[bellweather49]

I've been considering getting my own domain for email for some time -- the benefits are obvious. But I have one concern. If I use the address `mail@my-real-name.com`, does this pose a privacy threat? If someone wants to try and track my activities online, they can take that address, which is clearly tied to me (especially if, say, I use that domain for a blog too), and then go to ashleymadison.com (does that still exist?) and try a password reset for that address; many sites poduce differing responses to password reset requests depending on whether or not you have an account there. If the response is "We've sent a password reset link to that address", rather than "There is no account with that address", then people now know I'm a philanderer.

I've even heard of people writing a bot to do this across hundreds of sites; it's very interesting to see which C-level executives have been using their work accounts to access sites they shouldn't have.

The obvious advantage of having a GMail or Outlook address is that only Google or Outlook have to know who you really are; the address could be anything you want and doesn't have to be related to your real name. In addition, you can do as I do and have multiple addresses -- not the "throwaways" which people often speak of, but simply different addresses for different online activities -- so that if an account ever got compromised, there would be no way to link it to any other account.

Email security and privacy is a hard problem to solve.

[uzakov]

There are a number of things you can do that can help you with your privacy and security:

1) Have a different online identity for things that can compromise you/you feel uneasy about. We are talking about a "full identity": number, email, maybe even things like Linkedin

2) Perform Threat modelling

3) Getting own domain is always good, as it gives you the control of your life

If you are just starting out, check out "The Smart Girl's Guide to Privacy"

[bellweather49]

These are all good points. I guess what I'm getting at is that if you have to have multiple identities to ensure privacy, then you somewhat defeat the point of having your own domain, unless that is, you have multiple domains that you own.

I don't particularly have anything to feel uneasy about. It's more the idea that I don't want one central domain that I use for everything which is tied to my real identity, either through the domain name itself or through the whois record (although I think you can pay to have an anonymous whois). It seems like a central point of failure. There are documented cases of people having their identity stolen and numerous online accounts hacked because they used the same email address to sign into various services. If you know someone's email address and one or two other things about them, social-engineering your way into other services they use seems to be relatively easy for a skilled attacker.

This is all somewhat paranoid thinking, but I don't want to go the hassle and expense of getting my own domain, only to that it is a less secure or private option.