Published

Moving your email from one host to another

I recently helped an artist friend move an email address associated with her domain name from one host to another. These are the steps we took.

TL;DR — Moving email from one host to another is a pain. If you have to take it on yourself, take each step carefully and when in doubt, get in touch with your email hosting provider for advice.

⚠️ I wrote up these instructions as a self-help guide for my friend and decided to publish them here since I figured a lot of people might be in a similar boat. Turns out I was right, I get a lot of emails about moving email! However, if you want someone to manage an email move for you or provide one-on-one support for email, unfortunately I don’t offer this as a service. I’m not the right fit, my specialty is building websites, not managing email. If you don’t want to take it on yourself (which is fair!), you must get in touch with an IT person or systems administrator, not a web developer. If you’re not sure where to find one, ask around for recommendations or have a quick search online for local IT outfits that might fit the bill.

Read full instructions

Published

Preventing email spoofing

Been getting a bunch of targeted phishing emails recently. They’re pretending to be my domain registrar, saying that payment is overdue and they’re going to delete my domain permanently. I’ve received similar things before, but this one of the more convincing and aggressive attempts I’ve seen.

This reminded me about a task on my backlog of TODOs, sorting out my domain’s SPF and DKIM. Both are email authentication methods designed to detect forged sender addresses in emails, a.k.a. email spoofing. SPF + DKIM won’t prevent inbound phishing emails, but they do help prevent my own domain from being spoofed in shady outbound emails.

I’d forgotten to add a SPF record so sorted that out. I made sure to add include values for both my email provider and my web host since the web host is responsible for sending things such as password reset emails from the CMS. Unfortunately, my email host Gandi doesn’t support DKIM. 🙁 So that’s a non-starter.

I’ve been considering switching to Proton though, and happily they offer SPF, DKIM, and DMARC. Maybe I’ll make the switch a bigger priority. Gandi has mentioned that they’re working on implementing DKIM though, so maybe I’ll just check back later this year

Eventually I’ll look in to a DMARC policy, but that’s going to come a little later.

A few links that may be useful:


Edit 21.02.20 – Added link to EasyEngine tutorial b/c I previously was using ?all and received a spoofed email from my domain on another email address I have. *facepalm*

Published

Pelican, Penguin, The Happy Reader

The folks at Penguin Random House have been sending some particularly strong e-newsletters recently using the system Sam and I created a little while back. Links below.