Routing emails. Using google as an IMAP server?

When we set up our email system many years ago normal practice was to have your own domain and redirect your emails to your ISP and then access them via POP, things then moved to accessing via POP or IMAP. Now ISPs tend not to offer email (or it is a free service that they don’t guarantee).
We will be changing ISPs when we move premises later this year.

Its been suggested that we get our emails redirected to free google mail accounts and use IMAP to fetch from there.
Does anyone have experience of doing this?
or other suggestions welcome?
Web mail access that is netsurf compatible preferred.

Our old ISP used to also give us a domain which we have used as a mirror, it would be nice but not essential to have a mirror site.

n.b. A lot of our websites bandwidth seems to be used by robots (often Russian) any way to reduce that?
(I recall reading that they often ignore the robots setting)

Seems the UK is completely different to Germany…over here, we have big, cheap hosting companies like Strato and 1&1 which provide full email services along with domain(s) including the usual “apps” like MediaWiki, Wordpress, Joomla, Typo3, Drupal etc. with one-click-install – the ISPs on the other hand usually don’t offer much beyond the internet connection itself. The hosting companies also offer bare servers if you need more control, but you have a choice of using hosting config tools like Plesk.

Personally, I would never leave email services to either Google or the ISP.

Its been suggested that we get our emails redirected to free google mail accounts and use IMAP to fetch from there.

It’s a possibility. You might wish to think through the GDPR implications, not because it will stop you (necessarily), but because it will give you some pause for thought with respect to your data privacy policy¹.

However, there’s a significant technical reason why “vanity” domains forwarding email to ISP or GMail accounts are a bad idea in these days of DMARC.

First, when your domain host forwards the mail on to GMail or your ISP, if the recipient (GMail or your ISP) is hot on DMARC, looks up the domain on the incoming mail (that of the person emailing you) and compares it to the server which sent it on (your domain host), they won’t match. The email could well get binned, or bounced back to the original sender, because it looks very spammy.

Google are quite hot on requesting DMARC validation, IME.

Similarly, when you send a reply back and spoof your CJE domain address in the mail headers, then if the recipient’s mail provider does the DMARC thing, they’ll compare your email address (your domain host) with the GMail server from which your reply originated. Just as before, if the recipient is running strict DMARC checks, your reply won’t get through.

Google are quite hot on responding to requests for DMARC information, IME.

The correct way to do this – which I’d assumed that a business would already be doing – is to have one or more mailboxes at the place where your domain is hosted (ie. where the website is served from). Incoming mail isn’t forwarded: you collect (via POP3 or IMAP) from the mailbox behind each address. Outgoing mail is routed through the SMTP server provided in the same package. This way, all of the DMARC information matches up, and everyone is happy.

The cost for doing this will depend on the level of service that you’e paying for. At the theatre, we pay in the order of £100/year for “unlimited” mail boxes and webspace on shared hosting. YMMV, but in the end, you get what you pay for².

However, I can assure you that trying to use mail forwarding and address spoofing these days is a recipe for much anguish and many lost emails. Been there, done that and bought three T-shirts (at the theatre, at WROCC, and on my own domain).

¹ You do have one of these, don’t you? I can’t see it on your website?

² And if we’re being honest, £100/year is at the cheap, do your own backups, “what do you mean we claimed triple-nines uptime?”, end of the scale.

Seems the UK is completely different to Germany…over here, we have big, cheap hosting companies like Strato and 1&1 which provide full email services along with domain(s) including the usual “apps” like MediaWiki, Wordpress, Joomla, Typo3, Drupal etc. with one-click-install – the ISPs on the other hand usually don’t offer much beyond the internet connection itself. The hosting companies also offer bare servers if you need more control, but you have a choice of using hosting config tools like Plesk.

Um, no. That’s exactly what we have over here, too. Outside of the RISC OS sphere, I’ve not seen anyone using an ISP email address for many years. That said, those that I know who are not using GMail, Yahoo! or Hotmail because they have their own hosting can be counted on my fingers.

Personally, I would never leave email services to either Google or the ISP.

Me neither… Well, some of my own lesser-used email addresses are routed via my ISP, but not the main ones (and being on fibre, I do have a slightly more tech-savvy ISP).

The correct way to do this – which I’d assumed that a business would already be doing – is to have one or more mailboxes at the place where your domain is hosted (ie. where the website is served from). Incoming mail isn’t forwarded: you collect (via POP3 or IMAP)

We use about twenty email address, our hoster xencentric offers us currently only 10 it would cost more than twice our current charge to get 20 and we don’t need the other extras. It was them who suggested using gmail!

We don’t have a privacy policy on our website. If we did it would say we follow the law! Now there is GDPR There isn’t really much else to say. All the policies I’ve seen recently just seem to rearrange the words of GDPR which looks silly. I’ve signed a number of contracts over the last few years which include a clause that I won’t do anything illegal, to me they look stupid.

Thanks for the tips about DMARC. I don’t think we’d have a problem sending as we’d use xencentrics SMTP server. But incoming sounds like it could be an issue.

We use about twenty email address, our hoster xencentric offers us currently only 10 it would cost more than twice our current charge to get 20 and we don’t need the other extras. It was them who suggested using gmail!

