Comment by palata
Comment by palata 2 days ago
> I don't think people want to change email addresses very often.
You probably know this already, but people should have their own domain. Then they can change provider without changing the address.
Comment by palata 2 days ago
> I don't think people want to change email addresses very often.
You probably know this already, but people should have their own domain. Then they can change provider without changing the address.
That happened to me, but fortunately it didn't end up being a huge deal.
I had forgotten to renew my domain from Gandi, it expired, and I stopped getting emails. I also could not find my password for Gandi, and I couldn't get the password reset to work, so I panicked, but fortunately Gandi will let you renew someone else's domain. Not a transfer, just if account A wants to pay to renew account B's domain without any change of ownership, they allowed that, so I made a quick throwaway account, and renewed everything for eight years.
I mean, sure, but I and probably 99% of other folks have a credit card set up to autorenew. This is a security problem, but not a very serious one.
Credit cards have expiry dates, or at least they do over here. I expect my partners domain to expire 10 years after my death, as I can only pay 10 years in advance. To many people, there are more important things to worry about (and often second thoughts after the fact).
Taking over a domain is not particularly connected to access to PII.
You own/control the name, not the set of files on a hosting service somewhere.
If you buy someone's domain name, then they'll probably have emails going to it. So you set up a catchall address and discover what accounts are related to it, then you can use the reset password functionality to get access to the accounts. In some cases, they'll have a backup gmail account - and perhaps you can guess what it is (e.g. emails come through to Paul Davis so you guess, oh, maybe they have the paul.davis google account, and reset password on that).
If you're going to buy a domain for this, don't get fancy with the TLD. I made the mistake of choosing a .io domain for this purpose and with the future of the TLD uncertain, I have been moving away from it, so I'm not left in a bad spot if things go sideways.
.io is the ccTLD for Chagos Islands.
UK will give sovereignty of Chagos Islands to Mauritius.
There is a mixed history of what happens to the ccTLD in such cases.
The British Indian Ocean Territories (.io) might go to control of Mauritius. They will be able to decide what to do with the TLD. It could in principle be restricted to residents, or go away entirely.
> It could in principle be restricted to residents, or go away entirely.
If the UK loses control of it, I'd put most of my betting money on Option 3: The new owners extort everyone with a .io domain for a rate proportional to the perceived value. In other words, $50K a year for a successful tech company, $1000 a year for the average joe who doesn't want to lose control of a domain tied to 1,000 accounts.
People should, but is the existing process simple enough even any laymen can do is the question.
The average person is not intelligent enough to have their own domain.
Getting a domain is no more difficult than selecting some "easy web hosting and email" bundle on a site and paying for it with bank transfer, credit card or whatever. There's an entire industry around this. I've met plenty of people who are largely clueless about PCs, doctors, lawyers, artists, etc who have their own domain. It's actually extremely common, because conducting business from a Gmail account is a bit unprofessional and sketchy, particularly here in Germany.
> The average person is not intelligent enough to have their own domain.
You think that that skill (maintaining own domain for email) is an indicator of intelligence?
My interpretation was that they didn't mean to talk about "intelligence", just meant that the average person is not "competent enough" to have their own domain. Which in all fairness is not wrong.
My question is always: of those who are competent, why is the vast majority not having their own domain?
It is an indicator of knowledge, not necessarily intelligence.
I said "own your domain", not "self-host your email server".
"own your domain" is technobabble to 99.999+% of email users. Most people understand emails addresses are <something> "@gmail.com" or "@yahoo.com" or "@<somebigcompany>.com". They don't understand the parts of an email address, nor how or why they are constructed that way.
I have been using a personal domain for my email address for decades and when I have to give it out verbally to someone, it is about a 50% chance that the conversation is:
"My email is <name@myname.tld>"
"uuhhh... at gmail.com?"
"No it's just <@myname.tld>"
"Yeah, but is it gmail or yahoo?"
That's why you don't sell it as if you were marketing it to techies:
(*) Choose a personalized email address, like john@smith.com, for $9.99/year.
( ) Choose a GMail address, like john.smith@gmail.com, for free.
I've had my own domain for a good 20 years now, and while I've encountered some confusion when giving it out, it's never been as bad as you describe, and people get it without my having to go into a technical explanation. And regardless, the reason there is this problem is because easy, seamless personal-domain options don't really exist. If they did, this problem would go away. I don't really consider this to be an obstacle.
This was the exact kind of trouble I used to have when I gave out @myname.com emails. It was super not worth it. It confused people all the time. I switched to a plain Gmail with nothing hard to spell, just a few letters and (sadly) numbers. (I waited like a decade before 'claiming' a Gmail address, so no decent versions of my name or anything professional remained without numbers.)
Also, Gmail actually blocks true spam, whereas nothing I tried on my shared-hosting server with SpamAssassin ever worked.
I don't have any love for Google, but I'll never go back to giving out a personal domain email for any reason.
I would argue a US mailing address is at least as complicated a structure, but people managed to figure out the state abbreviations and ZIP Codes fine. We just need to teach it in elementary school just like we do addresses.
Speaking of that I do wish the post office had a mail service where they issued addresses to citizens or something.
Worse is the California DMV. All password reset emails going to my custom .com would be subject to multi-hour delays; the password resets were valid for only a few minutes. The only way into the account was to call the tech support phone line. I had them delete the old account and re-registered with a bland gmail email address.
I don't know of any technical reason to delay emails to minor domains. My domain has valid MX records, uses SPF, has valid DKIM TXT records, etc.
Or they have better things to do vs fighting Route53 MX records errors.
Records, shmekords.
The practical experience of having your own domain for your email is that you delegate your domain to Google / Fastmail / Proton / whatever, and it takes care of everything else. Some webmail providers will also let you buy a domain on their own website as a part of registration flow.
It really is not hard. Harder than not having a domain of your own, but not as hard as you make it sound.
Okay, do you think if we just picked some random person they would have any idea what we're talking about?
It's just not something normal people do, but I don't like the snarkiness of implying that's an indicator of intelligence. Otherwise we go down the no true Scotsman rabbit hole, what do you mean you're using Proton. You didn't set up your own mail server ?
What do you mean you're using AWS, your not using a solar powered raspberry pi?
> You probably know this already, but people should have their own domain.
Until they forget or unable to renew. And then their PII is in the hands of the person who gets the domain.