1. 46
    1. 37

      Having done sysadmin/SRE/whatever work for >10 years at this point, I’ve come to greatly appreciate paying for hosted services.

      I know that I’m perfectly capable of hosting my own email, as I’ve done it before. I’m also confident that I could host my own chat service, wiki, pastebin, k8s cluster, or whatever.

      But all of those things are, to one extent or other, a pain. I ran them because I had a business need to do it myself, and generally supported some number of users who were happy they didn’t have to do it themselves. I was also happy they weren’t doing it themselves, because they got to focus on other things that paid the bills, and I didn’t have to worry about them running into the sharp edges I had already cut myself on.

      I still self-host some things myself, even for personal use. But they’re either things that (a) there isn’t a convenient and trustworthy provider for, or (b) I personally find entertaining to operate. There are plenty of email providers out there, they aren’t that expensive, and email servers do not entertain me. So I pay for email. ;-)

      1. 7

        I’m a (significantly younger) software engineer, and I came to the same conclusion. I’ve hosted my own email. I’ve hosted my own chat, wiki, pastebin, etc. The only ones that I actually like hosting are Gitea and a private IRC server. As a software engineer, knowing how to set up and maintain an email server is really tangential to my normal job expectations, and the cost for paying a decent mail provider (say, Migadu) is probably cheaper if you factor in the time spent * (hourly rate of some kind) + headaches + hosting costs.

        That being said, if you enjoy hosting email, go for it. It’s just not worth it for me.

    2. 22

      I host my server mainly because I like it.

      I think that is like some people do their own table and chairs in their garage instead of buying them.

      O why I cook my food instead of going out. I like servers. I like cooking.

    3. 16

      I switched to fastmail years ago after hosting my own email.

    4. 11

      Like the author I think having your own mail server isn’t worth it in most cases. But I do think it’s useful to have your own domain for email (and using an email service that supports custom domains). This way you’re never locked in to a particular email service because you can easily point your MX record to another one.

      1. 8

        Using your own domain has its risks too. If you miss a renewal payment, perhaps due to an errant email filter or an unusually long illness, you might lose control of it. Not only is it a major hassle—the new owner gains access to every account that can be reset by email without 2FA (i.e., most of them).

        That doesn’t necessarily mean using your own domain is a bad idea, but after many years doing that I’ve been slowly transferring some eggs out of that basket.

        1. 3

          I have crucial things (such as domains, but also water, electricity, …, phone service) set up with automatic direct withdrawal on a bank account that won’t run dry anytime soon. Not worth the hassle to check every invoice on those before the fact, especially since, given that they maintain crucial things, I took some care to choose providers I think I can trust with that as much as I can trust with them providing a reasonable service.

        2. 2

          That’s a good point. I have a yearly reminder in my calendar and have auto-renewal enabled, for me that’s good enough. I wonder how mail providers handle this actually. If someone stops paying for their account and it gets deleted, can someone else register using that same email?

        3. 2

          Most registrars will give you a reminder (or several) a few weeks before your domain expires. Assuming you keep up on that inbox (you should), it’s not too difficult. Many will park the domain for a time period after it expires too to prevent scalpers. Obviously if you’re super out of commission for a month, you probably have other things to worry about than your email.

    5. 6

      It is simple (and cheap) to run your own mail server, they even sell them pre baked these days as the author wrote.

      What is hard and requires time is server administration (security, backups, availability, …) and $vendor black-holing your emails because it’s Friday… That’s not so hard that I’d let someone else read my emails, but YMMV. :)

      1. 8

        not so hard that I’d let someone else read my emails

        Only if your correspondants also host their own mail. Realistically, nearly all of them use gmail, so G gets to read all your email.

        1. 4

          I have remarkably few contacts on GMail, so G does not get to read all my email, but you’re going to say that I’m a drop in the ocean. So be it.

          1. 4

            you’re going to say that I’m a drop in the ocean. So be it.

            I don’t know what gave you that impression. I also host my own email. Most of my contacts use gmail. Some don’t. I just don’t think you can assume that anyone isn’t reading your email unless you use pgp or similar.

            1. 1

              Hopefully Autocrypt adoption will help.

              1. 2

                This is the first time I’m hearing of Autocrypt. It looks like just a wrapper around PGP encrypted email?

