Hello crustaceans,
After nearly a decade of using a gmail.com email address for my online presence, I’d like to slowly migrate away to a domain name I control. There have been several articles about how it’s so easy to find alternatives to Google products these days, but when it comes to email (as a vehicle for authentication, ID, and recovery), I’m getting a bit sweaty-palmed.
I’ve slowly started squeezing in my new email address, but there are all sorts of caveats such as commits in GitHub detaching from your profile when you change your email address (which can be solved by keeping the gmail address around as a secondary entry.)
I’m looking for advice and/or experiences of moving from a gmail.com email address to your own domain after having sprinkled it all around the world wide web. Examples of gotchas, regrets, account lock-outs, and other not-immediately-evident side-effects are greatly appreciated!
keep your existing email account
make a new email account with whatever service provider you want
sign up for new accounts with your new email
whenever you have to log in to an existing service with your current email, if you have time, switch it to your new email
repeat until in a couple years everything is eventually switched over to your new one
This. No need to delete your gmail account.
I moved to Fastmail a year ago, and have been happy with it.
Everytime I get an email on gmail, I spend a few minutes updating the email in whatever service sent me.
The reason for not deleting is: There are emails you might only get once a year, like from the tax guys, MOT/TV license (here in the UK). You might have to react quickly, and sometimes its just easier to reply from gmail, and update the address later
Not to mention missed opportunities with people that only know your Gmail account.
Absolutely agree with this. I switched to Fastmail with my own domain something like 5 years ago and I still have my Gmail address. I have it set to forward to my “new” address, as well, so that I don’t even have to log in to Gmail. When I noticed that an email I care about originally came into my Gmail address I update it (or tell the person who sent it).
This is exactly what I did, though in addition I forwarded by gmail to my new address.
One missed step: Set up forwarding rule from old account to new account.
Great advice. I was going to say this, but was pleasantly surprised to find it was already the top response. I will add: Your old account is still attack surface for anything that’s linked to it. Don’t get lax on the security just because you no longer use it every day.
With gmail, if you delete your account, nobody else can ever register that username. This is a very important precaution since it prevents people from impersonating you. It is not necessarily the case with other email services. So, if you are applying this advice to migrate away from a mail service that isn’t gmail, look into whether it has that protection. If not, strongly consider never deleting the account.
Excellent advice. I also used this opportunity to migrate to a password manager, and ensure that I have updated, unique passwords everywhere.
Same that I did, I moved to protonmail and just check my gmail once in a blue moon at this point in case someone forgot I had updated it. I’ve had my gmail since the early invite-only beta days and it gets bombarded with spam and garbage almost constantly as well as a lot of people using my email address to sign up for things in the states that apparently don’t do email verification…
I also used to get emails addressed to someone working at NVidia, got a medical insurance claim form at one point I think, as well as an invite to a wedding…
Did you go to the wedding?
No. But I did reply to the invite saying o wouldn’t be able to make it.
I’ve been doing this, along with having Gmail forward all my email to my new account. I did that so I’d have copies of all my emails. I also did a dump and then import of all my previous emails too.
Honestly, it’s been fine. I’ve also unsubscribed from a lot of things and deleted a few accounts.
I switched off of Google products about 6 months ago.
What I did was I bought a Fastmail subscription, went through all my online accounts (I use a password manager so this was relatively easy) and either deleted the ones I didn’t need or switched them to the new e-mail address. Next, I made the @gmail address forward and then delete all mail to my new address. Finally, I deleted all my mail using a filter. I had been using mbsync for a while prior to this so all of my historical e-mail was already synced to my machine (and backed up).
Re. GitHub, for the same reasons you mentioned, I turned my @gmail address into a secondary e-mail address so that my commit history would be preserved.
I still get the occasional newsletter on the old address, but that’s about it. Other than having had to take a few hours to update all my online accounts back when I decided to make the switch, I haven’t been inconvenienced by the switch at all.
It’s really exciting to see people migrating away from Gmail, but the frequency with which these posts seem to co-ocur with Fastmail is somehow disappointing. Before Gmail we had Hotmail and Yahoo Mail, and after Gmail, perhaps it would be nicer to avoid more centralization.
One of the many problems with Gmail is their position of privilege with respect to everyone’s communication. There is a high chance that if you send anyone e-mail, Google will know about it. Swapping Google out for Fastmail doesn’t solve that.
