Running a separate email domain

For as long as I can remember, I have always had my primary email hosted with my Isp, which was @Home at that time. It has become Ziggo since then but luckily they didn’t give up on my @home alias.

I thought it was time for a change and now I’m the proud owner of a domain with a new tld: I’m expanding my broenink domains, so far I own and and now also

There are a few considerations why I decided to go for this new approach. First of all, new tlds are the future. There are appearing new ones often nowadays which is also why I registered already. Google has shown this new tld can be successful by pronouncing their mother company Alphabet on And when you’re choosing a domain for email, why not use email as tld itself, so it’s clear to everyone what it’s used for.

Another consideration for me to not just keep a single email address is for spam reasons. I can now sign up on websites with for example [email protected] for Dropbox. I can use a subdomain as alias so I know where spam mails are coming from. If there is a leak or I am receiving spam from a website I trusted, I can lead it back to that site by proving the from address. And I can block certain domains if I don’t want to receive any mails from them anymore. It gives me full control on which emails I want to receive from whom.

That is the why; now the how. I’m still working things out on how to block certain domains. For now, I have a wildcard cname record in my DNS setting, which allows every subdomain to be accepted by an sending email client. For the email service itself, it would be best to install Postfix with SpamAssassin, but I found this to much of a hassle, so I went for a cloud approach: Zoho Mail. They offer mailing for businesses with a single custom domain for free. And they also support subdomain stripping, which forwards every subdomain to my primary email inbox. So [email protected] gets forwarded to [email protected]. And finally, I don’t have to worry about webmail interface, because Zoho already delivers that. And all for free.

If anyone has a tip or similar (better) approach, let me know at [email protected] !

Edit: I created two scripts to add and remove CNAME records directly into DigitalOcean. They override the wildcard CNAME record and forward mails to, in which Google will answer with a Mail Delivery Failed. This allows blacklisting certain [email protected] subdomains (code is on Github).

r =''+domain+'/records',
 headers={"Authorization":"Bearer "+api_key})