EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 11 Jan 2021, 11:30 AM   #1
barmadrid
Junior Member
 
Join Date: Jan 2021
Posts: 6
username: best login security practice?

Hi,

I just signed up to Fastmail and added my domains and aliases. Everything is great already!

I use different alias (under my custom domain) for each online service/account I sign-up for. Example: ([email protected]), ([email protected]), etc.

Currently my username (login) is: [email protected] and have my custom domain and aliases created under it

Just wondering, if it's best (for security/privacy purposes) to switch the username to something like [email protected] instead?

For you all using Fastmail with custom domains, what do you use for username (login)?

Thanks in advance!
barmadrid is offline   Reply With Quote

Old 11 Jan 2021, 12:11 PM   #2
NumberSix
Cornerstone of the Community
 
Join Date: Jan 2003
Location: The Village
Posts: 585
Welcome to Fastmail and the forum.

I don't think that changing your login address to use your private domain will necessarily do anything to improve your security, but would be interested to hear from anyone who disagrees.

I have a lot of different addresses that I use (private domains, employer, university, etc and also FM aliases -- probably similarly to most of us here), but I don't use my login username for actual email communications, so I've chosen as my login name (@fastmail.com) a sorta randomish string of letters that's easy to type. I have thought that not having my real name (or anything else that can be traced to me in the real world) as part of my login credentials helps to improve the security of my email (makes it hard for someone to get in by guessing at creds).

As for spinning off individual addresses for each of the web properties you deal with, that's an excellent idea, one of the things I love best about FM and one of the reasons I will likely stay with them forever. I haven't found any other ESP that does this (at least, in-house). I make my individual addresses a little more (pseudo)secure by rot13'ing the left-side strings: thus "walmart" becomes "jnyzneg". It's more convenient if you can memorize the rot13 translation table The weakness of this scheme, for me, is that I'm using an FM domain alias for all of them rather than a private domain, so that if I wanted to leave FM for another provider, I'm much less mobile. But it's not something that keeps me up at night.

https://en.wikipedia.org/wiki/ROT13
NumberSix is offline   Reply With Quote
Old 11 Jan 2021, 02:50 PM   #3
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,659
Arrow Using subdomain addressing to simplify the use of many unique addresses

Welcome to EMD and also to Fastmail!

I have had a Fastmail account hosting my own personal domain since 2004 (17 years), the same year I joined the EMD forum. Fastmail has grown into a very solid company with a great service in that interval.

I never use my login address for my main Fastmail account for email. Instead I use aliases and subdomain addresses at those aliases, both at Fastmail domains and my own personal domain. In the examples below, let's assume that your Fastmail login address was [email protected] I'm sorry that my post is so long and complex, but I wanted to give you an idea of how you can use subdomain addressing so you don't need to create a new alias for every company you interact with.
  • You can create email aliases at many Fastmail domains. For example, you could use [email protected], where "sent.com" is one of the Fastmail-owned domains you can use. You can also create aliases at the domain(s) you own which are hosted at Fastmail.
  • It's much easier when signing up at businesses or organizations who will send you messages to use subdomain addressing. If you control the alias "[email protected]", then you can use any number of subdomain addresses such as "[email protected]" or "[email protected]" without explicitly creating an alias for that complete address. You just create the alias "[email protected]" and anything@example.sent.com is a valid address which will be delivered to your account. The alias name becomes the subdomain after the @, and is separated from the main domain name by a period/full-stop symbol (.).
  • During delivery at Fastmail, the subdomain address is by default expanded to a plus address before delivery is made. So "[email protected]" is changed to "[email protected]", which by default causes the message to target your "alpha" folder if it exists, and your Inbox folder if that specific folder does not exist, assuming that the alias table target is your Inbox. You will see in the full headers that the X-Delivered-To header is "[email protected]" and the X-Resolved-To header is "jciti[email protected]", which causes the message to by default be filed into your "alpha" folder (if it exists).
  • But you can change this behavior by changing the alias target (in the alias setup page). If the "example" alias target is changed to "jcitizen+*@fastmail.com", the wildcard * causes the X-Resolved-To header to become "[email protected]", which leads to the message being filed into the "alpha" subfolder of the top-level "example" folder. The full-stop period "." character denotes a subfolder. You can also add more than one alias target so that messages sent to that address are delivered to more than one folder. The alias resolution happens before spam processing.
  • So let's say that you have accounts at various financial institutions and you want messages from those companies to always be filed into the "bank" folder (and possibly subfolders of bank for specific companies). You could create the alias "bank" at your personal domain, and use as the target for that alias "jcitizen+*@fastmail.com" on the alias setup page. Here is how messages would be filed from various companies:
    • Messages sent to "[email protected]" would be filed into the "bank" folder.
    • Messages sent to "[email protected]" would be filed into the "alpha" subfolder of the "bank" folder if that subfolder exists. Otherwise they would be filed into the "bank" folder if the subfolder does not exist.
    • You could set up several companies in this fashion. You don't have to create a new alias for each one -- only the one alias "bank" is needed. If the proper subfolder does not exist, the message will be filed in the main "bank" folder.
    • Capitalization is ignored in email addresses and folder names during automatic email delivery processing.
  • See the Fastmail help page about subdomain addressing at: https://www.fastmail.com/help/receive/addressing.html
  • When I say that the emails will be automatically filed into the folder as described, this really means that at the first processing stage (before your rules are executed, the X-Resolved-To header is used to target a specific delivery folder rather than the default Inbox. The rules are then executed, and rules can over-ride the target folder described above.
  • Even if you don't want to create a specific subfolder for each company, using subdomain addressing still makes things much easier for you. The subdomain (alias) name can be something which would be unlikely to be guessed by a spammer, and you can add the company name before the @ when you sign up ([email protected]) and won't need to create a new alias. You just create one alias for the subdomain (such as "bank" in my example).
  • If there is a security breach, you can discover this because you only gave that specific subdomain address ([email protected]) to that one company. If the address is used by anyone else, it means that the company has sold their address list to another company or a spammer/scammer has stolen it.
Bill
n5bb is online now   Reply With Quote
Old 12 Jan 2021, 12:43 AM   #4
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,288
My experience is that Fastmail.com logins tend to get a LOT of phishing emails -- at least they did at one point.

