Ask HN: How do you manage the risk of losing access to your email address?

[eminent101]

Hello HN! After a recent story about how someone lost access to their email address after using it for 10 years, I began thinking how I could prevent this kind of nightmare in my life. Some alternatives often suggested:

A. Pay for your email. Use Fastmail. But how do you guarantee that Fastmail won't screw you over someday? Get a lawyer! But how would the law work across countries? Not everybody lives in the US!

B. Buy a domain name and host your own email address. But you don't own domain names either. You rent them from someone else. There are so many failure modes that can make you lose your domain. Missed payment. Error in admining it. Fake abuse reports triggering takedowns. How can you avoid all of these failure modes? Get a laywer! But again, laws don't work very well when there are geographical boundaries.

So must we always buy a paid email service from our own country where if things go south, we can hire a laywer and rectify the matter? Must we always buy a ccTLD of our own country if we want to host our own email?

[mmh0000]

Here's how I do it:

* Buy your own domain, (Through a reputable registrar that has existed for a long time (enom; joker; namecheap; aws).

* Host DNS through a 3rd party (Cloudflare in my case)

* Use Fastmail for email hosting on my custom domain

* Run a nightly cronjob using offlineimap (https://github.com/OfflineIMAP/offlineimap) to sync all hosted email to my local NAS.

This protects me from:

* Fastmail bans me: I'll pay for email hosting elsewhere, update DNS records, and upload all my backed-up email.

* DNS host bans me: I'll move to a different DNS host.

* Registrar bans me: I'm a little fukked; old emails are backed up, but new emails would be tricky. Though, this is much less likely

* House burns down: Buy a new house and NAS and redownload all my email.

* Nuclear war: I'm dead and email doesn't matter anymore.

[thiht]

Just a few points of attention: if you use a ccTLD (2 characters) for your domain, make sure you’re using the ccTLD of the country you live in, and make sure you have no plan in permanently moving to another country. ccTLDs don’t necessarily follow ICANN rules and can change their rules as they see fit, overnight. They can decide that you’re not eligible anymore if you don’t live in the country for example.

This happened with .eu for example, UK residents stopped being eligible to own a .eu after the brexit. Another example is .au, they started requiring an Australian presence in 2022.

My advice as someone who worked in the domain name industry : just get a .com or a .net. There are also some reputable newGTLDs (.dev for example), but you can’t go wrong with .com/.net.

[eddd-ddde]

What if you survive nuclear fallout? I don't think this has enough protections...

[cdaringe]

Have you ever been a victim of domain squatting? One time I went to renew my domain one day late. Ask me how that went.

[mmh0000]

No.

I prepay for all domains five years in advance. I have a calendar reminder to add additional time every year in September. Plus I have auto-renew enabled, but, I don’t trust fully trust it. Hence the calendar reminder.

[pwg]

The answer depends upon what risk you wish to protect yourself from.

If that risk is: my 'free email' provider decides to shutdown my email with no notice, then the risk mitigation is: "buy a domain name".

Do note that "buy a domain name" and "host your own email server" are orthogonal. You can "buy a domain name" and pay someone somewhere to "host an email server".

If your risk is: my domain name provider will terminate my domain name arbitrarily, well then, you are getting into very expensive territory where you'd have to become your own registrar, buy a TLD, and so forth. But then you just moved the risk up to "my TLD provider might terminate me".

Eventually, you realize that there is no way you can mitigate all the possible risks (not without personally owning all the world wide internet infrastructure), so you stop worrying about the "what ifs" that are so remote that they will never happen.

The simplest, lowest cost, and most risk removal is simply: "Buy a domain name". You eliminate so much of the risk there that the remainder becomes "very unlikely to happen territory".

If you own the domain name, then you get to move it around to different servers (and, as email natively supports 'backup servers' you even get to have multiple servers hosting it, provided you want to pay for the expense of doing so). This mitigates all the risk of any given "server provider" dropping you. You just move the domain to another and you are back in business as if nothing happened.

Your second step to mitigate risk is to never, ever, leave the only copy of your email archives on any of the servers you pick to host the email. For all of them, as soon as they receive the email (or as soon as you poll for an email) you download it to your local machine that you control (and backup). That way, any given server closing shop tomorrow, or canceling you tomorrow, has zero impact on your ability to access your archives of past emails.