Not offering any solution, just a comment :) It’s damned hard to self-host a reputable mail server in recent times, and although I host one myself, it’s not really a general solution
Swapping Google out for Fastmail solves having Google know everything about my email. I’m not nearly as concerned about Fastmail abusing their access to my email, because I’m their customer rather than their product. And with my own domain, I can move to one of their competitors seamlessly if ever that were to change. I have no interest in running my own email server; there are far more interesting frustrations for my spare time.
I can agree that a feasible way to avoid centralization would be nicer. However, when people talk about FastMail / ProtonMail, they still mean using their own domain name but paying a monthly fee (to a company supposedly more aligned with the customer’s interests) for being spared from having to set up their own infrastructure that: (A) keeps spam away and (B) makes sure your own communication doesn’t end up in people’s Junk folder.
To this end, I think it’s a big leap forward towards future-proofing your online presence, and not necessarily something comparable to moving from Yahoo! to Google.
I’m by no means against Fastmail or Proton, and I don’t think everyone should setup their own server if they don’t want to, but it’s a bit more nuanced.
Spamassassin with defaults settings is very effective at detecting obvious spam. Beyond obvious spam it gets more interesting. Basically, if you never see any spam, it means that either you haven’t told anyone your address, or the filter has false positives.
This is where the “makes sure your own communication doesn’t end up in people’s Junk folder” part comes into play. Sure, you will run into issues if you setup your server incorrectly (e.g. open relay) or aren’t using best current practices that are meant to help other servers see if email that uses your domain for From: is legitimate and report suspicious activity to the domain owner (SPF, DKIM, DMARC). A correctly configured server SHOULD reject messages that are not legitimate according to the sender’s domain stated policy.
Otherwise, a correctly configured server SHOULD accept messages that a human would never consider spam. The problem is that certain servers are doing it all the time, and are not always sending DMARC reports back.
And GMail is the single biggest offender there. If I have a false positive problem with someone, it’s almost invariably GMail, with few if any exceptions.
Whether it’s a cockup or a conspiracy is debatable, but the point remains.
We’re not going to kill GMail. Let’s be realistic, here. Hotmail is still alive and healthy, after all.
Anyone who switches to Fastmail or ProtonMail helps establish one more player in addition to GMail, not instead of it. That, of course, can only be a good thing.
Just to bring in one alternative service (since you are right, most people here seem to advice Fastmail, Protonmail): I found mailbox.org one day. No experience with them though.
Once you moved most things over, consider adding a filter on your new account to move the forwarded mails to a separate folder. that way it becomes immediately clear what fell through the cracks.
Sorry, I wasn’t clear. E-mails sent to the old address are forwarded to the new one and then deleted from the GMail account. When that happens I just unsubscribe, delete the e-mail and move on. It really does tend to only be newsletters.
I suppose one caveat to my approach and the reason this worked so well for me is that I had already been using my non-gmail address for a few years prior to making the change so everyone I need to interact with already knows to contact me using the right address.
I was grandfathered into a free Google Apps acount for getting mail via my own domain into Gmail. This made moving away from Google a lot easier!
I think no matter where your next move takes you, always be in control of your email domain. Likewise for websites, You don’t want to be locked into Medium, or GeoCities, etc. even if those places seem awesome at the time.
Take some time to think about having a backup MX record for those times when your own domain is offline and you still want email to get delivered. This mostly applies if you are planning to self host, but even commercial hosting will have hiccups.
I have my DNS registrar listed as a backup MX for my domain, and it is configured to forward everything to my gmail account (which I otherwise never use). If someone is talking to my backup MX, then something is wrong with my primary email domain, so it is impractical to have my registrar try to deliver to my primary domain, and it is also impractical to configure gmail to forward everything to my primary domain (as much of the advice in this thread is recommending).
This was pretty handy when a tornado took out power to my domain host for four days last year. Email addressed to my primary domain simply landed in my gmail inbox and I could get on with things while the power situation got sorted out.
Anyway, I think the advice from artemis is spot on. The only thing I would add is it is handy to give some thought to what happens when mail for your own domain is offline, and configure things so you have some kind of workable failover when that happens.
I self host my email (have done so since 1998) and I used to have a backup MX host. I stopped that years ago since I found that spammers will target the backup MX, probably with the thought that it might not have as much anti-spam protections in place [1]. I think I removed the backup MX somewhat after I started greylisting on my server, and found that it easily trapped 50% of spam right off the bat (still does in fact [2][3]). Given that fact, and the fact that (again, back in the day) legitimate email servers would queue outgoing email for a couple of days, that it wasn’t worth it (for me) to have a backup MX record. I really haven’t had any issues with the lack of a backup MX.
