Hi, As long as I've been flapping my gums recently asking questions, I thought I'd go ahead and ask another one or two. Pardon my long-windedness, but I thought since these questions are related, I'd ask them together. 1. Would it be correct to say that a Google Apps user is (perhaps) less likely than a Gmail user to find his/her account hacked because the domain used is something other than @gmail ? (I'm thinking that if hackers target users at the 'big 3' providers, they are trying to access accounts that have login credentials at those providers' domains, and that, therefore, someone with their own domain wouldn't necessarily be on the hacker's radar. Hackers would be looking for joe@gmail not joe@joesdomain hosted at GA.) Or, to ask it from a different direction, is there any reason to believe that a domain hosted at FastMail, PolarisMail, Tuffmail, Runbox, etc. is any less likely to be hacked than someone hosting his/her domain at GA ? IOW, does the technology behind the service make Yahoo, Gmail, & Hotmail more 'hackable,' or does the domain popularity make it so ? 2. Re: Google Apps specifically: Let's say someone has a domain hosted with GA and only has 1 user account. So, the sole user is also the administrator. There would be two ways to set this up in an effort to maintain security and minimize or avoid hacking:(a) Have two separate accounts -- one for administration which is never used for actual email correspondence, and one user account that is active for email activity. Or, (b) Have one account (the admin account) with a very difficult, passcode-quality username, which would only be used for login purposes, and then use nicknames (also called 'aliases' -- available only in GA, not in Gmail) for actual email correspondence. In both cases the username of the admin account is (presumably) unknown, because it is never used except for logins. The first option has the advantage that anyone hacking the user account would not have access to the admin account, and the admin can (easily ?) regain control over the user account if hacked. (But what's to stop someone from somehow hacking the admin account directly ?) OTOH, the second option has the advantage that the email address(es) used for emailing are only nicknames and not actual accounts, so, unlike the first option, there is no user account to be hacked into, even though the address may be known. So I'm interested in any opinion on these matters. My apologies again for a long-ish post. Thanks !