Zoho Mail - a cautionary tale, with a happy ending?

Once upon a time . . . well, around February 2012 (to narrow it down!), I signed up for a Zoho Mail Free account. A short time later, I guess I must have abandoned it and forgot all about it.

Fast forward to the present day, I've had a Zoho paid account for a few months, and I decided to move one of my domains over to this email provider. All proceeded according to plan - domain was verified, DNS records all propagated, and it just remained to create aliases for that domain.

First problem encountered: I created a few new aliases, but when I tried to add another specific alias to my account, I got this warning:

"The email address you have entered belongs to a different deployment/region. Please contact support for assistance."

I looked in my password manager (I still have old databases saved) but could not find anywhere that I had used this domain with Zoho. So, I approached Zoho Support and they gave me a 'rough' indication of the username that the alias had been used. I made a guess at the username and got that right, then I was stumped (of course!) by the password - I made a few educated guesses, but not educated enough! So, the next step was the 'forgotten password?' option. Luckily, I still had the recovery address, and so got the new password - and finally got into the account - the account that I had set up in 2012!

Looking into the Admin Console, I saw that I had deleted the domain in question, but hadn't deleted the alias - and THAT was the big mistake on my part!

Second problem encountered: Now, to get rid of the alias. I tried to delete it, but Zoho wanted me to verify myself using 2FA authenticator code! Hmm, now this IS a problem!

Where would that code be? I must have saved it somewhere!
What phone was I using 13 years ago? I've slept a few times since then, and can't remember.
Would the code be in an authenticator app on that phone anyway? That's the million dollar question!

I was, more or less, resigned to the fact that I wouldn't be able to use that alias in my current Zoho account, but gave it one last try. After further experimentation, the problem was the lack of the authenticator code - whatever I tried, I came up against that brick wall.

Delving further into the account settings, I then looked at the 'MFA Mode' and the 'Authenticator app' option. There was the 'secret key'! I copied that key into my phone authenticator app, and finally managed to complete the deletion of that alias!

Going back into my current Zoho account, I then added that alias - success!

The cautionary tale is: Never abandon a Zoho Mail account if you've attached any own domain aliases to it!

The happy ending?

Well, apart from finally solving the alias problem, I now also had full access to that 2012 account - and that account has 40GB of storage (basic plan of 5GB plus 'Add-on allotted' of 35GB) and 25 licences!

Plus, even though it's a free account, I am able to access my emails using IMAP/SMTP, via my choice of desktop and phone apps.

Now, I need to figure out a use for that old account!

What were once vices are now habits!

This actually refers to the 1974 release of the album 'The Doobie Brothers - What Were Once Vices Are Now Habits'.

It's been over 50 years since that release, and my mind still holds great memories of that album - indeed much music released in that year.

At the time, I worked in the Manchester (UK) City Centre, and had a 'habit' of visiting 'Paperchase' in St. Ann's Square in my lunchtime, and perusing their records on display. I hadn't heard much about The Doobies but I was initially drawn to the album cover artwork - I thought that view of the band on stage was so exciting.

After a few weeks of visiting 'Paperchase' I decided to buy the album, and it was - now thinking back all those years - one of my better purchases.

Luckily, my friends at the time really liked the music and I would play it on the cassette tape player whilst out in my car, and when 'Black Water' started we would all immediately start singing along!

My favourite track on the album is 'Road Angel' - the musicianship is sublime!

Here's a link to 'Road Angel' on YouTube

Enjoy!

Port87 - label powered email

It was recently announced that Port87 was out of beta. I had heard about the service previously but had not signed up to test it.

Here's a link to their website, which will explain their service much better than I could:

Port87 - A new kind of email

Today, I signed up for the free service - Basic Mail - which has 500MB of storage. Note that only covers receiving of emails. If you want to send emails, get more storage, or use your own domain(s), it's at an additional cost. 

Here's the link to their pricing:

Pricing - Port87

When signing up for the service, I had to provide a recovery email address - I used a Gmail address, their verification email was received and verified.