Once you take those two steps, the remaining risk possibilities become remote enough that you really need not worry about them.

[mitchellpkt]

Yep I found this approach works great.

I have a personally-owned domain name connected to my [paid] account with a smaller email provider.

The domain is managed at a large well-known registrar, I keep it paid up 3+ years in advance, and make sure to keep my contact information up to date.

If anything goes wrong with the email provider (including going out of business), I will just redirect from my DNS settings. If I get locked out of my domain for some reason, there are clear next steps for me to open a ticket with the registrar and move towards resolving the issue.

I got it all hooked up in an afternoon, many years ago, and it was completely set-it-and-forget-it, besides logging into the registrar occasionally to extend the domain ownership.

(continuous backups are another matter - mine aren't fully automated yet)

[c0balt]

I own the domain and delegate hosting to a trusted, local provider with known human support. Of course it's also backed from my side up to avoid data loss.

If an issue occurs then I can call a human and will likely be able to regain access. If the company ceases to exist, I "just" need to reconfigure my DNS records and import my backup into a new provider. It's not the cheapest and certainly not free solution but it will be works for me, it has survived at least two migrations between providers.

I can highly recommend mailbox.org and mbsync. Fastmail and other providers who support custom domains will also suffice, pick your poison. If you want (human) support, be ready to pay a small bonus for it.

[metalman]

My risk management for email is to treat it like the joke that it is, And if the info in any email is important, I hand copy it with a pencil and paper. Google locked me out, for signing in from an untrusted wifi, and I never bothered trying to get back in, and never use anything from them,except under duress. Went through a variety of other free email providers, and still have a proton account, and they are horrible.Now have a web page with email but there are problems with incoming email ,vanishing before they get there,hey! If and when.email is given the same legal protections as real mail, and is set up.to be delivered to device, as the default. And all devices have, near indistructable, removable, data/processor sections. Said strorage sections are standardised, and there are standardised word processors and document formats to go with them, then we can perhaps begin to enjoy the potential of digital devices,and get on with building the true climax civilisation that we could just reach out and take, but for all of the horriblness built into everything. The title uses the word "manage", a word that explisitly states, that things are not going well. What would the world look like if you had to use email to get water out of a tap? or run the brakes on your car?

[snowwrestler]

Managing risk is more complex than just prevention by technical means.

First you try to quantify the likelihood. For major email providers my estimation is the likelihood is actually quite low. Hundreds of millions of people have Gmail accounts and use them everyday. Same with Yahoo, Microsoft, etc. The vast, vast majority of people who use these services do not get locked out.

In terms of prevention, understand what the service provider considers risky and compartmentalize. My personal Gmail accounts do not touch stuff that Google considers sensitive, like Ads or payments or IP (e.g. uploading to YouTube). For that work, I use other accounts. My professional Google accounts are tied to my work email domain, not Gmail.

Finally, understand what recovery looks like. Seems like people often forget or underappreciate recovery (vs prevention). I use a password manager so I don’t need live access to email to log in. And for important services I log in regularly and/or use apps so chances are I’m authenticated right now. So in all those cases if I lost one email address, I could change to another in my account.

And for anything truly important, like financial, I have others ways of contacting them. If I get locked out of Gmail I can still call my bank or broker, etc and re-establish access with a new email.

[defaultcompany]

The ultimate (and often overlooked) failure mode for using your own domain name is death. You will die and at that point unless you have set up and funded a process to renew the domain name perpetually after your death then after some period of time it will expire. Anyone can then register "your" domain name and start using it which includes receiving all the email addressed to it. If your bank happens to send 2FA emails to this account then the new owner will then have access to your bank account. Personally I want my heirs to own my bank account after I'm dead, not whatever random person happens to register a domain name that I was using.

This sounds extreme but it's only the most dramatic example. This scenario can happen any time during your life if your domain is not renewed for any number of other reasons.

So for me I've had to accept the risk which comes from keeping my most important emails on a large free email provider. At least if they ban me they aren't going to let someone else access my email either. For everything else - the less important accounts - I do use a domain name that I "own".

[blacksqr]

I have a fastmail account and a gmail account. The former I use for more formal and sensitive communications and accounts, the latter for more frivolous things. Most people I communicate regularly with have messages from me from both accounts, so if I lost one, I could carry on communications until I established a new alternative.

