And they probably want to reserve usage of their domain for email so you know it's a staff member you're dealing with, which is why google gives away gmail.com addresses, not google.com addresses.
Here are three less expensive email options for you:
1. get a VM and install exim/postfix 2. OpenSRS https://opensrs.com/services/hosted-email/ 3. AWS workmail https://aws.amazon.com/workmail/
Can I get more horror stories to confirm those are real? It's unfortunate because namecheap used to have the exact opposite reputation: https://news.ycombinator.com/item?id=3396606
[0] - https://blog.cloudflare.com/why-we-terminated-daily-stormer/
https://www.firstpost.com/tech/news-analysis/cloudflare-and-...
If someone really wanted to sue you, it's pretty cheap to issue subpoenas (<$100). The provider can quash the subpoena on the customers' behalf[1] but I don't know any who does.
I'm using Google Domains right now, but have been using CloudFlare to host my DNS for ages for this reason alone. I'll think about transferring my domains to them when the time comes to take one service out of the equation.
[1] https://support.cloudflare.com/hc/en-us/articles/200169056-C...
>We want to keep things simple and we're not trying to compete on price but security. We will never be the cheapest domain name registration service but we'll always be the most privacy centered one
You sign up with email or XMPP+OTR, they send mails PGP signed + encrypted (using info from key server or the key you uploaded), they have app based (TOTP) 2FA and they accept various cryptocurrencies.
There's no bullshit and so far the support has been quite good.
Their DNS (currently) supports: A, AAAA, CAA, CNAME, MX, NS, PTR, SRV, SSHFP, TXT (also "Dynamic" and "Redirect")
It's run by some of the Pirate Bay founders and they're still making fun of legal threats. ;)
Matthew Prince is a human like everybody else, and honestly, I would rather have him guarding my back than a lot of other tech CEOs.
However, they were acquired by a Canadian investment firm earlier this year [1]. Till now there's been no change and things are still running smoothly — I just hope that continues.
[1] https://coupontree.co/namesilo-was-sold-for-9-5-million/
CloudFlare has been profitable since 2014[1]:
> CloudFlare has raised more than $72 million in funding, with a $50 million round in 2012, valuing the company at $1 billion. That last slug of equity is still in the bank, says Prince; the company says it just had its first cash-flow-positive quarter with revenue, estimated to be around $40 million by year-end, growing 450% year over year.
[1] https://www.forbes.com/sites/kashmirhill/2014/07/30/cloudfla...
https://arstechnica.com/tech-policy/2017/05/cloudflare-chang...
But my biggest concern is that CloudFlare is centralizing the internet way too much. If most connections to smaller websites are proxied through CloudFlare, the web becomes very centralized: all your connections go either to other giants like Google/Facebook/Netflix, or to Cloudflare.
In any case, the Verisign fee is not hard to confirm; it would be weird for them to lie about it: https://investor.verisign.com/news-releases/news-release-det...
It does mention the renewal price is $8.89 (which is about the normal price) if you click the renewals tab.
I don't think I would put this into the same category as a bait and switch tactic that other vendors do. This one is all spelled out on the page and it's not part of the check out process. You have to go out of your way to discover and opt into the discount program.
There are also several other (seemingly lesser known) restrictions available, such as "check_sender_a_access", "check_client_mx_access", and "check_helo_ns_access" (plus similar variations you can likely think of) that you can use to take action based upon things like the IP address(es) listed in the A RR for the client MTA's hostname, the hostname(s) listed in the MX RRs for the client MTA's IP address, and/or the authoritative DNS servers of the domain name provided by the client MTA during the HELO/EHLO phase.
Imagine a spammer that had hundreds of domain names, all of which used her own DNS servers, jack.ns.example.com and jill.ns.example.com. Using check_sender_ns_access, for example, you can quickly and easily reject all mail where the domain name in the envelope from address uses one of these authoritative DNS servers.