[1] Might have been the case years ago—these days, maybe not so much.
[2] I found it to be the cheapest, most effective anti-spam measure
[3] I wrote my own greylist software, and I have the ability to whitelist or blacklist based upon sender’s IP, sender’s domain, sender’s email address, recipient domain or recipient email address. The only feature I wish I had added is the ability to timestamp and leave a comment as to why I added an entry to one of the whitelists/blacklists. Maybe some day.
Oh that’s interesting. I haven’t had this problem at all, but then the backup MX just forwards to gmail, and gmail has decent spam filtering. I have been self hosting since 2002.
I used to greylist, but have found that RBL + spamasassin + mailproc is very effective and eliminates the annoying delays.
I am not sure I would be happy with senders queueing mail for days, but everyone has different tolerances for these kinds of things.
The delay doesn’t bother me, and once the timeout is over (I have it set to 25m, but even 5m is enough to catch about 80% of spammers), the tuple “sender-ip, sender-email, recipient-email” is then whitelisted for (in my case) for the next 36 days (and each time an email is received, the timeout is extended).
In normal email operations, if the sending server can’t deliver an email, it will be queued for redelivery after a period of time (sometimes fixed, sometimes exponential decay). After a period of time of unsuccessful delivery attempts, it is deleted—it’s this value that lasts for up to a couple of days. It’s not “oops, can’t deliver, try again in two days” type of operation.
An issue I have encountered with greylisting or delayed greeting is that some other sites won’t retry the message delivery.
This may not be a problem for a personal server but it can be an issue when there are more users.
It my experience in greylisting (over a decade now) that’s very rare for a legitimate email server to give up after one try—I think I’ve only encountered that once, and it was an easy thing to just whitelist the IP addresses [1].
[1] My software supports CIDR format for IP addresses, so adding blocks of addresses is easy.
Do you use delayed greeting?
It has been years since I administered a mail server but that was much more problematic than greylisting.
I don’t use delayed greeting.
Buy a domain name and then do everything that people are saying here. Fastmail allows custom domains. For each new registration, create new email name. For example: for Hilton.com, when registering provide hilton@yourdomain.com. In fastmail you can catch all the names. That will allow to understand who sold your email later.
I think that it is valuable to own your own domain, and I endorse this advice, but I do have a caveat to add to it.
Generally speaking, using a custom domain for your email adds attack surface to any account linked to your email address. See this story about the Twitter handle @N. You very likely want to have a non-custom-domain email which you use for account recovery purposes.
For me, the biggest thing about moving away from Google products is not actually that it loses the features or the network effects (Google is prone to shutting down everything I like, anyway), but that it loses the resilience against social engineering. Nothing like that is ever perfect, but at least you should try to minimize how many separate companies’ customer service process are part of your attack surface, and pick them carefully.
I’m using my Google Employee hat here not to give these words greater weight, but to disclose my bias.
In addition, the ICANN recommends registrants use an external address for administrative domain contacts: https://www.icann.org/en/system/files/files/sac-044-en.pdf
This is exactly the kind of thing I was looking for, thank you for posting!
Thank you for pointing this out. Unless I’m missing some piece in the chain, that would be: 1. The registrar 2. The DNS provider and 3. the email service, right? (I’m under the impression that with FastMail, they can provide both 2 and 3, but I’d have to check)
That agrees with my analysis, yes.
More importantly, it’ll make your identities across different websites unlinkable. Or at least harder to link.
Would
+tags (likeyou+hilton@example.net) help with that or are spammers getting smart and stripping them out?Some services [mistakenly] consider a plus character not valid for use in an email address.
I’ve seen spammers that know about catch-all domains and are striping even the unique part. Oh well.
Kinda related… is there a way to get my email – on a domain I control – to be delivered to two different mail providers? I’d love to try out FastMail, but not at the cost of losing my existing mail service during the trial period.
At a protocol level, no (redundancy of MX records is for when one server is down) — but most mail providers have some mechanism of transparently forwarding messages which should allow this kind of trial?
This is exactly what I do when trialing new providers I am interested in. This way no mail is lost and I can still play around with the new provider without fear of losing anything.
