One Danger of Custom Domains


It’s pretty well established now that everyone needs to have their own website.

Having your own domain (and website) is important. It not only gives you a “home” online, but it’s a better first impression for people interested in you. Additionally, having your own website gives you a place to put interesting content that can (potentially) make you money. Remember that putting this stuff on Facebook or Instagram gives them more ad revenue and you nothing!

However, even with your own domain, you should probably have a “standard” email address from a service like Gmail, Outlook, etc. that you use for online accounts and communication.

An email from one of these services is much less likely to be marked as spam than an email from your personal domain. And there’s another security reason to use a 3rd-party email service that I didn’t consider until now!

The Risk of Your Own Domain

As pointed out in this article on natehoffelder.com, you should be using your custom domain to register for an account on a site that involves money (Amazon, Paypal), or your reputation (Twitter, Facebook). The main hazard is that if you neglect to renew that custom domain, bad things could happen.

For example, imagine if you use Name@MyFancyDomain.com to create your Amazon account. Then a few years later, you forget to renew MyFancyDomain.com (or your credit card expires).

Suddenly you’ve lost control of MyFancyDomain.com. Now someone else can swoop in and buy MyFancyDomain.com, and then they are in control of your (former) domain. Any Amazon notification emails (password resets, order confirmations, security emails, etc.) will still be sent to Name@MyFancyDomain.com – which is now under the control of a 3rd party.

If this 3rd party is malicious (and you don’t have additional security setup) then it’s trivial for them to reset your password (remember, they will get the reset email!), take over your account, and order things on your dime.

With a site like Venmo or Paypal, they could transfer money into their own bank accounts. With a social media account, they can post inflammatory things and ruin your reputation.

What to Do Instead

Use a service like Outlook, Gmail, ProtonMail, Zoho, Hey.com, etc, and make sure to take all the standard precautions:

  • Use a long, random password (stored in something like LastPass)
  • If 2-Factor Authentication is available, make sure that you use it! Preferably using some sort of random number generator rather than SMS messages.
  • Remember to never click on links in an email. Even if it looks legit, navigate directly to the page in your browser.

Using your Name@MyFancyDomain is great for professional communications, but for critical accounts, you’re better off using a 3rd party service (with as many security features enabled as possible).


About Colin Dorman

Colin is a freelance horn player and teacher, as well as a fan of tech of all sorts, aviation, and increasingly complex flight simulators. He also enjoys beer, bourbon and fitness - but not at the same time. You can find him on Facebook, Twitter, as well as right here at ColinDorman.com!