If you get creative, you can come up with some really effective combinations that are actually pretty simple.
Want to block all mail from any domain name that's hosted by Cloudflare? That's simple enough (and doesn't require taking a shower afterwards, unlike when writing Perl).
Just grab the plain-text version of the file that contains the list of Cloudflare's IP address ranges [0], create a CIDR table [1] containing those ranges (followed by a "REJECT"), and add an instance of "check_sender_a_access" to your "smtpd_sender_restrictions" [2].
(Bonus points for taking a couple of minutes to write a shell script that runs once per day from cron, grabs the latest version of this text file, adds " REJECT" to the end of each line for you, and triggers a reload of Postfix if there were any changes to the IP ranges that it needs to know about.)
[0]: https://www.cloudflare.com/ips-v4
[1]: http://www.postfix.org/cidr_table.5.html
[2]: http://www.postfix.org/postconf.5.html#smtpd_sender_restrict...
In the worst case, where you have some unusual, specific need that hasn't been designed for, you can -- quite easily -- easily create your own policy daemon [2] (even in Perl; see the example) and/or milters [3].
> I wouldn't say that. perl is about the best scripting language IMO, and is available on all systems.
Oh, I agree; I was mostly teasing. I first started using Perl c. 1995 (and later, for writing CGI scripts, when CGI became a thing) and it is still the scripting language I reach for 95% of the time for basic sysadmin stuff.
> I wrote my own spam filter because I want to have full control over how I deal with spam, and generally it works very well.
I certainly can't fault you for that. Take a look at the greylist.pl script that ships with Postfix. It is an example of a policy daemon that implements greylisting (not meant for production; for greylisting, use postscreen instead). It's been several years ago but, after looking at that, I was able to implement my first policy daemon (which reached out to a MySQL server) in about 20 minutes and, after some testing, put it into production shortly after that. It's amazingly simple.
I'm not sure what MTA you are currently using but I would certainly recommend looking into Postfix. Back in the 90s, I was a hardcore, bigoted sendmail guy ("Give me sendmail or give me death!") but at some point I started looking into Postfix and have never looked back. Among other things, I manage mail systems at $work (an ISP) and I'm "very anti-spam". I occasionally need/want to do some unusual things policy-wise (WRT accepting or rejecting mail) and Postfix can itself handle 95% of it. For the other 5%, I tweak AMaViS or write my own policy daemons.
N.B.: My personal mail server (currently) runs on FreeBSD, where I use OpenBSD's "spamd" [4] for greylisting. Personally, I prefer and use that over postscreen (it stops upwards of 90% of remote mail systems from even getting to talk to the "real" MTA!) but on my (CentOS) Linux-based mail systems, I now just use postscreen (previously, I had a "standalone" OpenBSD box running "spamd" sitting in front of Barracuda appliances (as a transparent SMTP proxy). postscreen is really simple to get up and running -- and even more so if you're already using Postfix! -- and a very minimal, basic postscreen configyration will stop the majority of "zombies", hijacked PCs, blacklisted hosts, etc., from getting through to your actual SMTP server.
[0]: http://www.postfix.org/postscreen.8.html
[1]: http://www.postfix.org/POSTSCREEN_README.html
[2]: http://www.postfix.org/SMTPD_POLICY_README.html
Equating cloudflare tech with nazi bouncers, and killing. Needing to be used to shutdown sites.
with things like this: >> Cloudflare has built “edge servers” – data centres that store content locally. There are 30 in Europe, including one in London and one in Manchester. The British government cannot regulate the worldwide web, but it could enforce the law in Britain. The anti-fascists at Hope not Hate begged ministers to make Cloudflare’s British operations comply with anti-Nazi legislation.
>> Cloudflare, by contrast, is enabling men who want to kill, not argue.
There was a time when the tech was not easily understood, and the argument of dumb pipes was kind of legit. It seems that time is over, in no small part because tech has not been sticking to their principals (imho).