Novice Questions about Email Hosting

[dualstow]

This is just hypothetical and for the sake of learning.

What if I talked Vinny into giving me an email address on his domain. Would he be able to peek at my email?
And let's say he used a big host like GoDaddy. The server could be anywhere in the country, right? So, Vinny's domain wouldn't be any slower (for me) than if I bought a domain for myself at a similar site-- I think?

I think I read something in protonmail's FAQ pages last year that if you have a domain you can use it with them. Your domain name, their encryption. Does anyone here do that?

[dualstow]

and (3) if I had an email address: dualstow @ vinnysmemorypalace dot com
and someone accidentally wrote to dualstove @ vinnysmemorypalace dot com, an address not taken by anyone, would *that* email be readable by Vinny as he is the owner of the domain?

[Mark Leavy]

and (3) if I had an email address: dualstow @ vinnysmemorypalace dot com
and someone accidentally wrote to dualstove @ vinnysmemorypalace dot com, an address not taken by anyone, would *that* email be readable by Vinny as he is the owner of the domain?

Yes.
I own leavy.org and anything addressed to that domain shows up in my default mailbox if not addressed to a specific mailbox.

[dualstow]

Thank you.
Firing off a missive to snuffleuffagus at leavy dot org as we speak. (Not really )

[Mark Leavy]

Yes, I would like to invest in your plan to exfiltrate Nigerian diamonds to St. Croix.

[jatwell]

With most of the cpanel-based web hosting services the admin can create and see all accounts for the domain.

If you point your domain to an email only service that manages it, would be totally up to that platform.

[dualstow]

Thank you, jatwell, and all future responders.

Here's the protonmail page I mentioned.

Custom Domains is a premium offering that allows you to host email for domains you own through ProtonMail’s platform. This provides you with the security, privacy, and ease of use ProtonMail is known for with the customization of a unique domain. For example, if you have the domain homes.io, then you can set your ProtonMail account to send and receive email with addresses such as contact@homes.io.

https://protonmail.com/support/knowledg ... n-support/

Shh, Mark, not in public.

[Mark Leavy]

Okay, I’m not L337 like Tom and Xan, but I’ve owned my own domain since Al Gore invented the internet and pair.com has been my host. Solid for all these years.

[yankees60]

This is just hypothetical and for the sake of learning.

What if I talked Vinny into giving me an email address on his domain. Would he be able to peek at my email?
And let's say he used a big host like GoDaddy. The server could be anywhere in the country, right? So, Vinny's domain wouldn't be any slower (for me) than if I bought a domain for myself at a similar site-- I think?

I think I read something in protonmail's FAQ pages last year that if you have a domain you can use it with them. Your domain name, their encryption. Does anyone here do that?

When I first got my own domain I think I created about ten distinct email addresses.

But the answer is while I could give you an email address on my domain I would be able to peek at your email because as the owner of the email being hosted by someone else but controlled by me I create all the passwords for each email address.

By the way, my host is in Australia and it never ceased to amaze me how quickly I could send an email from Massachusetts to Australia and it'd get back to me in an instant.

Now I think that should be not surprising because don't electrons move at the speed of light (186,000 miles per second)? Therefore that round trip from Massachusetts to Australia and back should take only a fraction of a second.

Finally, I'm assuming that the host I do use in Australia (https://www.easycgi.com/) can read my email. I'm also trusting that they do not because why would they? I can barely keep up with the 400 emails a day I receive. How could they ever cope with that and determine which of those would be an email of value to them?

[Xan]

Dualstow, there are three main ingredients to all this.

1) The domain name itself and its nameserver (NS) records.
2) The nameservers' mail-exchange (MX) DNS records.
3) The servers storing your mail.

When you write mail to whatever@example.org, your outgoing mail server does the following:
* It asks the DNS root for the nameserver that handles .org.
* It asks the .org nameserver for the nameserver that handles example.org.
* It asks the nameserver for example.org for the MX records for example.org.
* It connects to the server specified by the MX record and attempts to deliver your message to that server.

So: you buy a domain from any registrar, and then you need a DNS host to answer questions about that domain. Most of the time, your registrar also sells DNS hosting, and this comes as a package. This is one opportunity for malfeasance: your DNS host could change your MX records, resulting in all mail going to them before they forward it to your real mailservers. If your registrar and your host are separate, then your registrar could change the NS records to point to their nameservers, which could return an MX record that they control, which would then do the same mail rerouting. I have never actually heard of these attacks taking place. However I HAVE heard of people's accounts at the registrar having their passwords guessed, or otherwise compromised via social engineering, and then the bad guy can do everything I just described. I doubt a nation-state or the registrar itself would ever do this because it would be very visible.

The login to your domain registrar really are the keys to the kingdom.

If you buy an "account" with Vinny's Awesome Mail Service, then your MX record will point to Vinny's server. At that point Vinny is privy to all mail that attempts to be delivered to your domain. So he definitely can see it all as it comes in. As far as seeing your stored mail, that's only if you leave your mail stored on his server.

Of course if your emails themselves are encrypted, then nobody can see anything. But almost nobody actually does this, which is a shame. Even if they did, though, the mail server could see all the metadata: who you're corresponding with, when, how big the messages are, etc.


And to answer your other question: having a domain name has almost no bearing on performance. It's the mail server's place on the network, or more likely, its speed at being a mail server, which affects performance. I suppose if your registrar ran a really slow nameserver with bad caching settings, it could slow things down. Not really an issue in practice.

[Xan]

By the way, my host is in Australia and it never ceased to amaze me how quickly I could send an email from Massachusetts to Australia and it'd get back to me in an instant.

I use almost this exact example to complain about why it takes three days to transfer money from one bank to another bank.

[InsuranceGuy]

[deleted]

[Xan]

and (3) if I had an email address: dualstow @ vinnysmemorypalace dot com
and someone accidentally wrote to dualstove @ vinnysmemorypalace dot com, an address not taken by anyone, would *that* email be readable by Vinny as he is the owner of the domain?

Yes.
I own leavy.org and anything addressed to that domain shows up in my default mailbox if not addressed to a specific mailbox.

This is not the case for my domain. I do not use catch-all forwarding to avoid taking random spam, a valid address at my domain must be used or the sender will receive a failure notice.

But it remains the case that all mail for any address at your domain does go to your mail server, which could see it.

[InsuranceGuy]

[deleted]

[dualstow]

This is all very good information. I’ve been reading up on domain hosting for websites vs email only, but this thread is much more succint and addresses exactly what I asked and what I was going to ask. Much appreciated.

Most email hosting seems to be sold to those who own small businesses, not to families. I think it may be overkill for a family, but if protonmail gets wiped out I may have some regrets.

(Vinny, I’m still impressed that one can dial a few digits and call Australia on the phone).