                1. 1

                  This is a practice described by a standard, that help widspread use of PGP : by flowing the keys all all around.

                  What if every cleartext email you received did already have a public PGP key attached to it, and that the mail client of everyone was having its own key, and did like so: sending the keys on every new cleartext mail?

                  Then you could answer to anyone with a PGP-encrypted message, and write new messages to everyone encrypted? That would bring a first level where every communication is encrypted with some not-so-string model where you exchanged your keys by whispering out every byte of the public key in base64 to someone’s ear alone in alaska, but as a first step, you brought many more people to use PGP.

                  I think that is the spirit, more info on https://autocrypt.org/ and https://www.invidio.us/watch?v=Jvznib8XJZ8

                  1. 2

                    Unless I misunderstand, this still doesn’t encrypt subject lines or recipient addresses.

                    1. 1

                      Like you said. There is an ongoing discussion for fixing it for all PGP at once, including Autocrypt as a side effect, but this is a different concern.

        2. 1

          Google gets to read those emails, but doesn’t get to read things like password reset emails or account reminders. Google therefore doesn’t know which email addresses I’ve used to give to different services.

      2. 4

        Maybe I’m just out of practice, but last time I set up email (last year, postfix and dovecot) the “$vendor black-holing your emails” problem was the whole problem. There were some hard-to-diagnose problems with DKIM, SPF, and other “it’s not your email, it’s your DNS” issues that I could only resolve by sending emails and seeing if they got delivered, and even with those resolved emails that got delivered would often end up in spam folders because people black-holed my TLD, which I couldn’t do anything about. As far as I’m concerned, email has been effectively embraced, extended, and extinguished by the big providers.

        1. 4

          This was my experience when I set up and ran my own email server: everything worked perfectly end to end, success reports at each step … until it came time to the core requirement of “seeing my email in someone’s inbox”. Spam folder. 100% of the time. Sometimes I could convince gmail to allow me by getting in their contact/favorite list, sometimes not.

          1. 1

            I wonder how much this is a domain reputation problem. I’ve hosted my own email for well over a decade and not encountered this at all, but the domain that I use predates gmail and has been sending non-spam email for all that time. Hopefully Google and friends are already trained that it’s a reputable one. I’ve registered a different domain for my mother to use more recently (8 or so years ago) and that she emails a lot of far less technical people than most of my email contacts and has also not reported a problem, but maybe the reputation is shared between the IP and the domain. I do have DKIM set up but I did that fairly recently.

            It also probably matters that I’ve received email from gmail, yahoo, hotmail, and so on before I’ve sent any. If a new domain appears and sends an email to a mail server, that’s suspicious. If a new domain appears and replies to emails, that’s less suspicious.

            1. 2

              Very possible. In my case I’d migrated a domain from a multi-year G-Suite deployment to a self-hosted solution with a clean IP per DNSBLs, SenderScore, Talos, and a handful of others I’ve forgotten about. Heck, I even tried to set up the DNS pieces a month in advance – PTR/MX, add to SPF, etc. – in the off chance some age penalty was happening.

              I’m sure it’s doable, because people absolutely do it. But at the end of the day the people I cared about emailing got their email through a spiteful oracle that told me everything worked properly while shredding my message. It just wasn’t worth the battle.

      3. 3

        That’s not so hard that I’d let someone else read my emails

        Other than your ISP and anyone they peer with?

        1. 2

          I have no idea how bad this is to be honest, but s2s communications between/with major email providers are encrypted these days, right? Yet, if we can’t trust the channel, we can decide to encrypt our communication too, but that’s leading to other issues unrelated to self-hosting.

          Self-hosting stories with titles like “NSA proof your emails” are probably a little over sold 😏, but I like to think that [not being a US citizen] I gain some privacy by hosting those things in the EU. At least, I’m not feeding the giant ad machine, and just that feels nice.

          1. 7

            I’m a big ‘self-hosting zealot’ so it pains me to say this…

            But S2S encryption on mail is opportunistic and unverified.

            What I mean by that is: even if you configure your MTA to use TLS and prefer it; it really needs to be able to fall back to plaintext given the sheer volume of providers who will both: be unable to recieve and unable to send encrypted mails, as their MTA is not configured to do encryption.

            It is also true that no MTA I know of will actually verify the TLS CN field or verify a CA chain of a remote server..