Choosing an alternate Fastmail domain is a very strong recommendation.

/cl
ChinaLamb is offline   Reply With Quote
Old 12 Jan 2021, 01:29 AM   #5
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 698
Quote:
Originally Posted by ChinaLamb View Post
My experience is that Fastmail.com logins tend to get a LOT of phishing emails -- at least they did at one point.

Choosing an alternate Fastmail domain is a very strong recommendation.

/cl
Fastmail (and some other but not enough other services..) make it easy to change that login userID if need be.

Goto Admin | Users & Aliases to do so.

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 12 Jan 2021, 03:54 AM   #6
barmadrid
Junior Member
 
Join Date: Jan 2021
Posts: 6
Thanks Bill for your answer. Learned a lot. Appreciated!

Quote:
Originally Posted by n5bb View Post
you can use subdomain addressing so you don't need to create a new alias for every company you interact with.
Is there any privacy/security advantage of using subdomians for email sign-ups compared to just [email protected]?

Just want to confirm so I can change my email at such companies from direct alias at domain to subdomain!
barmadrid is offline   Reply With Quote
Old 12 Jan 2021, 04:38 AM   #7
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,659
Quote:
Originally Posted by barmadrid View Post
l...Is there any privacy/security advantage of using subdomians for email sign-ups compared to just [email protected]?...
I don't think there are any significant privacy or security issues related to using an alias as opposed to a subdomain at an alias.

If you are using the address for a service which you might want to block in the future or which you think might sell your address to spammers, there is an advantage to using a specific alias at your domain. This is because you can easily disable that alias at the Fastmail alias screen. If you experience a lot of spam to random aliases at your domain, you might want to not use the wildcard * alias (which allows delivery of any alias to your account, even if it's not enabled with a specific alias).

But for general use with businesses and web services, I think it's much easier to use subdomain aliases at one or more aliases at the domain. You can add them easily on the fly without needing to add the alias at the Fastmail setup screen. If you start to get spam at that subdomain address and want to disable it, you can always use a rule.

The Fastmail spam filter is pretty good. Read about Your personal spam database at:
https://www.fastmail.com/help/receiv....html#settings
This is a Bayes filter which you can train. It only starts acting on new messages after you have reported at least 200 messages as spam and 200 as non-spam. You can set up folders (or labels) which automatically mark messages as non-spam to make this easier. You can also block specific sender addresses or domains in the Settings>Filters & Rules screen at the top.

Bill
n5bb is online now   Reply With Quote
Old 12 Jan 2021, 05:16 AM   #8
barmadrid
Junior Member
 
Join Date: Jan 2021
Posts: 6
Excellent! Thanks Bill and everyone else
barmadrid is offline   Reply With Quote
Old 12 Jan 2021, 05:23 AM   #9
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,288
Only question I would have, is if that username could encounter problems if you lose rights to the domain...

That is, can you still log into fastmail, and get support, if you lose the domain somehow, or if the domain isn't working?

I've preferred keeping a WHOLLY separate login to Fastmail, so that no one, who has my email address, knows what email I use (unless they get an email from me and check the headers)...

/cl
ChinaLamb is offline   Reply With Quote
Old 12 Jan 2021, 06:42 AM   #10
SideshowBob
Senior Member
 
Join Date: Jan 2017
Posts: 171
Quote:
Originally Posted by barmadrid View Post
Personally I wouldn't use any kind of address where the LHS is easily guessable from the domain name.
SideshowBob is offline   Reply With Quote
Old 12 Jan 2021, 08:22 AM   #11
ChinaLamb
The "e" in e-mail
 
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,288
Quote:
Originally Posted by SideshowBob View Post
Personally I wouldn't use any kind of address where the LHS is easily guessable from the domain name.
I've made several attempts to figure out what LHS is, even a few google searches... I'm assuming you are not referring to LaVergne High School, or a Chrystler LHS... Other than that, I'm stumped.

/cl
ChinaLamb is offline   Reply With Quote
Old 12 Jan 2021, 08:54 AM   #12
xyzzy
Essential Contributor
 
Join Date: May 2018
Posts: 326
Quote:
Originally Posted by ChinaLamb View Post
I've made several attempts to figure out what LHS is, even a few google searches... I'm assuming you are not referring to LaVergne High School, or a Chrystler LHS... Other than that, I'm stumped./cl
I parsed that as "left hand side" as in the left hand side of the an email address "@", i.e., the "local part" of an email address.
xyzzy is offline   Reply With Quote
Old 12 Jan 2021, 12:55 PM   #13
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,852
OP you can change your login name in your account section if you are not happy with it...
Terry is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 08:53 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy