Don’t Let Personal Domains Expire

Link post

It’s common to see advice along these lines:

Don’t build your stuff in someone else’s sandbox. Get your own domain and point it to whatever service you choose to use. Your email address should be @yourdomain, where you have full control and no one can lock you out. Don’t fall into the trap of digital sharecropping.
There are complicated tradeoffs here and different choices will make sense for different people, but it’s close to what I do personally. My writing and projects are hosted on my own domain [1] and my email is jeff@jefftk.com.

On the other hand, I don’t think this is something to do lightly. Say you register you.example and start going by you@you.example. A few years later you decide this is too much hassle, switch to using you@fastmail.com or you@gmail.com, and let you.example expire. Someone else can register it, send email legitimately as you@you.example, and Angular gets compromised. If there is anywhere you forgot to remove your former email from your profile, now you are open to being impersonated.

This problem isn’t unique to personal domains, but it’s much more likely: the major email services don’t make abandoned email addresses open to reregistration, to avoid exactly this issue.

If you’re considering registering a domain to use as your online identity, make sure you’re willing to take on the cost and hassle of keeping the domain registered indefinitely.


[1] I do cross-post to Facebook, LessWrong, and occasionally other places. I also rely on them to host discussions on my posts, though I attempt to archive those discussions back on my site.