Ask HN: Setting up custom domain for email

1•agent008t•8mo ago

Following up on earlier thread about what setup to use for main email account. Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'. The plan is to then make that email address the cornerstone of my online security, use it for password manager recovery etc.

The domain registrar and the email hosting then appear key to the whole security model – if they are compromised, all other accounts are.

So I'm trying to work out the details of how to go about it.

E.g. which email should I use with the registrar to buy the domain? Some throwaway one, which I then change to the new domain I am purchasing in a circular fashion once it is set up? Is that a good practice, or too risky for recovery should anything go wrong?

If I use a separate email address to buy the domain, then seems that email becomes crucial to the security of it all and then why even bother with paying for the domain and Fastmail etc. if I am relying on some pre-existing email account?

I'm probably way overthinking it, but since I'm working on this at all and the stakes are rather high I'd like to set things up properly, for decades.

The goal is to achieve reasonable security against: 1. Attacks that are not highly sophisticated or targeted 2. Getting arbitrarily locked out by Gmail etc., potentially then losing access to other important accounts 3. Me locking myself out by forgetting some secret

It seems surprisingly difficult to find a best practice guide for this scenario, how to set up a password manager with it, which recovery information/backups to keep offline etc. Information I find is either too vague or overly involved (after all I don't want to dedicate all my time to maintaining security, just want a reasonable setup). Any practical advice appreciated!

Comments

koakuma-chan•8mo ago

> Consensus appeared to be 'Get a custom domain (e.g. with Cloudflare) and use it with e.g. Fastmail'.

Huh, that's literally what I do!

> E.g. which email should I use with the registrar to buy the domain?

Not saying you should do this, but I use a fastmail masked email address as my Cloudflare email address.

> use it for password manager recovery etc

The cool thing about fastmail is that it has an integration with 1Password where, if you need to register at a website, you can quickly generate a masked email (e.g. cool.boat1337@fastmail.com) via the 1Password extension at the same time you generate the password. It's reaally nice.

agent008t•8mo ago

By 'fastmail masked', you mean an email on the fastmail domain, right? I.e. something123@fastmail.com? So that if there is a problem with your domain, you can still login to your registrar even if they want to say verify your identity by sending a code to your registered email address?

koakuma-chan•8mo ago

Yes. Fastmail has a feature that allows you to generate masked email addresses, e.g. "funny.hat123@fastmail.com" (also known as temporary email addresses). Emails sent to these addresses still arrive in your inbox, but you can easily block them any time. They are suitable for making accounts at garbage websites, so that you can block their spam any time. In fastmail though those email addresses are permanent (they won't disappear on their own after X minutes or anything like that).

Show HN: Django N+1 Queries Checker

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

Protocol Validation with Affine MPST in Rust

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Show HN: Zest – A hands-on simulator for Staff+ system design scenarios

Show HN: DeSync – Decentralized Economic Realm with Blockchain-Based Governance

Automatic Programming Returns

Why Are There Still So Many Jobs? The History and Future of Workplace Automation [pdf]

The Search Engine Map

Show HN: Souls.directory – SOUL.md templates for AI agent personalities

Real-Time ETL for Enterprise-Grade Data Integration

Economics Puzzle Leads to a New Understanding of a Fundamental Law of Physics

Switzerland's Extraordinary Medieval Library

A new comet was just discovered. Will it be visible in broad daylight?

ESR: Comes the news that Anthropic has vibecoded a C compiler

Frisco residents divided over H-1B visas, 'Indian takeover' at council meeting

If CNN Covered Star Wars

Show HN: I built the first tool to configure VPSs without commands

AI agents from 4 labs predicting the Super Bowl via prediction market

EU bans infinite scroll and autoplay in TikTok case

Benchmarking how well LLMs can play FizzBuzz

Why I Joined OpenAI

Octave GTM MCP Server

Show HN: Portview what's on your ports (diagnostic-first, single binary, Linux)

Voyager CEO says space data center cooling problem still needs to be solved

Boilerplate Tax – Ranking popular programming languages by density

Zen: A Browser You Can Love

My GPT-5.3-Codex Review: Full Autonomy Has Arrived

Show HN: FastLog: 1.4 GB/s text file analyzer with AVX2 SIMD

God said it (song lyrics) [pdf]