
Leaving Gmail Behind (2013) - pmoriarty
http://nullprogram.com/blog/2013/09/03/
======
badgersandjam
Don't bother running a mail server. It's hell. I did from 1998 until about
last week. I started running it on a cable modem with an old Compaq desktop,
migrated to a dedicated server (which hosted a load of other stuff) and
finally onto VMs.

I have spent hours getting myself of blacklists after entire IP ranges were
reported. I've spent hours working out why the hell Postfix won't talk to
dovecot on a local socket, upgrading Linux distributions, postfix and dovecot
and being fucked over by config format changes and periodically losing entire
mailboxes to IMAP bugs. Oh and SELinux - hours of it.

The thing that finally killed it for me was Yahoo. My landlord uses Yahoo mail
for comms and Yahoo just decided to stop accepting delivery from my server. It
took a phone call from me asking him why he hadn't sorted something for me and
for him to tell me that he didn't get the email to discover this. So I dredged
through the logs, found an error from yahoo's mail servers saying I need to
hit a web form to prove I was a legitimate sender. So I did that, and nothing,
not a sausage happened. Googling around says I need to wait 6 months before
submitting the request again.

I have no power in this situation. I can't email my landlord. I need to do
business, not piss around with politics.

So in a fit of anger, I blasted my VM on Linode, went to my local supermarket,
bought a Moto G2 in cash to replace my Lumia 630 (which was doing IMAP) that I
just smashed the screen on, signed up for Google Apps free trial and just
moved the domain over to that.

Just can't be fucked with it any more. I run "inbox zero" (i.e. I delete
religiously) so there is no cost for me to migrate.

I don't care if they read my email or shop me to the feds; I'm tired of
herding servers and software these days. A decade ago I could quite happily
spend all day doing it but I have better things to do now.

~~~
derekp7
There is a hybrid approach -- run a local mail server for receiving mail, and
configure your Gmail account set the "From:" address to your domain, and
forward any mail to Gmail to your domain. This way you are still mostly in
control of your mail, but with the sending reliability of a major service.

~~~
glomph
This basically negates half the privacy though. And given most of the mail you
recitative will be sent from gmails servers anyway...

~~~
derekp7
For myself, I'm not too worried about privacy (if I want that I'll use PGP).
I'm more concerned about vendor lock in. Because as long as people are sending
you mail to a domain you own, you can change the sending email provider to any
other one that allows a custom From: address. Now from a practical side, I
currently let Google Apps completely handle my domain's email, but I can yank
it off there at a moments notice if I had to (i.e., if Google decided that I'm
not allowed to host my domain there anymore).

------
jacquesm
I'm trying to imagine an article written in 1996 about someone switching their
email providers. It would be a complete non-event, there were so many to
choose from back then and besides, your own workstation was likely running
sendmail. So here we are in the data silo era, where running your own
mailserver is seen as something as archaic as soldering your own CPU board.

Fortunately I never made the switch. I do have a gmail account (actually, I
have a google account which translates into having a gmail account as well).
The only times I've used it is as a fallback for not being able to send mail
from my own server because the ssh tunnel was unavailable. This happened maybe
twice over the last decade, in both cases I could have avoided the issue if I
had thought about it a bit longer.

So gmail was a way out of the bind, but as soon as that was resolved I used my
trusty old mailserver again. Setting one up and maintaining it over the years
is probably less work than moving out of gmail once you've decided enough is
enough. Cost of switching is _the_ way customer lock in is achieved in almost
any situation, fortunately google make it relatively easy to get your data
out.

Future product: family box. A simple rack mounted appliance a-la synology that
takes care of the data, email, address books and so on of an extended family,
administered by the family computer whiz. With an backup in the cloud via
tarsnap to guard against mishap. A bit like a workgroup server but then
applied to a family or some kind of loosely knit group of individuals.

With the option to migrate from one box to another if you want (and with
forwarding in case you do).

~~~
manachar
In 1996 I'd say most people got their email address through a large
institution and had to change email addresses every time they changed
institutions.

For many that was their work or school email address. For the average folks
that was their ISP. It's one of the huge reasons there are STILL people using
AOL.

Running your own mailserver has always been difficult (depending on your skill
level). Gmail came out and provided people an option for an email address that
was highly portable and accessible.

The family box is a nice idea, but relying on the goodwill of the family
computer whiz is unlikely to provide people with a stable email server.

~~~
digisign
Gmail? Hotmail came out in '96, Yahoo mail not long after.

The opportunity regarding the family appliance, if there is one, is to make it
self-managing.

~~~
tacostakohashi
It's true that Hotmail & Yahoo were available well before Gmail, but pre-AJAX
webmail wasn't fit for serious use - it was more of a backup for people
traveling, or for ad-hoc use, and most email use was from desktop software
(Eudora, Outlook Express, etc).

