Safeguard your email address by registering a domain

A primary email address tied to your email provider could set you up for a great deal of inconvenience if they shut down. Registering your own domain helps control your email regardless of which company you’re currently using.

On Thursday, 8th August 2013, a secure email service provider called Lavabit suddenly suspended operations. Its founder, Ladar Levison, wrote in an open letter on the company’s website that he would rather shut the company down than “become complicit in crimes against the American people.” Although Mr Levison took what he believed to be a principled stand, Lavabit customers were understandably angry at being blocked from accessing their emails. Without warning, long-time customers lost years worth of archived messages. Active users who relied on the company to host their primary email now face the inconvenience of updating their contacts and online accounts with a new address.

One may be tempted to think that a simple solution would be just to set up another email account elsewhere. After all, there are many free email providers offering reliable services. If you’re in this camp, ask yourself how your day-to-day life will be affected if you suddenly and unexpectedly lose access to your email account.

  • Do you conduct business over email? How much productivity will be lost re-establishing communication with clients?
  • Have you saved passwords, document attachments and important account information in your webmail folders? What happens if you can’t log in to the webmail account?
  • How much time will it take to inform all your relatives, friends and contacts of your new email address, especially if your address book was also hosted with the lost email service?
  • How easy is it to reset the passwords of your other online accounts (internet banking, Facebook, Skype, etc.) without that lost email address?

Keeping control of your email address

There are some important lessons we can learn from the Lavabit incident and two things can save you from similar trouble:

  1. Register your own domain and link it to your email provider. That way, you can switch providers while retaining the same email address.
  2. Do not rely on webmail as your only method of accessing your messages. Set-up an email client on your computer and regularly download copies of your email.

Exactly how you go about using your own domain and downloading emails depends on your existing set-up and requirements. I’ll give a quick overview in this post but please note that it only briefly touches on some steps which can be quite technical.

Step 1: Register your own domain

An email address under your own domain keeps it independent of the email host. Your current email provider may go out of business, get bought-out or become unreliable but having your own domain means that you can switch to another while retaining the same email address.

To get an email address under your own domain, you first need to register a name with a domain name registrar. (See this post for more information.)

You can register your domain with the following companies but a web search for “domain registration” will bring up a list of other providers:

  • Another Cup of Coffee Limited – we’ll handle the details of domain registration under your name for £9.99 GBP per year
  • – a popular UK-based registrar and hosting company
  • namecheap – a US-based registrar that seems to have a good reputation for customer service (I personally haven’t used them)
  • Network Solutions – one of the oldest and well-known registrars but quite expensive

Regardless of which domain registrar you choose, the whole process should only take a few minutes to complete. However, depending on their system, it could take a few hours to a day or more before it’s available for use.

Step 2: Link your domain to your email provider

Linking your domain to an email provider can be intimidating for non-technical people. To make matters more complicated, some end up with different combinations of registrar, free web-based email, business email hosting, and web hosting. Everything can be under one roof or you may have different companies handling each component. The exact steps needed will depend on your subscription packages so covering them in a short tutorial is not practical. (That’s why companies like us exist!)

In general, your registrar will give you an online control panel. This lets you specify settings to hand over control of the domain’s email to an external email provider. Alternatively, it may offer an email forwarding service that automatically redirects messages to another address, such as Gmail or Yahoo Mail.

Changing email providers then becomes a matter of adjusting the control panel to reflect the new company’s settings.

Here are some help pages for a few of the popular email providers:

Step 3: Download backups of your emails

For many people, their main method of checking and sending email is through their provider’s webmail interface. It’s very convenient because there are no programs to set up on your computer. All that’s needed is to open up a web browser and log in. The downside is that you do not retain any copies of your messages. As some of the Lavabit customers found, you will lose everything if the provider suddenly ceases operations.

The solution is to set up an email program (also known as an email client), like Mac Mail, Microsoft Outlook or Mozilla Thunderbird to download emails from your server. Even if you prefer webmail, periodically connecting from your email client ensures that you save the latest messages on your computer’s hard-drive.

Most email providers offer you a choice of ‘POP’ or ‘IMAP’ as mechanisms for retrieving your email. POP will simply download all the messages and if set in your email client, delete the messages after they’re read. IMAP synchronizes your email client with the server so it copies the same structure of read, unread, sent messages and saved folders. (This Rackspace article gives more detail on the difference between the two.) I find IMAP to be the most convenient option. If you mostly use webmail, you should also use IMAP if it’s available.

Too much trouble?

These steps might seem daunting but you don’t need to be a computer expert to get everything set-up. Business users usually have more complex configurations that may need an IT administrator to get everything working properly. However, for personal users and micro-businesses with simple needs, a little bit or research and background reading should allow you to get the job done without any help.

Of course, if you’d rather not go to the trouble of doing this yourself, we’ll be very happy provide you with a quotation. This is not a big budget job as the whole process is fairly quick for those familiar with what’s required.

