Ask HN: Setting up custom domain for email

1•agent008t•8mo ago

Following up on earlier thread about what setup to use for main email account. Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'. The plan is to then make that email address the cornerstone of my online security, use it for password manager recovery etc.

The domain registrar and the email hosting then appear key to the whole security model – if they are compromised, all other accounts are.

So I'm trying to work out the details of how to go about it.

E.g. which email should I use with the registrar to buy the domain? Some throwaway one, which I then change to the new domain I am purchasing in a circular fashion once it is set up? Is that a good practice, or too risky for recovery should anything go wrong?

If I use a separate email address to buy the domain, then seems that email becomes crucial to the security of it all and then why even bother with paying for the domain and Fastmail etc. if I am relying on some pre-existing email account?

I'm probably way overthinking it, but since I'm working on this at all and the stakes are rather high I'd like to set things up properly, for decades.

The goal is to achieve reasonable security against: 1. Attacks that are not highly sophisticated or targeted 2. Getting arbitrarily locked out by Gmail etc., potentially then losing access to other important accounts 3. Me locking myself out by forgetting some secret

It seems surprisingly difficult to find a best practice guide for this scenario, how to set up a password manager with it, which recovery information/backups to keep offline etc. Information I find is either too vague or overly involved (after all I don't want to dedicate all my time to maintaining security, just want a reasonable setup). Any practical advice appreciated!

Comments

koakuma-chan•8mo ago

> Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'.

Huh, that's literally what I do!

> E.g. which email should I use with the registrar to buy the domain?

Not saying you should do this, but I use a fastmail masked email address as my Cloudflare email address.

> use it for password manager recovery etc

The cool thing about fastmail is that it has an integration with 1Password where, if you need to register at a website, you can quickly generate a masked email (e.g. cool.boat1337@fastmail.com) via the 1Password extension at the same time you generate the password. It's reaally nice.

agent008t•8mo ago

By 'fastmail masked', you mean an email on the fastmail domain, right? I.e. something123@fastmail.com? So that if there is a problem with your domain, you can still login to your registrar even if they want to say verify your identity by sending a code to your registered email address?

koakuma-chan•8mo ago

Yes. Fastmail has a feature that allows you to generate masked email addresses, e.g. "funny.hat123@fastmail.com" (also known as temporary email addresses). Emails sent to these addresses still arrive in your inbox, but you can easily block them any time. They are suitable for making accounts at garbage websites, so that you can block their spam any time. In fastmail though those email addresses are permanent (they won't disappear on their own after X minutes or anything like that).

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: Visualize MySQL query execution plans as interactive FlameGraphs

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600

Show HN: Deterministic NDJSON audit logs – v1.2 update (structural gaps)

The Greater Copenhagen Region could be your friend's next career move

Do Not Confirm – Fiction by OpenClaw

The Analytical Profile of Peas

Hallucinations in GPT5 – Can models say "I don't know" (June 2025)

What AI is good for, according to developers

OpenAI might pivot to the "most addictive digital friend" or face extinction

Show HN: Know how your SaaS is doing in 30 seconds

ClawdBot Ordered Me Lunch

What the News media thinks about your Indian stock investments

Running Lua on a tiny console from 2001

Google and Microsoft Paying Creators $500K+ to Promote AI Tools

New filtration technology could be game-changer in removal of PFAS