Now for first test - I created a label 'Social' for - guess what? - social media stuff. Next I logged into my Runbox account and sent a test message to 'myusername-social@port87.com'. Shortly after I received this auto-response from Port87:

This address has email screening enabled. Therefore, Port87 needs you to do a one-time verification that you're a real person. If you can see the blue-gray checkmark below, you're all set. If not, you can enable remote images in your email client or click the link to verify your address. Once verified, your message will be delivered.

Verify Address

Port87 uses this verification process to prevent unwanted mail from getting to our users. Until you complete this verification, your message will be on hold. If you don't complete this verification within 60 days, your message will be deleted. We apologize for the inconvenience and appreciate your understanding.

Best,

The Port87 Team

Once I had verified my address, the original email then appeared in my Port87 account. So far so good!

The next test was sending an email to what Port87 calls my 'bare' address - 'myusername@port87.com'. I would prefer to call it my 'default' address, but anyway . . .

This time, sending from the Gmail account that is my recovery email address for my Port87 account. This is where I encountered the first problem. Although I had received the verification email from Port87 when setting up the account, this time I received nothing - nothing in my Gmail inbox or spam folder! That was surprising to me that Gmail did not flag the first email from Port87, and then just silently dropped the second one. Gmail appear to be classing the second email as spam.

So that test failed.

Tried the same thing again, but sending from an email address hosted by MXroute. Again, and the same as Gmail, I got nothing back. It seems that MXroute had dropped the email.

So that test also failed.

One more try, this time sending from a Fastmail account. Luckier, this time, I got a response back from Port87, but it landed in the spam folder. At least I could mark it as 'not-spam' and then it all worked OK from then on. This is the auto-response received from Port87:

It looks like you've emailed my bare Port87 address, myusername@port87.com, which doesn't get through to me. In order to protect against unwanted messages, Port87 requires you to use a special address to email me. Please re-send your email to one of these addresses:

myusername-friends@port87.com

Please use this address if you are a friend or family. 

myusername-inquiries@port87.com

Please use this address if you have a question or request for me. 

myusername-other@port87.com

Use this address for all other reasons. 

myusername-social@port87.com

Please use this address if you are a contact on social media.

The labels for the first three email addresses (Friends/Inquiries/Other) are already in the system, the fourth label (Social) was created by myself, as stated previously.

I've since whitelisted the port87.com domain within my Gmail, MXroute and Fastmail accounts. I've not re-tested those accounts, although that is the logical next step.

Early days, first steps, etc.

Update - November 14th 2025:

I received a message today from Hunter Perrin, the creator of Port 87 - he had seen my blog entry. He advised that, at the time of my testing the product, there was a bug in Port87 preventing the DKIM signing of the auto-responses to bare address emails. He has since fixed the bug, and so it should be working as expected.

I have re-tested again - this time sending from Gmail and Zoho Mail accounts. The verification emails were received as expected in each account.

Result = success!

I asked ChatGPT to create a Google Gmail Script

 

I asked ChatGPT:
Create a Google Gmail script to automatically delete emails older than 7 days that have the label '7-Days'.

Within a few seconds, I got this response:

Could it be that simple, I asked myself?

There's only one way to find out, so I copied the code and went to https://script.google.com for my Gmail account and created a new project, and pasted the code.

Saved and Run, I had to authorise the use of the script.

Following the ChatGPT instructions on how to set up, I created the trigger to run once an hour, and saved that.

I was sceptical about whether it would work, but - and admittedly it's early days yet - the script does appear to work!

Atomic Mail - My Thoughts

I signed up for an Atomic Mail account today, and I thought it may be a good idea to set my thoughts on to my blog.

This first image is the log-on screen:

I've set up my password manager (KeePassXC) for this account. Usually KeePassXC offers to save the login credentials, but it didn't on this occasion - I had to create the entry manually.

After entering my user name (first part of my email address) the password screen appears:

After entering the password, I have enabled two-factor authentication (2FA) so then the 2FA screen appears:

One can choose from either an authenticator code, or a seed phrase to proceed. For myself, I elect to choose the authenticator code, which is generated from my Aegis phone app:

After entering the code, the webmail finally opens:

As you can see, the layout is fairly basic. There is no option to change to a dark theme.

