We need to stop using Fastmail as the go-to example of email done right.
They recycle your email address once you stop paying. A great black hat technique is to gather up all Fastmail addresses you can find in the wild and poll them to see when they're available again. Then launch social engineering attacks from them to impersonate the previous user. I found this out the hard way.
Amateur hour. At least DHH has said hey.com locks your email address for eternity, the only right way to do it.
In my book "email done right" is using email addresses on your own domain.
Using @fastmail.com makes no sense to me. If being locked into somebody else's domain is acceptable, then Gmail is a better deal.
And if you still insist on using somebody else's domain, then all bets are off after you stop using that account. First of all because the service provider can always change their policies. Just like how when Yahoo announced in 2013 out of the blue that they'll start recycling usernames.
Fastmail is a paid service, you own that username for as long as you keep paying. The notion that you can take up resources, for free, for all eternity, is only sustainable for big companies like Google. And given how crowded @gmail.com is, I wouldn't put it past them to start recycling in a couple of years.
Using your own domain has the same problem. If you ever stop paying for that domain, or lose it for some other reason, someone else could purchase it and start impersonating your email.
How would you prevent that, everyone only uses a well known email provider domain that doesn't recycle addresses?
If someone takes over a domain they can also get https certificates, reset all their passwords and do all kinds of other things that are related to it if there's no second factor. That's just what you have to accept if you don't renew a domain.
Fairly recently there was a story about somebody getting locked out of their gsuite account because their domain dns was hacked (IIRC) so a custom domain also introduces an additional attack vector.
It's not the same thing, because by paying for it you have a binding contract and can switch providers too. If you don't pay for it, then you don't have a claim on that email address, as the terms of use can change at a moment's notice.
If paying for it is a problem, then pay it in advance for 10 years and setup automatic renewal. Also leave a digital will. You probably want to do that anyway.
In terms of the binding agreement, it isn't any different, except you can can move to different providers whereas if you don't own that domain, the service provider has you by the balls.
I use my own domains but if those expire someone else can gain access to my email? Don't forget that domain names can be valuable and may need to get sold if someone bids high enough.
Ok, so compare to protonmail or tutanota. The point is the price is high compared to other paid email providers. If you want to revolutionize email, you're not going to do it with a proprietary system that costs > $8 a month.
They recycle your email address once you stop paying. A great black hat technique is to gather up all Fastmail addresses you can find in the wild and poll them to see when they're available again. Then launch social engineering attacks from them to impersonate the previous user. I found this out the hard way.
Amateur hour. At least DHH has said hey.com locks your email address for eternity, the only right way to do it.