Gmail was really the first webmail usable as a person's _only_ email address,
lot least because of the 1G storage on offer.

~~~
digisign
Not sure I agree. Webmail has always been usable for normal people, while
power users could and do use a dedicated program. Gmail did bring innovations,
of course, but competitors copied them.

I've noticed Gmail users tend to be unaware of alternatives and always
wondered why that is.

------
conradk
It's interesting to see several posts about people leaving Gmail in the recent
months pop up on HN.

What I don't get about this one is that the author, Christopher, put the email
server on a Digital Ocean VPS. If I'm not mistaken, DO is a US company and the
gov can probably get access to the server's contents as easily as to a Gmail
account.

Of course, if Christopher uses PGP for everything, then the gov would still
have to find a way to decrypt stuff. But PGP doesn't seem to be commonly used
(yet).

I used to have a Gmail account too but switched to Fastmail about 16 months
ago and recently renewed my account for 3 more years. It's reliable and the
web client is crazy fast.

~~~
pmoriarty
1 - Gmail is a much bigger and jucier target than any VPS provider. Though the
bigger and more popular the VPS provider is, the jucier a target it becomes.

2 - Siphoning data from Gmail is much easier for three-letter-agencies than
breaking in to coercing every VPS provider out there. Though the bigger and
more popular the VPS provider is, the more likely it becomes that these
agencies will go to the trouble of spying on them.

3 - Fastmail's servers are in the US.[1]

[1] - [http://blog.fastmail.com/2013/10/07/fastmails-servers-are-
in...](http://blog.fastmail.com/2013/10/07/fastmails-servers-are-in-the-us-
what-this-means-for-you/)

~~~
sandstrom
I wish Fastmail would add servers in Iceland.

They already have a datacenter there, it's fairly well connected (on top of
multiple transatlantic cables), a sensible government and sensible,
transparent judicial processes.

~~~
robn_fastmail
> it's fairly well connected (on top of multiple transatlantic cables)

Not as well as you'd think. We see substantial packet loss to Iceland for long
periods at least once a week, and very occasionally the entire country
disappears from the internet (maybe every couple of months).

Also so far we haven't found a datacentre that we feel we can trust to care
about reliability as much as we do. I've just spent the last four hours
dealing with our entire Iceland presence being taken off the internet because
someone at the datacentre misinterpreted our normal replication load as a
denial of service and blocked the entire thing.

We're trying, but so far we do not have the confidence that we could reliably
provide user-facing services from Iceland, or at least not to the standard
that we do from New York.

------
shocks
I left gmail and ran my own mail server too. It's harder and more stressful
than you think.

After a year I decided I'd had enough and moved to runbox[1]. It's not that
expensive and the peace of mind know I don't have to worry about my mail
server is excellent.

1: [https://runbox.com/](https://runbox.com/)

~~~
geekam
How does Runbox compare to FastMail?

~~~
shocks
Cheaper for me since I have a bunch of domains and aliases.

I'm also happier with the location. Runbox is in Norway and FastMail is in the
USA. I'm based in the UK.

~~~
geekam
Actually, FastMail is an Australian company and subject to Au laws. Although,
I think they do have operations in NY (or maybe NJ).

"FastMail is an Australian company and as such is subject to Australian
law."[1]

[1]
[https://www.fastmail.com/help/legal/privacy.html?domain=fast...](https://www.fastmail.com/help/legal/privacy.html?domain=fastmail.fm)

------
sitharus
I used to run my own mailserver. It was alright, but occasionally I'd screw up
the config and not notice for days, or my auto-update of spamassassin would
fail and I'd get heaps of spam.

I moved to Google Apps when it was in beta, and I was quite happy for a while,
but GMail kept getting worse. I also host my family's email, so when GMail
changed I'd get calls from my mum. I use IMAP clients, so I'd also be as stuck
as her! Replacing all the nice text buttons with icons really doesn't help,
and their spam filtering was getting too many false positives due to others
marking mailing lists as spam instead of unsubscribing.

Finally the new compose view was the last straw. I signed up for Fastmail and
migrated all my email accounts over, and I haven't looked back. Their web
interface is simple and really fast. Search isn't as great as Google, but IMAP
to my mail client sorts that for me. Spam filtering isn't as fancy as GMail,
but I get fewer false positives - I'd much rather have spam hit my inbox than
genuine mail get filtered out.

Plus Fastmail lets you write sieve filters if you're a power user, it's far
better than the half-baked filters Gmail offers.

------
bithush
Running your own server is great until something goes wrong and nothing works.
It is just too much hassle to run your own mail server these days IMHO. Being
blacklisted for spam is a nightmare to sort out and can happen so easily when
you stick you server on something like DO. The control and privacy is nice but
is there really much difference between running your own server on DO and
using Outlook.com or Gmail in terms of privacy?

~~~
shocks
There's always that feeling in the back of your head...

"Why haven't I got a reply yet? Are they busy? ... Or maybe I've misconfigured
something... Maybe it got marked as spam... Maybe my SMTP server is fucked..."

I always found myself using my gmail account for critical stuff...

------
click170
I'm in the process of setting up my own email system but my biggest worry is
incoming spam.

One of the reasons (thee reason?) Gmail is so good at blocking spam is because
they have so many users using them that it becomes very easy to spot spam
campaigns. But I also think it's true that the longer an email address is in
use, the more targeted the spam becomes. Not because some evil script-kiddie
turns his spambot up to 11, but because you'll start to get emails from
legitimate people about things you're not interested in which aren't as easy
to catch in a spam filter.

