This is awesome! Charging the exact same price as the registry wholesale price.
NameSilo, as far as I know, comes very close to the registry pricing and offers DNSSEC, nameserver registration and other APIs with the registry.
This could totally throw all registrars out of competition for the price of registry wholesale price. You just have to hope CloudFlare wouldn't overstep their role as a registrar if you only register the domain from them.
I currently use NameSilo. Don't forget they also offer free whois privacy for life.
My only complaint with them is their DNS records are only updated once every 15 minutes.
This makes doing automated API based DNS based LE challenges annoying because you need to sleep your script for 15 minutes to ensure the update got pushed.
Also, I'm surprised Cloudflare omit talking about whois privacy in the blog post. Makes me wonder if they plan to sell that for some amount of money.
We actually didn't talk about WHOIS Privacy because it's becoming less and less of a relevant feature in the post-GDPR world. We do support it, free of charge.
Cloudflare is also the largest authoritative DNS deployment in the world, and changes propagate in closer to 15 seconds than 15 minutes.
I don't have the answer to that yet. On the one hand it's a bit far afield of what we normally do. On the other a lot of people seem to get it from their registrar and rely on it.
The ideal situation would be if we could find a way to do email forwarding which wasn't just as good as what they do, but was exciting and meaningful. We'll keep thinking about it and let you know on our blog.
If you want to blow everyone away then I think you should start with giving free real inboxes for everyone (maybe with some sane limit, or a way to pay per month to increase it), and then introduce email forwarding in the future (because I'm sure some people will still want that feature even with real inboxes available).
If you GA'd with:
~$8 .com addresses, N real inboxes, free whois guard and a top notch DNS record API.
That's a compelling offer and I'd very likely switch from namesilo if that were the case.
To be honest, anything less and I'd stay with namesilo because the 15 minute timer can be worked around by using my web host's name servers (digitalocean pushes updates in a few seconds). I couldn't live without either email forwarding or a real inbox.
It's compelling to you, but managing email infrastructure is a huge burden - users actively spamming, compromised users spamming, RBLs, security, myriad email clients - there seems to be little synergy here with the rest of Cloudflare's infrastructure (DNS + a big proxy stack).
I say this as both someone who worked at a hosting company doing managed email a long time ago, before the industry had consolidated to the extent it has now, and as an ex-employee.
At wholesale registrar pricing, N real inboxes - is that attracting the right kind of users at scale? At least with their current freemium + addons model, it's fairly hands-off, with the hopes of capturing rapidly growing startups in the process. I don't think you can replicate that with email at all.
I mean being able to set up zackbloom@cloudflare.com as a proper inbox that can send and receive mail without forwarding to another email. Having a web interface for it would be cool but I think a lot of people could also configure existing email clients to access it (at least at the start).
Google Suite is something like $5 / month per domain name so offering that as a free feature would be a pretty big deal.
Google Suite starts at $5 per email address per month; I think asking for free email accounts is beyond the product offering of domain registration/renewal.
And they probably want to reserve usage of their domain for email so you know it's a staff member you're dealing with, which is why google gives away gmail.com addresses, not google.com addresses.
Here are three less expensive email options for you:
To be fair he was asking for exciting and meaningful ways to make it better.
> And they probably want to reserve usage of their domain for email so you know it's a staff member you're dealing with, which is why google gives away gmail.com addresses, not google.com addresses.
These inboxes would be for your custom domain that you registered, not @cloudflare.com for everyone. I used that for his because it sounds like he works there.
Yours would be x13@whateverdomainyouregistered.com.
Most places and projects I've worked in the past 10 years or so have used GSuite or similar for inboxes, and Amazon SES or similar for programatically sending email. Those that didn't (shared-hosted websites on CPanel installations seemingly do still exist in 2018) had access to webmail in the hosting panel or as an installable application.
Yeah right now I use email forwarding and SES to send emails (which required setting up an address that belongs to my domain, such as user@exampledomain.com).
In this case I forwarded that email to my gmail account and it all works, but it's not perfect.
In either case, having at least email forwarding or an inbox is essential for a lot of common things you'd want to do on a domain. Forwarding works ok to avoid $60 / year for Google's offerings but has some limitations.
This is coming at it from the POV of just setting up a VPS to host some sites and wanting to accept email from your domain name without paying any more than what the domain cost to register.
I think this use case is super common, especially on HN.
No one thought Let's Encrypt would step up and offer a top tier free SSL solution. If it can be done for SSL, it can be done for real inboxes. :)
Zack, please DON'T waste time on email, focus on security.
The category of customer who consider the flaky email solutions provided by registrars to be worth using, and who are unaware of how to hook their domains up to free forwarding at services such as Mailgun, are unlikely to ever buy your higher-margin services.
Your introduction of at-cost domain registration will already blow everyone away, you do not need email for that, but high-value domain owners will worry that the service will not be sufficiently-resourced to protect their domains. Those are precisely the domain owners you want because they are more likely to end up paying for your other services.
So, try to finally get U2F support in place before you spread your legs for mass domain registration. Real, proper U2F support that encourages users to associate TWO different hardware tokens with their account will save you from the tsunami of domain jacking attempts you are about to experience.
The point of having two different hardware tokens, kept in separate locations, is that it becomes far more unlikely that your support will ever have to deal with them. As long as they can continue to access their account with one, they will have time to buy and associate a replacement.
Meanwhile, any hacker attempting to socially engineer your support would be left with the tough job of having to explain how they managed to lose both tokens at the same time - they won't bother, they will move on to some other registrar that is too dumb to implement U2F.
You save your staff a world of hassle, you protect your reputation from a potential PR nightmare, and the high-value domain owners will be more than happy to bear the $95 cost of two Yubikeys. You just have to make it possible and gently encourage users in that direction.
NameSilo, as far as I know, comes very close to the registry pricing and offers DNSSEC, nameserver registration and other APIs with the registry.
This could totally throw all registrars out of competition for the price of registry wholesale price. You just have to hope CloudFlare wouldn't overstep their role as a registrar if you only register the domain from them.