Posted by agwa 1 day ago
> You can access data from your users' Google Cloud projects by creating a service account to represent your service, and then having your customers grant that service account appropriate access to their cloud data using IAM policies. Note that you might want to create a service account per customer if you need to avoid confused deputy problems.
If you look at most SaaS services, they rarely use a service account per customer. IMO it's no different than any part of your own services where you need to handle multiple customers. Creating multiple service accounts is just overhead.
I gave it a try -- Google offered a free tier vps which was a no brainer. It worked but the ui seemed jank and somewhat confusing. The cost wasn't particularly compelling, so I never deployed. I kept the free tier VPS running for a while to continue evaluation since I value a diversity of services.
However, google charged me like a dollar, and i never saw the charge since i never logged into the webui. I never got an email saying I owe them a dollar so they canceled my GCP access and blacklisted my google account from GCP.
There was a lot of friction here, and the fact that i "feel lucky" I didnt lose my very old gmail account over $1.00 makes me laugh...a very nervous laughter.
I like a lot about google. I cannot depend on google. I use google's AI offering and I am slowly becoming concerned it could affect my legacy email account. Like, everything gets locked and my doctor cannot email me.
Note that doesn't mean you have to do it all yourself, there are plenty of hosting places that you can just configure with your own domain name details.
Some things are still using this email. Hey, I'm not perfect. Sometimes I exceed posted speed limits, too.
Edit: I have to choose a tech giant to get a phone app with decent push notifications as far as I can tell (I haven't scoured the earth for this .... yet) The gmail app is pretty good.
Here are options I can recommend: Proton Tuta Apple (iCloud)
All of these withh be your MX with DMARC/SPF. If you use an android cellphone you'll almost certainly need a google account anyhow. The tuta experience is not as advanced as the others, but is servicable and likely offers better security guarantees than the others. You get a lot of bang for your buck from Proton (personal wireguard tunnel vpn included), and apple is apple.
Simple example - in the early days of Microsoft Office, every new release would cause office confusion. I learned to say "it's the same product, they just moved things around". My conspiratorial sense was that the confusion was intentional to make users feel lost.
I know Google sucks and it’s impossible to get anyone to fix anything, but one thing they don’t do is take arbitrary and capricious action. I don’t want to hear a long sob story. First I want to hear what you did wrong (I suspect you know what you did to get flagged) that caused suspension.
If you use Google at this point for commercial services, you get what you deserve when they nuke your resources (caveat being services you cannot go elsewhere for, like an Android dev account). The evidence is robust they cannot be relied upon as a commercial services provider. Stop. using. Google.
(thoughts and opinions always my own, I am aware and understand in this context OP needs Google Cloud to integrate with customers in Google Cloud, which is very unfortunate, and so their Sisyphus task continues)
My second option would be Migadu, though I've not tried them myself yet (I have zero complaints with Purelymail and will use them for as long as they exist).
Another thing I kind of wanted to try is to run a basic mail server on my own hosts, and send the mail through a provider like Purelymail or something, for full control over storage and backups, has anyone here tried that?
I run mine on a Pi4 no problem whatsoever, but I guess a VPS could also be used, although the scamalytics analysis will show it's a server or an IP shared with an anonymising VPN etc. if it's a shared IP on the host.