Hi there!
Context: After the recent debacle with Proton I was finally pushed to look for other alternatives. I had already wanted to change services for a while so it was nice to get the final push. It’s still a good service, open-source and all. I personally just wanted to look for something else. However, I had not realised how deeply I was integrated into the email+alias feature they had, and how much work it is to change out of this, I have a fair amount of accounts.
I have now found a new email provider and bought a new domain. However I’ve got a few questions for those to who rock custom domains:
- Do you use random strings before the @ sign? Or do you use it like [email protected]?
- Because I’m considering using this as a catch-all address, doesn’t this mean that anyone who wants (and knows the domain) and send spam on any random string before the @? Are you worried about this, and are there any counters to this?
- As far as I’ve understood the main benefit of using my own domain for email, is that it will make it a lot easier to change providers in the future, as I can just change the nameservers so traffic is directed elsewhere - correct?
Thanks for any input, experiences or thoughts about this.
Ps. My threatmodel isn’t that complex, I mainly want to stop spam from any potential services selling my email.
I use email masking services for signing up to things rather than giving out an email that is attached to it a domain. That seems far smarter to me than creating a point of interest that sticks out and can be used to correlate multiple data breaches to a single identity.
In addition, I lack the capabilities of a professional webmaster, and I am not an expert in security, and I can’t decide whether I would rather lie to a domain provider about my identity or hire a third party to obfuscate it on my behalf. That all sounds like a huge hassle to me.