once an account is dead, it stays dead, no matter how much bad press they get (see the guy that sent a photo to their doctor). I've seen well described in another comment: it may as well be a guy that throws darts at a list of usernames
This comment is only about Gmail.

Tested practices: Nope. Nobody can tell you that because it's Gmail's secret sauce to handle abuse, spam, disagreeable people, etc. Even if you follow a 20-point protocol to secure your account, there's no guarantee that Gmail won't block it and never allow you to get it back. It doesn't really matter if your email address is not sending spam or not logging in from random IP addresses from different geographies or is always accessed from the same devices and same browsers.

Good practices:

* at the cost of your privacy, connect/link one or more phone numbers to your account so that you can use those for recovery. Gmail values phone numbers more than recovery email addresses.

* setup 2FA with a TOTP app or with the Google app on your smartphone or with a hardware key.

Best practice: Ditch Gmail and use any other paid email provider that provides customer support. Life is too short to suffer through Google's shenanigans and lack of customer support. The more you allow Google to surveil you, the higher the risk that some random event could trigger an opaque ML algorithm to flag your account for some violation and all forms of support will stonewall you with no help whatsoever.

You can edit your primary email in namecheap, as well as all contacts.
I use Fastmail with my own domain then I use a masked email using the Fastmail.com domain for my registrar account email. Because I login to Fastmail via Fastmail.com, it works fine. Masked emails are tied to a users account forever, too, so I think this method is pretty safe.

I used to just use my gmail account and forward it, but recent stories caused me to evaluate how to eliminate the Gmail weakness.

If you close your account, I wonder if masked emails remain locked to your account or become available again for someone else to register?
They are locked forever to your account after you create them. I created one months ago, deleted it, but Fastmail has a history page that lists all the masked accounts you've ever created, with the possibility to restore them (IIRC), which is the sanest and safest option. Recycling names would be a security nightmare for users.

I rarely use it but I think it's Fastmail's killer feature. They've done a great job with it IMO.

That’s why your domain provider should allow your account to have:

- backup emails and/or

- editable email field(s) that is secured by your 2FA/MFA/SMS/TOTP

Its allwayas a problem in the beginning but yes email is the defacto -auth- mechanism out there.

I have been and will always be using exchange from a reputable source (in my case OVH). I pay money for my email because its now their problem to keep it running. After that I add dns protection to my domain so it can not be changed on a whim. For it i have like 100 aliases setup which I give out to the vendors I use.

But yes, after initially signing up with a freemail, I changed my main email to the one provided by OVH. Why? because I can verify myself with my invoices even if two FA and everything else has been taken over.

There really is no ideal setup, because email was not designed for it. Its a messaging protocol and not an auth mecahnism, that it can be used that way is coincedence.

USE 2FA. Use a dedicated device for auth, because those are designed to be with you at all times. Like actual keys.

The probability that someone will actually hack your icloud backup with your 2fa app backed up into it, are way less likely then one of your passwords leaking.

I'm not sure about cheaper, but you could use an email address from another provider without a custom domain. That could be an @fastmail.com (or other domains Fastmail supports) address or an email address from Posteo.de (paid) or Tutanota.com (free/paid) or Mailfence.com (free/paid) or ProtonMail.com (free/paid). The risk of getting locked out is negligible with these providers. Fastmail and Posteo have been around for a very long time and it's not likely they'd shutdown in the next decade or two (giving you plenty of time to re-plan as time passes).

You may change the email address with your domain registrar at any point in time to manage future risks.

My suggestions:

* stick with a (preferably paid) email account on a domain that's not yours but is likely to be around for a long time

* choose one of the common TLDs like .com or .net or .org for the email address (these TLDs have the least likelihood of disappearing or being blocked by anyone)

* make sure you keep the email address active (by logging in and/or paying on time)

Cant' you just change the email you used for registration later on?