All important subscriptions using one account for contact, I use the other for an alternate.

[chistev]

I've never thought about this because I've never thought it could happen.

Maybe I'll start backing up my files somewhere else too.

[Spooky23]

The issue these folks have most of the time is that they fail to keep their info up to date. Do that.

I have a process where I test and update everything annually in December when I complete my annual training. Sign up for legacy and backup contacts. Save emergency codes.

[csomar]

You extend the expiry of your domain. Make sure it's 3-4 years, so that you have lots of time to figure things out (ie: credit card expired, account locked, etc...).

Your registrar might kick you out, but is unlikely to seize your domain. If the government seizes your domain, it means you have other gigantic problems.

Overall, having your domain + DNS + Email provider all separate, gives you enough protection. Having your email as gmail has some risk but it's really a very small risk that most people just run on gmail just fine. The setup outlined by mmh is way enough.

[ChrisArchitect]

The related thread that prompted this:

Tell HN: Need help, locked out of Google account with 10 years of personal data

https://news.ycombinator.com/item?id=42350245

[ramtatatam]

I self-host. And then I backup everything to my RAID6 NAS. And then, though irregularly, backup to offline media.

I sometimes read comments on this very forum, that hosting your own email server is risky and requires lots of work. I agree it's not for everyone - you need to have some knowledge of how to run and secure your service on the internet. I self-host since roughly 2011-2012 and cannot say I spent tons of time on it.

It does cost some money though, I pay $5 monthly to run my Nanode (on Linode), and then something around $30 a year to keep my domain.

[fph]

All your backups are on-site then?

[ramtatatam]

I assume when you mention `on-site` you mean my house - yep, NAS is at home.

[fph]

What happens if a fire at your house destroys both your computer and the NAS? Or if a thief steals both? Are your data permanently lost?

[qwer1234321]

If my house cought fire my NAS burns, and that's fine. If I survive the fire I can still access my email. If I don't Linode shuts it down month later, so it's good for the planet too ;)

[jasmes]

I think the idea was more like... if you can afford a RAID6 NAS at home you can afford Backblaze so don't be silly and get some offsite redundancy going.

[carlosjobim]

1. Own the domain. 2. Use an email client so that emails are actually saved on your device.

Optional: Point your mail DNS to Fastmail or similar so you don't have to host anything.

This is about bullet proof.

[toast0]

Don't do anything important with a domain that's not in a juridiction you can expect to lawyer in.

For me, as a US person, that's easy. I've got some stuff on a .org, and some on a .us.

I actually let the .org go for a while when money was tight and hosting was hard, but managed to get it back later cause whoever had registered it and gotten it signed up for lots of Japanese spam had some problem and it became available again in the middle of the registration year.

[p0d]

I have my own domain, pay for fastmail, and use Gmail as my client. More than this and you are overthinking.

[jasmes]

Honestly man... just go with AWS+Cloudflare. Get a .com TLD from Route53 (the AWS domain name management experience is actually really good) optionally put it behind Cloudflare, and set up Fastmail.

I really wouldn't worry about having your domain pulled due to "fake abuse reports." If you follow the TOS and pay your bill you're fine. Amazon would look at a false abuse report, then look at your domain, see it is being used for a personal email server and toss out the report. As far as payment goes, just set up auto-billing.

Cloudflare is a necessary evil type of company but they specialize in countering malicious activity. They're good at it. They also offer a service that lets you use a domain name to forward to another email address (like a gmail) so if something happened to your Fastmail you could quickly set up a fallback to keep your domain receiving email.

These are US based companies with more money and power than a lot of countries. The internet is built on them.

They can be relied on for personal email.

[uncomplexity_]

the flaw here is you're treating something meant to be disposable as permanent.

[uncomplexity_]

yall wanna throw money at yo problems when the solution is keep the backup recovery codes properly.

[fragmede]

Sure. Where's properly? Your wallet can be pickpocketed, and your luggage stolen. Any of your digital accounts are theoretically protected by 2fa, and the hypothetical is that the device you use to 2fa was just stolen.

[uncomplexity_]

i have my google recovery codes tattooed on my chest memento style. when i look in the mirror, i see them. only downside is i now sleep with women with my clothes on.

[anotheracc88]

Lazy way. Gmail. Takeouts every so often. Namecheap domain and use free forwarding to said gmail.