“Twice” could be quite expensive or quite cheap :-)

A price point: Strato offers hosting including 5 domains, 2000 mailboxes with 20000 mail aliases, SSL certificate, 100 GB webspace, unlimited traffic and automatic daily backup for 7 Euros per month. The only limit you’re possibly hitting is that all mailboxes together are limited to 20 GB. 20 Euros per month buys you 100 GB. The 5 domains of course don’t include .co.uk as an option…they are a bit German-centric after all :-)

Strato sound like a bargain. We are on Xencentrics ‘Apple’ plan: https://www.xencentrichosting.uk/billing/cart.php?gid=1

Maybe I need to change my hosting!

We don’t have a privacy policy on our website. If we did it would say we follow the law! Now there is GDPR There isn’t really much else to say.

Not quite. You should detail the personal data that you hold about people, and how you store and use it. That’s why I mentioned it in connection with GMail: you would need to include the fact that incoming mail would be routed via Google’s servers (and probably scanned for content). Doubly so if people are emailing you payment info…

We are on Xencentrics ‘Apple’ plan […] Maybe I need to change my hosting!

Let’s just say that I’ve been looking at internet hosts a lot recently, for various reasons. Xencentric haven’t made any of the shortlists, because they are simply so far out of what else is out there on cost grounds. I could understand if they were super-reliable, but I left them several years ago because in my experience, they weren’t that either.

Steffen’s prices sound sensible, and you’ll find that most of the offerings are in that kind of price area.

Re privacy policy. Good point I’ll get one done.

Doubly so if people are emailing you payment info…

I can’t remember the last time anyone did that. Though it might be a good idea to explicitly tell people not to do so.

I notice that the xencentric Apple plan only offers 10 mailboxes, but it does have Unlimited email aliases. Do you really need 20 mailboxes, or the email addresses that aliases can provide?

Note there may be usage differences, but I use lots of aliases but only 3 mailboxes without problem.

I’ve not seen anyone using an ISP email address for many years.

heyrick, without the year, at the domain of the current outfit that took over from France Telecom (hint – it’s a colour).
Not that I use it for much, mind you.

I mostly use GMail and Yahoo! along with a private address that’s known to maybe ten people.
And my friend’s trials in getting his own email server working right (including such things as SSL, DMARC, and geoblocking) have pretty much guaranteed that I’ll never ever run a mail server off heyrick.co.uk – life’s too damn short for all of that.

Re privacy policy. Good point I’ll get one done.

And if you should decide to route everything through GMail, you’ll need to make it very clear that you are voluntarily handing all communications to a third party that is based in a jurisdiction not known for giving a crap about anyone else’s privacy (or laws). In other words, by definition you cannot honour the GDPR.

Why I point this out bluntly is that if you’re cje at GMail, then it is up to the user whether or not they wish to contact you using a service known for its cute tricks like (autobot) scanning emails to better profile people.
However it is a very very different thing indeed if they email you at sales@cje or somesuch and you forward that to a different service, especially one with an American presence.

France hit Google with a peanuts fine earlier this year: https://www.wired.com/story/eu-privacy-law-snares-first-tech-giant-google/

As you are a business, Chris, please note part f in https://gdpr.eu/article-5-how-to-process-personal-data/ and understand that you cannot comply by forwarding email to a provider such as Gmail, and also note https://gdpr.eu/fines/ has some scary amounts shown. It’s mostly aimed at the likes of Google, but it affects anybody who processes personal data for commercial use.

I think what I’m basically trying to say is… Don’t.

When we set up our email system many years ago normal practice was to have your own domain and redirect your emails to your ISP and then access them via POP,

I don’t know about your setup, but when ArgoNet hosted heyrick, the mail was handled via their servers, but it was addressed to heyrick. There was no redirection, simply their server served my mail as well. If you have a hosting package, it usually comes with email. You can also buy email services, like https://www.ionos.co.uk/office-solutions/create-an-email-address#packages (not a recommendation, just the first thing Google found)

n.b. A lot of our websites bandwidth seems to be used by robots (often Russian) any way to reduce that?
(I recall reading that they often ignore the robots setting)

Depends on how much work you want to do and what your backend is… https://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/

My personal server has a list of IPv4 addresses. Upon receiving a connection, it will look up the address to determine a county code. Certain known countries (IL, BR, RU, CN, PK….) result in the connection being immediately dropped. [hmm, I should probably see about making that available to WebJames too]
I’ve also received hack attempts from DE, NL, AU, and US but they are far fewer and blocking those countries could impact legitimate RISC OS users, so I just let the system take the hit. No, thanks, it’s not what you think it is, go away, nothing to see here… ;-)

PS…

Web mail access that is netsurf compatible preferred.

I doubt you’ll ever get anything with Google in that respect. They bitch like anything if your version of Firefox is more than three hours old!

Chris – you might wish to give Xemik Solutions a call. Mik is a RISC OS user (amongst other things) who offers domains and hosting packages. He uses RISC OS for email himself, so you shouldn’t get any nasty surprises. If you tell him what you want, I’m sure he could sort you out a suitable package. As I read it, his Premier package offers 25 mailboxes, more webspace etc for just 79 per year. I know a few people who use Mik (I’ve got some domains with Mik, but also some with Xencentric and some with Orpheus, and even Plusnet!) and they’ve found him pretty helpful AFAIK.

Alternatively, there’s Richard at Orpheus who I’m sure could tailor something too, but I list him second because I’m sure you’ve already considered / price-checked Orpheus.

I suspect bringing Google into the equation will just make things more complex, and far less predictable, unless you primarily want to access your mail via google products/services (Android phones, gmail website etc).

Edit – please forgive the somewhat blatent ad for Xemik, but he doesn’t tend to self-promote a great deal, and people tend to forget that there’s another RISC OS-friendly hosting service out there.