            So, the parent is right, it’s trivially easy to MITM email.

            1. 3

              So, the parent is right, it’s trivially easy to MITM email.

              That is true, but opportunistic and unverified encryption did defeat passive global adversaries or a passive MITM. These days you have to become active as an attacker in order to read mail, which is harder to do on a massive scale without leaving traces than staying passive. I think there is some value in this post-Snowden situation.

            2. 1

              What I’ve done in the past is force TLS on all the major providers. That way lots of my email can’t be downgraded, even if the long tail can be. MTA-STS is a thing now though, so hopefully deploying that can help too. (I haven’t actually done that yet so I don’t actually know how hard it is. I know the Postfix author said implementation would be hard though.)

      4. 1

        I get maybe 3-4 important emails a year (ignoring work). The rest is marketing garbage, shipping updates, or other fluff. So while I like the idea of self hosting email, I have exactly zero reason to. Until it’s as simple as signing up for gmail, as cheap as $0, and requires zero server administration time to assure world class deliverability, I will continue to use gmail. And that’s perfectly fine.

        1. 7

          Yeah, I don’t want self-hosted email to be the hill I die on. The stress/time/energy of maintaining a server can be directed towards more important things, IMO

    6. 6

      A good argument for hosting email is sieve support (or any filtering language), which ironically is a protocol/format aiming portability of filtering across vendors.

      But nearly all paid internet services are built like a walled garden, like everything you can get without investing your time (gratis non-free services, paid services…).

      1. 6

        I’m pretty sure ProtonMail and Fastmail support sieve filters.

        1. 2

          And these are quite good mail providers. :)

      2. 2

        There are a load of things that mail server software can do that most providers don’t expose. For example, postfix can use a different authenticated relay depending on the pair of From address and authenticated user. If you send email from a load of different devices, it’s annoying to have to configure a load of different accounts on each one. It’s easy to forward incoming email to a single account but I’ve yet to see a provider that makes it easy to forward outgoing email so that it automatically goes through the correct relay.

    7. 5

      A user:sysadmin ratio of 1:1 has never been economical for email… not even before so much firepower went into spam. Now the economics are even worse.

      1. 3

        Yeah, I’m always reading about the price. But my email server costs are:

        • 120 EUR for the vserver
        • ~10 EUR per domain, in this case 3 important ones

        per year.

        With only 4 users (and I used to have more) that’s already breaking the price point of a lot of hosted solutions. I’m not actually doing this to save money, but I’m actually saving a little over Fastmail (last I checked) and I could be running on a cheaper box. The hosted Mailcow could actually be a little cheaper, for my case.

        1. 5

          What you didn’t factor into cost:

          • Your time.
          1. 4

            For what an anecdotal datapoint is worth, the last time I had to do any actual administrative work on my mail server outside of the occasional yum update was…[checks etckeeper history]…four years ago. And realistically was maybe 30 minutes worth of work.

            1. 6

              I’ more worried about the time I might have to spend when Google/Microsoft/… decide they don’t like my mails anymore, and I’m left figuring why, racing against the clock.

          2. 1

            True, but I was mostly riffing off the “but it’s cheaper to let someone host it”. Only if nothing goes wrong and you keep on writing tickets and emails or be on the phone with support.

            Of course my time is not free - but I choose to learn about stuff like email and not get too rusty. I actually do get rusty because I realistically don’t touch it for anything than simple security upgrades.

    8. 4

      I have my own email server for nearly years now, one migration, somewhat recently. Once set up it’s barely any work. Email is extremely low maintenance. It hosts both my main personal and main professional email address.

      Never caused any worries. Of course if someone gets ideas like running it on Kubernetes (just a place holder for relatively new, different use case piece of complexity) or something that might be a different story.

      Email is relatively stable. Other than at some point enabling DKIM there wasn’t really anything that changed. Security updates (also rare since it’s stable/old) and that’s it.

    9. 2

      It is always good to try and host a service on your own before moving to a hosted solution. You get a grip of how such a service works in production (even at a limited scale), what it entails to offer some nines of availability and also it gives you enough insight so that when you complain to support about an issue, you can make (more) accurate remarks than it’s not working, or I feel it slow.

    10. 2

      Host your own e-mail, don’t host your own e-mail. Front page ping-pong. There must be more interesting topics than this.

