[MrPatan]

I can't help the OP, but I can help you, gmail user reading this:

This WILL happen to you. Get your own domain and set up email through it ASAP. Use some free one, use a paid one (I like fastmail), but get it done now. Then migrate all your accounts to it.

[dmd]

I really really want to do this but am stuck on Gmail because of their spam filtering.

Is there ANY other provider that does spam filtering that actually works? I tried Fastmail, but I receive so much spam (>600 per day vs. ~20 non-spam per day) that only Gmail's spam filtering is good enough. I've tried others (like Fastmail) and typically ~50/day get through their spam filters, vs. at Gmail where on a typical day 1-2 get through.

(Why do I get so much spam? Because I've been using the same email address, never hiding it at all even on Usenet, for 25 years.)

I would pay a lot of money - like I'd be willing to pay 4x what Fastmail charges - to get off Gmail, but apparently nobody else can do spam filtering.

[mbirth]

Get a domain. Then get an email provider that allows unlimited aliases (I'm using German UberSpace).

Then start setting up unique email addresses for each service, e.g. ycombinator.com-abcd@yourdomain.com . The "abcd" part should be random for each service so it's impossible to guess your other email addresses.

I also use yearly throwaway addresses, e.g. 2022abcd@yourdomain.com, for when I need an email address without having the means to create a new alias first. (I then change that later.)

Should spam starting to appear, you'll know exactly which service "got hacked" (i.e. sold your email address) and can just disable that alias and create one with different random letters. Also when deleting an account somewhere, just also delete the alias and you won't get any mails about signing up again.

It takes a bit of discipline but it gives you lots of control over your inbox.

[kettleballroll]

I've done the same, but apparently no one ever sells my email. Did your effort ever pay off?

[mbirth]

Yes, various times. Mostly LinkedIn and a few other services that vanished but seemingly sold their userdata. And 2 or 3 times I've got spam before the company announced that they got hacked.

[cube00]

Paid off for me. Very satisfying busting a company selling my address and bringing to their privacy officer's attention as to why I'll never be a customer of theirs again.

[nerdzero]

I've been doing this for years and have had maybe 4 addresses compromised out of a couple hundred.

[malka]

same here. I was expecting a lot more re-selling of my email adress to be honest.

[moreira]

I'm sure you're aware, but if not, Fastmail trains a spam filter based on your email[0], and after you train it, it -does- get better. It just takes time. I haven't had my address for as long as you (only 15 years or so), but I have been just as nonchalant about sharing it openly. I get plenty of spam, but it's all sorted automatically now, and I don't miss Gmail.

[0]: https://www.fastmail.help/hc/en-us/articles/1500000278142

[dmd]

Yeah, well aware. It's not the inputs, it's the algorithm, it seems.

[zaphodq42]

Fastmail's spam filter is great if you are willing to put some minor effort. Read this: https://www.fastmail.help/hc/en-us/articles/1500000278142-Im...

Fastmail works great for me. I do not miss any emails as junk nor do i get any junk in my inbox because of using the methods explained in the link above.

Controlling your own email address is the way to go. It takes consistent effort to migrate but worth it when it is done.

[jjav]

> (Why do I get so much spam? Because I've been using the same email address, never hiding it at all even on Usenet, for 25 years.)

I've had my same email for about as long as you (maybe 1-2 years more), never hiding it at all including Usenet.

> I really really want to do this but am stuck on Gmail because of their spam filtering.

gmail spam filtering isn't very good. Lots of false positives which is far worse than the occasional false negative. I have a gmail-hosted account for work and it's very annoying.

I host my own email infrastructure and spam isn't a problem. With a bayesian filter trained on my content, I rarely see any spam. Maybe like 1-2 per month? I don't keep track, it's very rare. And no false positives ever.

[ajb]

You can use Gmail with your own domain, and download all the email via IMAP/POP, or forward it all to another account. That way you get the functionality but not the dependency. This is the safest way to set up any cloud email account, even if you decide to move from Gmail to a different one.

[dmd]

I already do that - my domain is actually hosted at Dreamhost, and then mail is forwarded to Gmail.

[Froedlich]

> but apparently nobody else can do spam filtering. . I've experienced the opposite; I had to abandon one paid mail host because they turned their spam filtering up to "Thunderstruck!" I was getting about every third message on mailing lists, and other mail seemed to be about 50/50. They had drunk the Kool-Aid from whoever sold them the software, and claimed they couldn't whitelist or turn it off per-account, and I should be grateful that half of my legitimate mail was going into the bit bucket.

[kettleballroll]

I always assumed spam filtering is a solved problem, imnevernhad any issues with eg protonmail once I've trained it on a significant body (eg all my current spam). Im curious, how many positive/negative samples have you used/how much time have you given the system to adapt?