The email view is set as 'conversation view' - I can't see any way to change that.

A good point is that one allowed 10 aliases - a useful addition considering that some providers may only allow a few or none at all. 

The settings options are fairly basic:

There is no option to create filters, although one can manually move emails into different folders. There's no mention of IMAP/SMTP, so I assume that it's not available. I suppose that is comparable to ProtonMail and Tuta - they rely on webmail and dedicated phone apps.

Atomic Mail does have an Android phone app - available on the Google Play Store - but unfortunately I could not get that to work. I suspect that the 2FA is the problem here. I tried to log in using the app - looking identical to the webmail layout, however when I expecting to see a request for the 2FA code that didn't happen - instead it said something like wrong email address or password, and I couldn't proceed.

I suppose I should have tried again, but this time by disabling the 2FA to see it that would work. I may try that again at a later date.

I could log on the webmail account using my phone web browser without problem.

Today was my first time using Atomic Mail - why not try it for yourself?

How to understand DMARC reports

I decided it was about time that I sat down and tried to understand these reports, and I think that I now have a better understanding of the reports.

Below, is the current published DMARC record for one of my domains. The record that I originally had (and which had generated this DMARC report) was to provide an aggregate (rua) report, but I have now changed it to provide only a failure (ruf) report:

v=DMARC1; p=reject; ruf=mailto:dmarc@example.com; adkim=r; aspf=r;

Note, that I have used ‘example.com’ as the domain, instead of my actual domain name.

As for the received DMARC report (in XML format) - that was generated based on my original DMARC record - this is broken down into sections, with a real received example of a RUA (Aggregate) report:



Above is the first section of the report, it contains information about the ISP (here it's kddi.com), their email address, etc.

Next up, it’s the report ID:

 


Followed by the date range:



Use https://timestamp.online/ to convert this: For example:

1731881931 = 17/11/2024, 22:18:51

1731904700 = 18/11/2024, 04:38:20

Next is policy published:



Next is the source (as an IP address) of the sender and how many attempts:



A check of the IP address shows the location of the sender as ‘Lagos, Lagos, Nigeria’.

Next is policy evaluated:

This says rejected - DKIM and SPF both failed.

Next, the domain that was the sender:



And finally, the auth results:



This says that both DKIM and SPF have failed, therefore the email was rejected.

As I did not send the email in question myself, the DMARC record has done it's job and rejected the email as not being legitimate - success!

I don't have any recent DMARC failure reports (in TXT format) to compare with the above aggregate report, but I may update this post when one becomes available.

Finally: Just to say, this is not an expert definitive analysis, but just my rudimentary understanding!

What car do you drive?

I drive a 2018 Hyundai i30. It's a 5-door hatchback, economical to run and insure, and suitable as my daily runabout, but also comfortable on longer journeys. I've owned this car for over 3 years now. I used to change my cars regularly every 2 years or so, but now that I'm retired, I'm holding on to them for longer!

In addition to Cruise Control and Bluetooth, the car has air-conditioning, although I don't often get the chance to use it in Manchester! It also seems to have a 'cloaking' device! It's not mentioned in the car manual, and there appears to be no way that I can find to switch it off. It seems to switch itself on automatically, then I have to be on my guard to watch out for other drivers, who have difficulty in seeing my 'invisible' car, frequently causing me to have to brake hard or swerve to avoid them!

My previous cars were: Austin Cambridge, Vauxhall Viva, Austin Mini Van, Ford Cortina, Opel Manta, Hillman Imp, Austin Maxi, Opel Manta (again!), Triumph 2500, Yugo 45, Ford Capri, Ford Capri (again!), Fiat Uno, Fiat Tipo, Citroen BX, Citroen ZX, Citroen ZX (again!), Peugeot 406, Seat Cordoba, Seat Ibiza, Ford Fiesta, (back to!) Seat Ibiza, Hyundai i30, Hyundai i30 (again!), Kia cee'd, (back to!) Seat Ibiza, Seat Leon, (back to!) Seat Ibiza, Vauxhall Astra, and (back to!) Hyundai i30.