    11. 1

      For work, I’m essentially an SRE. The fact that I don’t have to worry about my own systems makes paying the monthly fee for a managed service a very easy choice.

    12. 1

      How do you prevent self hosted mail from getting caught in a spam filter? I never quite understood how to prevent that.

      1. 6

        Easy, you don’t.

        There’s a lot of stuff you can do to reduce the likelihood:

        • setup DKIM
        • setup SPF
        • ensure DNS is setup (MX record for your domain pointed to your email server, A/AAAA for your mail server set (e.g. if your mail server says it’s name is mail.example.org, an A record for mail.example.org is connected to the IP it’s sending out from), optimally set reverse DNS to match
        • make sure the domain you’re using is clean (not something you normally need to care about of you’re using a domain you’ve owned for ages that’s particularly unique, but could run afoul of a blacklist if you’re buying an aftermarket domain or an available domain that’s changed hands in the recent past)
        • make sure the IP your mail server uses is clean (generally not a huge issue either, but some providers are notorious for having whole IP ranges blacklisted)

        But at the end of the day, Gmail, Outlook(/live.com/Hotmail/MSN), et al. are still gonna think you’re suspicious until they’ve started seeing users interact with you / flag messages you send as “not spam”.

        In my personal experience Gmail is more lenient than Outlook at “first time sender” type stuff, but all the big players generally care just as much about your domain/email server’s “reputation” with them as they do about the technical correctness of your setup.

        1. 7

          I’m going to say that again, and again, and again… That’s an argument for hosting your own email, not against it. Every self-hosted email user giving up and switching to one of the oligopolists is a win for the oligopolists.

          Dropping mail from self-hosted servers is a way for them to get more users (all while often cheerfully accepting spam from hijacked accounts on big services, including their own). Whether they are doing ot intentionally or not doesn’t matter—they are aware of the problem or could easily find out if they wanted to, but they are doing nothing to improve the filters to actually detect spam.

        2. 5

          Something I don’t think gets mentioned enough to go along with the domain part of this is that a lot of the new, hip, trendy TLDs are instant points dinged against you for the configurations of SpamAssassin et al that a lot of incoming mail servers use.

          I messed around with Mail-In-A-Box for half an hour or so on a fresh .space domain one time a little under a year ago and took a peek at a SpamAssassin score test to see why mail to my own Gmail was bouncing (not just getting filtered to spam), and it turns out you can be half done for from the start if you don’t have a domain on a tried-and-true TLD. Even with DKIM etc all configured and clearing SpamAssassin properly, my score was only in range to hit the spam filter instead of bouncing, and it still bounced on Gmail, although that may have had to do with the now-repeated attempts to get through, or maybe some caching of my untrusted status from when DKIM wasn’t set up properly(?). In any case, between IPs, TLDs, and resold domains, it’s wild how easy it is to end up in a situation where there’s nothing you can do about how spam filters see you, even if you’ve never sent spam in your life.

          1. 1

            I had the same issue in the past when I owned arrrgh.pw (I know, it makes a pretty cool email !). Turns out .pw is simply blacklisted in most email filters, and I could never get a single mail delivered. Someone then told me it’s because these TLDs are cheap, and heavily registered for spamming purposes. Big mailers simply spamlist them by default just in case. The advice that came after that was to choose a domain that’s not cheap (~30$/year), and fo with it. I did that, and never had a problem with getting my mails delivered since.

        3. 2

          make sure the IP your mail server uses is clean

          That is why I send my mail through Mailgun for a small mailing list I host privately (ie the VM relays through them).

        4. 2

          In my personal experience Gmail is more lenient than Outlook at “first time sender” type stuff, but all the big players generally care just as much about your domain/email server’s “reputation” with them as they do about the technical correctness of your setup.

          True. One thing that helps is to have a GMail sender mail you a few times to your own domain ; or if you have an account there, set it up to forward every email it gets to your personal address. I guess you could do the same-ish with Outlook, etc. Still annoying.

          I once worked for a mail-delivery shop, and both Microsoft and Google provide tools for “professional senders” to monitor their IP addresses reputations, and ensure that the customers’ email blasts hit the inbox. You kind of have to be a pro player to be able to send “bacn” at will, but if you’re trying to share baby pictures with grandma, you’re out.