Posts

Protect Domains That Don’t Send Email from Email Spoofing

We recently wrote an article for those who manage their own Internet domain names about using SPF, DKIM, and DMARC to prevent your domains from being used in phishing attacks and enhance the deliverability of legitimate email. But what about other domains you own but don’t use for email? To make phishing attacks more believable, spammers sometimes forge email so it appears to come from parked domains that aren’t protected. You can use SPF, DKIM, and DMARC to ensure that forged email that seems to come from your unused domains isn’t accepted. The details are too specific to go into here, but Cloudflare has an excellent article outlining what you need to do.

(Featured image based on an original by iStock.com/Igor Kutyaev)


Social Media: If you have parked domains that never send email, it’s important to set up SPF, DKIM, and DMARC so scammers can’t forge legitimate-looking email from those domains.

Avoid Unusual Top-Level Domains in Custom Domain Names

Remember the heady dotcom days, when businesses were desperate to get a short, memorable, easily typed .com domain? It quickly became difficult to get what you wanted—so much so that deep-pocketed companies paid exorbitant sums for just the right domain.

Before we go any further, let’s make sure we’re all on the same page. Domain names are necessary because computers on the Internet are all identified by inscrutable numeric IP addresses. You can remember and type apple.com easily; 184.31.17.21 not so much. Domain names have two or more parts: the top-level domain (read from the end, such as com) and the second-level domain (like apple), plus optional third-level domains (which could give you support.apple.com).

Since the days of speculating in .com domains, however, hundreds of additional top-level domains have been opened up, including domains from .aaa to .zone. There are now top-level domains for .doctor, .florist, .lawyer, and many more, including the general .xyz. It might be tempting to switch from the awkward dewey-cheatham-howe.com to the shorter and more memorable dch.lawyer. And even if there isn’t a profession-specific top-level domain that works for you, you may think that if abc.xyz is good enough for Google’s parent company Alphabet, surely it’s good enough for you.

Alas, much as we appreciate the creativity and flexibility offered by these alternative top-level domains, we’d like to dissuade you from using one, if possible. Problems include:

  • Email deliverability: If you’re sending email using an alternative top-level domain or including links to that domain, it’s much more likely that your email will be considered spam by receiving systems.
  • SMS deliverability: Some SMS text message providers will automatically delete messages containing URLs with alternative top-level domains in an effort to protect their customers from phishing attacks.
  • Social media spam filtering: As with SMS text messages, social media posts that include URLs with alternative top-level domains may be categorized as spam or as linking to a malicious site.
  • Firewall blocking: Abuse of alternative top-level domains has become so commonplace by scammers that some companies prevent their employees from accessing websites using certain alternative top-level domains at the firewall level.
  • User perception: Although there’s no telling how anyone will react to a particular top-level domain, people won’t think twice about .com but might think .ooo seems sketchy. (We would.)

Obviously, it may not be possible to get the domain name you want in .com. What to do? There are a few strategies:

  • Expand or abbreviate: At this time, people mostly don’t see, remember, or type domains apart from those that go with businesses that do a lot of real-world advertising. So if you need to add or subtract words (or letters) in your domain to find a unique one, that can work.
  • Use a country domain: Two-letter top-level domains are restricted for use by countries, so .us is for the United States, .ca for Canada, and .au for Australia. Every country has different rules for who can register them. For instance, it’s possible to get a domain ending in .it (Italy) as long as you work through a registrar that acts as your representative there. .io (British Indian Ocean Territory) and .ai (Anguilla) are popular top-level domains among tech companies.
  • Stick with better, pricier alternatives: Not all alternative top-level domains are equally problematic. The classic .net and .org are fine, and .biz isn’t bad. But how to determine that? When you’re checking to see if a domain name is available, compare prices. For instance, at one domain name registrar, iphonewhisperer.xyz costs only $1 per year, whereas the iphonewhisperer.biz version is $4.98 per year, iphonewhisperer.net is $9.18 per year, and iphonewhisperer.studio is $11.98 per year. The more you pay, the less likely that domain has been abused by spammers and marked for filtering.

In the end, when it comes to domain names, it’s best to be conservative and stick with a top-level domain that won’t cause people or filters to think twice. That’s probably .com, if you can make the rest of the name work for you.