I think you can try out a mail provider on a subdomain. I don’t remember if I ever tried that myself though lol
Firstly, I try to avoid having accounts at all. This Lobsters account had been the first one I’d made in several years, I believe. Accounts that I’d made in the past and regard as useless I’ve deleted rather to the average of my ability, not that there were many to start with. You probably don’t have a list of accounts you could go through and manage, do you?
Anyway, I host my own email on my own domain, but this isn’t what I use AFK. I’m a Free Software Foundation member and so I give others, including businesses, my name@member.fsf.org email address and this has served me well, as I can very easily have it point to any address, which allowed me to seamlessly transfer it from one email provider to my self-hosting without any issue.
So, my advice boils down to have an email address you can point to any other email address and start using that one, in brief.
Genuinely curious: You claim to have very few accounts. Do you just not use online services/sites?
That’s exactly what I do. In general, I won’t use something if it requires me to make an account. I have a list of online accounts I have that are still active, including government accounts and whatnot, and it’s roughly ten or so, most of which simply haven’t been killed yet.
Well, what can I say. I admire how firmly you stick to principle.
I switched to fastmail over a year ago, and one thing I did in preparation a few years before was to write a retired email address notifier script, that I sadly never got to use. The idea was to run this via cron to let people know that my old address wasn’t being used anymore. But until I got around to setting it up (gmail makes it difficult) I realized that 98% of what I was getting was just spam and advertisement, so I didn’t bother.
Other than that, if you don’t immediately bomb your old address, you should be on the safe side.
I have been using Fastmail in parallel of Gmail for a few months now. It’s great but I really miss the smart tabs of Gmail (social, promotions, updates, forums). It really helps with quickly sorting out my email. Because of this, Gmail stays my main workhorse…
I had left GMail around 2010. Exact reason seems almost petty by now, I noticed that they analyze message content to show context ads. I’ve found it disgusting. In the hindsight, I quit just in time.
I didn’t immediately switch online accounts to it. There’s likely some old stuff that I no longer care about still tied to it. Removing and address and making it available to someone else would be a bad idea anyway.
People is suggesting keeping your gmail account “alive” for a while, but in the case of that account being bound to something that you own, like your Git commits somewhere, it means that you’ll have to keep that account safe, forever.
I have two questions:
Yes in theory, however that changes all the hashes so no in practice.
in my experience, just start committing with the new address and update any mailmap and authors files. can’t do anything about published history…
You could use
git filter-branchto rewrite the entire git repository to replace your old e-mail address with your new one, but that will change the hash of every commit so it will be a terrible experience for anyone who has an existing clone of your repository. I think it’s not worth it.In GitHub, you can choose to keep your email private and use something to the tune of
username@users.noreply.github.com. See the details hereLiterally just forward all of your Gmail email to your new account. You’ll miss nothing, never have to log into Gmail and still have the benefit of their excellent spam filtering. Migrate your other accounts to your new address at your leisure. And then you’re done
The problem with this is it still allows google to scan/mine every email you receive.
If anyone is interested in contributing, or just bookmarking for reference, I’ve started taking some notes here: https://github.com/danburzo/au-revoir-gmail
I have begun pondering such a move because I want to be the customer, not the product. So, I researched mail providers and landed on either Fastmail or Protonmail. I was very interested in finding a provider that could provide the same user experience in a desktop browser and an iOS app. One thing that I rely upon heavily are the GMail keyboard shortcuts for the desktop app. So far, I haven’t been able to find anyone who provides these short of the subset provided by Outlook.com, but I really dislike Outlook for numerous reasons. Can anyone provide some feedback regarding the Fastmail and Protonmail vs. the Gmail user experience?
My thought on migration was to set the Reply-To header in GMail to my new email address thereby automating a lot of the work necessary by people who email me. However, given that GMail does not obey the Reply-To header in messages, migration becomes more of a manual task for people who email me. Instead of using the Reply-To header, I will probably just set up another email address in GMail and use that one as the default. This should provide the same end result allowing people who email me to not care from what address I email them and instead just reply blindly to my messages.
Does anyone have any experience they can convey on these subjects?
I switched from gmail to zoho. I’m not a massive shortcut user, but they seem to have very similar shortcuts to gmail, and I’ve otherwise been very happy with them.
I don’t use keyboard shortcuts on web pages but from what I see on my Fastmail account they do provide keyboard shortcuts for every single action in the UI. This would also be a very good use case for a browser addon - create/change the webpage keyboard shortcuts.