Ask HN: What email providers don't recycle email addresses?
I currently have my family on a custom domain.
I have been thinking towards the future and have been concerned what would happen should the domain get released and someone else acquire it. Namely they would then "own" the online identity of my family members. This obviously has security implications.
I don't believe gmail and live recycle emails for this very reason.
What other reliable providers can you recommend that don't recycle email addresses. It would be nice to have a memorable user-part, so nothing oversubscribed would be ideal. I am ideally looking to spend ~$150/y for 5 email addresses, but please mention any you know even if they exceed that.
I looked into hey.com, whose family plan sounds ideal - but unfortunately only the primary address is reserved - the others get released for reuse 30 days after termination (you can contact them after termination for reservation, but its not the default). I don't want to leave anything to chance, so that isn't an option for me. Sorry, your concern doesn't compile. You're worried about losing your domain and instead you've decided to worry about losing your address on someone else's domain? Sounds to me like you're not fixing anything but just shuffling things around (probably in the wrong direction). There's always the chance something can go wrong... either with your registrar or your email service provider. Personally, I'd just stick with a reputable registrar since it will also ease your concern w.r.t other things (e.g. web). In addition, if your email service provider goes downhill, your registrar will be able to help you. The opposite does not hold true. So, can you elaborate on why you think moving your email addresses will solve your problem? Any company can, after all, change policies or flake out; whether they do DNS or email doesn't really matter that much. But the fact remains that email relies on DNS, not vice versa. Does this help or am I missing something? > am I missing something? I believe so? A domain can not get renewed for many reasons - such as the death of the registrant. The domain can then get reregistered and the email addresses effectively "hijacked", leading to impersonation of the original owners. A reliable email provider with a policy of never recycling an email address would mean that scenario wont happen. Obviously they can change policy, but if that happens while I am able then obviously I can inform everyone to migrate to a new email then. This is an attempt to protect against a legitimate security concern. > This is an attempt to protect against a legitimate security concern. Yeah, I understand you're concerned. What I question is the legitimacy. Why would your DNS registrar turn against you, but your email service provider's not turn on them? A registrar isn't going to keep your domain active if you don't renew. Maybe you are confused about what I mean by email service provider. I am referring to an email provider that uses its own domain, and provides you with an email account - like gmail, live, hey (the examples I have given). I thought I made that clear when I said: "It would be nice to have a memorable user-part, so nothing oversubscribed would be ideal." > I am referring to an email provider that uses its own domain Well, where do you think they get their domain from? The same place you do, a registrar. You're just adding a layer. For example, you mention hey.com.... do a `dig soa hey.com` and you'll see they're registered w/ cloudflare. If you register with cloudflare too, you will have the same chance of having your domain ripped away from you as hey.com does. The email service provider isn't particularly special in that sense. That said, it is true that there's a lot about infrastructure people can use help with. So, if you're not familiar w/ technicalities such as these I wouldn't blame you for outsourcing. It's a big world and we can't do it all ourselves. Good luck! > do a `dig soa hey.com` and you'll see they're registered w/ cloudflare Sorry, this should be a whois search to see their registrar, the dig will show you who provides their DNS. In hey.coms case both are the same.... cloudflare. My point remains the same though. The worry of losing your address should remain largely the same because email depends on dns. > The worry of losing your address should remain largely the same You should actually worry more about losing your address because now there are two people who can screw you... the ESP (email service provider) _and_ their registrar. If you hire the ESP to host email on your own domain though (or self host), then you can screw yourself (this is always a possibility) or the registrar can screw you... but you can always just switch ESPs if they're criminals or incompetent. This is what I was referring to when I said this: > just shuffling things around (probably in the wrong direction). ... in the first reply. Phew... what a long strange trip! I hope the picture is clearer now. Now I have to leave you to your own devices, sorry. Don't worry about it - clearly I am not explaining it well enough for you to understand. It is a well documented security concern, so feel free to do your own research on why as we are just going in circles here. > It is a well documented security concern A reference would be appreciated.