(Featured image by iStock.com/BeeBright)


Social Media: Tempted to get a short, memorable domain name ending in .xyz or .shop? As we explain, that’s a bad idea if you care about user perception, email and text message deliverability, and not being blocked by social media and firewalls. Details at:

Ever Wanted to Get a Custom Email Address? Here’s How (and Why)

Some facts about ourselves are difficult or impossible to change, but your email address doesn’t have to be one of them. Switching to a custom email address might seem overwhelming, and it will take some time, but it’s not that hard or expensive (and we’re always happy to help if you get stuck).

Why Consider Switching to a Custom Address?

Why would you want to take on such a task? Independence. If you’re using the email address that came from your Internet service provider, you could end up in an awkward situation if you have to move and switch ISPs. Any address that ends in @comcast.net, @anything.rr.com, @verizon.net, @earthlink.net, or the like could be problematic. You also don’t want to rely entirely on a work email address—there’s no guarantee that your employer will forward email for you indefinitely if you take a different job.

Also, an email address says something about you, much as a postal address does—there’s a difference between an address on Central Park versus one in the Bronx. If you’re not happy with what your email address implies, you might want to switch.

What can an email address reveal? Those with a free Juno, Hotmail, or Yahoo account likely signed up years ago and don’t take email very seriously. People who use an @icloud.com, @me.com, or @mac.com address are clearly Apple users, and those with an address ending in @live.com, @msn.com, or @outlook.com are probably Windows users. .edu addresses identify students, teachers, and school employees—but if you’re not one anymore, your email looks like you’re wearing a varsity jacket in your 40s. The big kahuna of email is Gmail, which boasts about 1.5 billion users worldwide now—as a result, using a Gmail address is fairly generic.

The ultimate in independence comes when you register your own domain name, which usually costs less than $20 per year at sites like 1&1 Ionos, Domain.com, easyDNS, Directnic, and Register.com. Then your address can be anything you want at your new custom domain, and you never again have to worry about being tied to your ISP or associated with a free email host.

How to Change to a Custom Address

Step 1: Register a new domain name. The hard part here is thinking of a name that hasn’t already been taken. It’s best to stick with the traditional top-level domains like .com, .net, and .org—if you get into the new ones like .beer (yes, that’s available), your email is a bit more likely to be marked as spam. Most domain registrars will also host your email for you, and if you go this route, you can skip Step 2.

Step 2: If you’re already using Gmail or another independent email provider that isn’t tied to your ISP, log in to your account at your domain registrar and configure it to forward all email to your existing email address. In this case, you can skip Steps 3 and 4.

However, if you aren’t happy with your current email provider, you’ll need to set up an account with a new one. There are lots, but many people use a paid email provider like FastMail or easyMail that usually charges less than $50 per year and supports multiple mailboxes. When you set up the account, you’ll need to create one or more new email addresses at the provider and configure MX (mail exchange) records with your domain registrar—the service will provide instructions for this.

Step 3: If you’re changing email providers as part of this process, you’ll need to configure Mail—or whatever email client you’re using—to connect to your new email account with the login credentials you set up. That’s not hard, but being able to send email that comes from your custom address can require some effort with the free email providers. Gmail provides instructions, and others that support this feature will as well. Unfortunately, iCloud won’t let you send email using a custom address.

Step 4: If you’re moving to a new email provider, you’ll need to forward your mail from your old provider to your new custom address. Most email providers and ISPs have a screen somewhere in the account settings of their Web sites that lets you enter a forwarding address.

Step 5: Tell your family, friends, and colleagues about your new email address, and update mailing lists and accounts at sites like Amazon that send you email. The forwarding you set up in the previous step will ensure you don’t miss anything during the transition, but remember that if you cancel your old ISP account, that forwarding may end immediately, so it’s important to start the process well in advance.

The details will vary depending on your choice of domain registrar and email provider, so again, if you would like additional recommendations or assistance in setting all this up, just let us know.


Social Media: Setting up a custom email address with your own domain isn’t that hard or expensive, and it gives you independence from your ISP, employer, or the sketchy email provider you signed up with after college. Here’s how you can switch.