[dmd]

The last time I gave it a serious try, back in 2019, I gave it ~120000 non-spam samples (several years of real emails) and ~25000 spam samples (1 month of spam).

After that it was getting about 5% false-positive (so 1 in 20 real emails went to spam) and about 3% false-negative. For me, 3% false negative means 25 spams to inbox a day.

Gmail gives me about 0.5% false positive (1 in 200) and 0.01% false negatives.

[resonious]

Doesn't this just move your single-point-of-failure over to the service you bought your domain name from?

I suppose NameCheap and friends may be less likely to irrevocably lock you out than Google. And perhaps even if you are "locked out", your ownership of the domain will expire and then you can just buy it again from another registry... So perhaps you're right, but I wonder if there are any other reasons or caveats.

[josephcsible]

> your ownership of the domain will expire and then you can just buy it again from another registry

Aren't there predatory rent-seeking companies that camp domain expiration lists, buy them all, and then hold them ransom for tens of thousands of dollars or more?

[zinekeller]

> Doesn't this just move your single-point-of-failure over to the service you bought your domain name from?

Unfortunately this is very long but this has saved my butt countless times.

Everyone hates it, but it'll be better to know these definitions. TLD means top-level domain, the .com on ycombinator.com. Registry means the company operating the specific TLD, for example Verisign operates .com and .net. Registrar are those that handle registration, like Namecheap. Registrant is you or your company. gTLD are "generic" TLDs, .com, .net, and even those newfangled ones like .xyz and .dev. ccTLDs are two-letter (exceptions apply) TLDs attached to a sovereign nation or territory (like .uk for UK and .gg for Guernsey, a UK dependency), and from time-to-time includes (all US) .gov, .mil and .edu. For the purposes of this discussion, TLDs like .wales and .scot are gTLDs and not ccTLDs, but there are IDN ccTLDs like .рф and .中国. .int is a special TLD not generally considered as gTLD nor a ccTLD, and .arpa is a special technical TLD for internet maintenance. ICANN generally has jurisdiction over gTLDs, countries (usually governments or independent organisations int that country) control ccTLDs.

First: use only a registrar listed on ICANN: https://www.icann.org/en/accredited-registrars, preferably one that those clearly has presence in your country of citizenship/residence. Domain resellers (without ICANN accreditation) go bust nearly everyday and recourse is hard if you decide to go to a reseller, but an ICANN-accredited registrar is required to send who owns their domain to a trusted independent ICANN-approved third party (formally called an escrow, usually DENIC unless you're in China then it's CNNIC). This is not applicable to ccTLDs, especially those with restricted registration (like .cn, .kr and .jp), but ICANN accreditation means that they have a baseline to follow. This will only work if you provide complete and accurate WHOIS information, but if you're using a registrar which has a privacy service the information sent to the escrow is the real contact info and not the one that's redacted at your WHOIS. If you decline to provide real information unfortunately you have no recourse if something bad happens as it relies on you being contacted, even if it's through postal service.

Second: are your registrar accredited by the specific registry? For .com, .net, .name and some others, Verisign is the registry (the one operating the specific TLD): https://www.verisign.com/en_US/domain-names/domain-registrar..., and for .org it's https://thenew.org/org-people/work-with-us/find-a-registrar/. Newfangled gTLDs are required to serve a page at nic.tld (like https://nic.xyz or https://nic.dev). Unfortunately, it's hard to find who is the registry for your ccTLDs. Wikipedia might help though, for example .uk has information here: https://en.wikipedia.org/wiki/%2Euk and for .gg here: https://en.wikipedia.org/wiki/%2Egg.

Third: if considering a ccTLD, only use a one connected to your citizenship or residence, unless you treat it as disposable. I'm not kidding here. If you're using .io, prepare to migrate due to this: https://en.wikipedia.org/wiki/Chagos_Archipelago_sovereignty.... Notion is stupid to use Somalia's and this happened: https://news.ycombinator.com/item?id=26113444.

[duskwuff]

> ccTLDs are two-letter (exceptions apply)

ccTLDs are two letters by definition. Other geographic TLDs like .cat, .wales, or .london are not ccTLDs.

.gov, .mil, and .edu are not considered ccTLDs or gTLDs. They're technically in another category entirely: "sponsored TLDs".

> First: use only a registrar listed on ICANN […] Second: are your registrar accredited by the specific registry?

Both of these are guaranteed to be true by the governance structure of gTLD domain registries -- a gTLD registry cannot provide services to registrars which don't have accreditation.

> Domain resellers (without ICANN accreditation) go bust nearly everyday and recourse is hard if you decide to go to a reseller

This is not true. Resellers can "go bust", but the registrar of record (that is, the "real" registrar that's being resold) has the customer's contact information and can continue to offer registration services. In fact, they're obligated to do so.

[zinekeller]

> ccTLDs are two letters by definition

You forgot IDN ccTLDs that are indeed not two letters.