Some background on the Lavabit incident

I’ll make a slight digression from technical matters as the Lavabit incident may have wider implications for anyone using US-based internet services.

Lavabit offered encrypted email services and was reported in the press to have been used by the NSA whistleblower Edward Snowden. Unlike most email systems, the company’s technology meant that there was no way for them to directly read user emails. While we may never know the truth, it seems likely they were ordered to participate in ongoing surveillance in a form that the founder believed to be against the United States Constitution. Levison was issued with a ‘gag order’ preventing him from giving details on the matter. Shortly after the Lavabit news broke, Silent Circle, another secure email provider, pre-emptively shut down its own service in order to protect its customers.

There is increasing industry speculation that the US government’s surveillance is jeopardizing the country’s businesses since they can no longer be trusted to protect their users’ privacy.

It’s clear that no matter which country you’re in, if your email is hosted with a US provider, you need to assume that the US government will want (or already has) backdoor access to them. Whether or not this is acceptable is a discussion outside the scope of this post. Regardless of where you stand, it’s important to realize that the industry landscape is changing and we can no longer be complacent about safeguarding our data.

About the EU Cookie Law and our cookie policy

The EU Cookie Law

In May 2011, EU countries adopted the ‘EU Cookie Law’ (officially, the EU e-Privacy Directive). Essentially, it put in place legislation to force website owners to be transparent about their use of cookies and to ask visitors for consent. The legislation applies to all sites in European Union Member States, as well as foreign website who target audiences in Member States. The fine for non-compliance can be as much as £500,000.

The UK’s Information Commissioner’s Office (ICO) gave British websites a 12 month grace period to update their sites and published guidelines for compliance. This grace period ended on 26th May 2012.

What are cookies?

A cookie is a small file which is sent to your computer by a website. Many sites use them for things like storing site preferences, analysing web traffic, keeping you logged in and remembering shopping-basket items. Web browsers tend to automatically accept cookies but there are settings that allow you to customize how you deal with them. You can find more information about cookies, as well as find help on how to disable or delete them at

How we use cookies

On this website, we use cookies for anonymous traffic statistics and to improve user experience. Technically, this site can also use cookies to keep track of logged in users and for post commenters. However, this functionality only applies to a limited set of website content editors. These cookies are not set for public visitors. For a list of cookies used on this site, please see the table below.

More information about the data we may collect can be found on our Privacy Policy page.

Your implied consent and how to opt-out

According to the ICO, “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” By continuing to use this website, we’ll assume you understand that your actions will result in cookies being set and have given your implied consent.

If you prefer not to have these cookies set, you may opt-out by configuring your browser to reject the cookies. Information on how to do this can be found at Google provides a Browser Add-on for Chrome that enables you to opt out of all Google analytics.

Cookies on our clients’ sites

The kind of cookies we use for sites that we build depend on our clients’ requirements. Our general policy is to only use cookies that are needed for the operation of the site. Since we mostly install Drupal and WordPress content management systems, these include cookies that allow users to log in and post comments. When requested by the client, we also install traffic analysis code, such as Google Analytics, which also sets cookies to measure visitor statistics.

Sometimes a client wishes to display content from third-parties, such as advertising, games or ‘widgets’. These often also set cookies but we’d need to perform an audit to find out how they affect their site’s compliance.

Is your site compliant?

Please contact us if you’re not sure what kind of cookies are used on your own site. We will perform a cookie audit so that you can update your privacy policy in order to comply with the law.

More information

The table below describes the cookies we set on this site for public visitors.

cookielawinfo-checkbox-necessaryPersistent1 hourStores which types of cookies you have approved.
cookielawinfo-checkbox-non-necessaryPersistent1 yearStores which types of cookies you have approved.
viewed_cookie_policyPersistentOne year from set/updateStores your acceptance of our cookie policy so that the notification bar no longer displays.
X-Mapping-ihnbadbnSessionEnd of browser sessionUsed by our web hosting company to manage the load on their servers.
_cfduidSession30 daysHelps Cloudflare detect malicious visitors to this website
_gaPersistent2 yearsUsed by Google Universal Analytics to distinguish users.
_gatPersistent24 hoursUsed by Google Universal Analytics to distinguish users.
_gidPersistent1 minuteUsed by Google Universal Analytics to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
__utmaPersistentTwo years from set/update. Used to distinguish users and sessions.Set by Google Analytics when their code executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
__utmbPersistent30 mins from set/updateSet by Google Analytics to determine new sessions/visits. The cookie is updated every time data is sent to Google Analytics.
__utmcSessionEnd of browser sessionSet by Google Analytics to determine whether a visitor user is in a new session/visit.
__utmzPersistentSix months from set/updateSet by Google Analytics to store the traffic source or campaign that explains how a visitor reached our site. It is updated every time data is sent to Google Analytics.

You might find these articles helpful.