[brycehamrick]

Yeah I completely agree this is something that needs consideration. I do have an email address with my own domain but for security reasons any accounts I create are tied to my gmail address. I've known too many people who have had personal domain email addresses intercepted, particularly through compromised domain/DNS settings. One simple MX record adjustment could mean every single bank account, social media profile, etc. all can be taken over.

[miles]

> I do have an email address with my own domain but for security reasons any accounts I create are tied to my gmail address. I've known too many people who have had personal domain email addresses intercepted, particularly through compromised domain/DNS settings.

If your Gmail account is lost or compromised, good luck getting any help from Google; while G Suite support is decent, free Gmail account users are basically on their own.

Ask HN: Lost $400k USD in a deleted email, how contact a Gmail engineer? https://news.ycombinator.com/item?id=14452969

Ask HN: What to do about a wrongly shut down GMail account? https://news.ycombinator.com/item?id=2033474

Another account lost in the Google void – how many are there? https://news.ycombinator.com/item?id=17745761

Professor who refused to use other genders pronouns, was banned by Google https://news.ycombinator.com/item?id=14905384

[kbuck]

To be fair here, two of these are obvious user error.

In the Etherium case, he deleted the email and wanted to get it back 2 full years later. The only way he would have recovered from this would have been to take meticulous backups (and test them regularly). I would expect any 3rd party provider to honor my wish to delete data, especially 2 years down the line (and, in fact, they are probably legally required to do so).

In the "lost in the Google void" situation, the user set up 2fa but lost all access to their 2nd factors. I don't see any reasonable recourse to this, as any "solution" Google implements would undermine the entire purpose of 2fa.

The remaining two are obvious issues with Google's service. The "gender pronoun" one is a bit odd because gender pronouns don't seem to have anything to do with the account closure (there's speculation that he was mass-reported to exploit their abuse response systems).

[brycehamrick]

Is it more likely that your DNS host or domain registrar could be compromised or that Google might shut you out of your account? There's risks with either decision, personally I put more trust that my Google account will be there than in my registrar's security.

[eikenberry]

How does using gmail address compromised DNS? I mean if they compromise your DNS it doesn't matter who is hosting your email, they just point the MX at a different service.

[eikenberry]

Sorry, you're probably talking about using the @gmail.com domain where you wouldn't have to worry about DNS. I was thinking about custom domains in G-Suite.

[brycehamrick]

Yeah I'm referring to an @gmail.com address. I'm pretty confident in Google's ability to secure that.

[jakecopp]

Are you able to link to some info on how email could be compromised this way? I'd be interested to learn how to secure my domain.

[chillydawg]

Whoever hosts your DNS is the weak point. Account and login security with whoever they are is critical.

[brycehamrick]

DNS as well as registrar, which may be two different entities. You can either change the MX with the DNS host, or you can change the nameserver with the registrar.

[h1d]

> One simple MX record adjustment

Not sure if it's simple but how do you intend to protect against DNS record hacks?

[Brian_K_White]

google does the protecting against dns record attacks on gmail.com

"How?" is not the unanswerable question for them and for that domain, that it is for you & me and you&me.com