The only thing worse than hanging your identity on @gmail.com is @comcast and the like.
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.
I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.
Does anyone have any creative solutions to this problem?
I would probably recommend two things: 1. Move away from Gmail as soon as possible, to a service like Fastmail or Proton Mail; 2. Have an email from that provider as the “last resort”, i.e. hedora@fastmail.com, while using your domain name based emails for most other things.
This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.
> I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
What do you mean "ground it out"?
As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.
It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.
> As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank.
This is what I do.
Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).
I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.
I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.
Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.
I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.
Shouldn't you still be able to prove your identity to your DNS provider through your name, address, birth date, security questions, past correspondence, bank statements etc.?
Without going to the step of moving photos, mail, contacts, etc. off of Google services. Are there automated tools available to periodically export that data?
You can use the "download your data" feature of Google to download a copy. However you have to manually trigger the export. Also no incremental download so it can be a lot of data being transferred.
Unfortunately, you still need to manually download the data each time. There's no way to automate this. There's also no way I know of to directly upload a takeout zip to another service and continue. There's also a (generally long enough, except when you forget) time limit on downloads, as well as a download limit (have a crappy internet connection, and lost access to a file? Start a new takeout, wait for it to be available, and try again)
If takeouts could be configured to download automatically through Google drive, that would be amazing.
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.