Another reason Gmail is good at blocking spam is because the answer to "what
is spam" is influenced by every single user who tags a message as spam, or
doesn't tag a message as spam. This is another critical-mass benefit that a
small scale provider can't currently provide.

Given reputation systems and cryptography though, I also wonder if the only
reason some kind of distributed email reputation database / system doesn't
already exist (or isn't more widely known?) is because everyone assumes it
isn't possible.

<pipedream>What if it wasn't you and your email server trying to catch spam,
but you and every other independent server admin who runs their own email
server. When a new email comes in you could check the reputation of the
sender, you could check the reputation on the domain of any links, et al.
Reputations would be signed and you wouldn't immediately trust the reputation
report from new users, and wouldn't even need to trust reputation reports from
email servers controlled by admins you don't know.</pipedream>

Edit: Typo, clarification

~~~
vitd
Couldn't you use your small size to an advantage, though? For example, when I
ran a mail server over a decade ago for a small business, there were a couple
dozen accounts. I would get email attacks that looked like they were being
sent to "a@example.com", "b@example.com", "c@example.com", etc. Anything that
went to these obviously bogus addresses, was spam and could be removed from
the legitimate accounts (and blacklisted, of course). I wonder if there are
other ways you could use the small number of accounts as an advantage?

------
eddieroger
Every time I read one of these articles, I go from optimistic of being able to
switch over to frustrated by the end, both because of the complexity of
setting it up and the end result not looking like something I could give my
parents to run even if I got it set up completely. Why is it that nearly every
other service that runs on the 'net can be stood up in one or two packages and
maybe as many config files?

~~~
mbq
It really is not; my dovecot, opensmtpd and dkimproxy (needed almost
exclusively to ensure delivery to Gmail) config is 45 lines total (with
comments).

~~~
danieltillett
Do you have write up of your set up anywhere?

~~~
mbq
Nah; but here is the config with slightly more comments:
[https://gist.github.com/mbq/7ddbfc2678961e10bb1f](https://gist.github.com/mbq/7ddbfc2678961e10bb1f)

------
gexla
I use Mandrill for domains I don't use much for email. It's great for sending
and you can setup incoming mail. Mandrill has a web hook which can send each
incoming email wherever you like with the info in JSON format. So, I just
setup a simple Ruby app which receives the email info and then writes that
info to maildir format. I have this setup on a VPS and then I read the email
directly from there using Mutt.

Right now I don't have sending setup for anything but through my apps. If I
get something I really need to reply to (rare) I just email with my main
address (setup with Gmail) and mention that this address should be used for
further messages.

With a bit more work and getting outgoing email setup, then I'm sure it would
work fine for my main address as well.

------
chuckcode
Anybody know how much revenue gmail makes per user? I'm pretty sure I'd be
happy to pay that to not have them scrape through my email. I think they have
great services but am turned off by the idea of them owning all of my data as
they are pretty up front about looking through it to sell advertisements
against me. They are also getting really good at sifting through it with all
the latest deep learning neural networks. I'd like to see google open the
business model to include selling me a service up front rather than
incrementally selling my data. Of course, I've been saying this since 1996 and
always have had people look at me odd, shrug and say "but it's free and it
works great".

~~~
cgag
Why not just pay someone else? I'm paying fastmail 40 dollars a year and happy
with it.

------
jrnkntl
I've just setup a box especially for some mail accounts on DO by using
[https://mailinabox.email](https://mailinabox.email) Looks like a pretty
complete package for the job, let's see how it holds up.

------
Animats
Mail through EMACS? Why go to so much trouble?

I have an IMAP mailbox at an ISP, and all my web sites forward to it. The
desktop and laptop machines use Thunderbird, and Android phones speak IMAP
just fine. IMAP has pretty much solved the problem of multiple client devices
accessing the same mailbox, and everybody has good spam filters and lots of
disk space now.

So what do you need GMail for, anyway? Or any webmail system?

------
ajkjk
The only alternatives I will consider to Gmail are other web providers that
take a few clicks to set up and can hold all my email forever.

I know that's not very 'hacker-ish', but, everything this article describes
sounds so utterly unpleasant to suffer. Gmail obsoleted hosting your own mail,
as far as I'm concerned.

------
benbristow
I run my own email server on my VPS that also hosts my site. Works pretty
well.

Got it setup with Virtualmin which auto sets-up ClamAV and SpamAssasin + email
accounts and also installed Roundcube for webmail. Works a charm with any
IMAP/POP3 email client I've tried it with too.

------
general_failure
Gmail has made the email ecosystem much worse than it was. Sadly it just marks
your domain as spam eve if you do ptr, SPF, dkim, dmarc etc. Really sad

------
shmerl
Mykolab is a good alternative.

~~~
pmoriarty
How so?

~~~
shmerl
No data mining (you pay for your service with money and not with your
privacy). It's located in place where privacy laws are taken seriously. It
also offers all the common features like IMAP, CalDAV, CardDAV, WebDAV and
etc. And also has a very good Web interface as an option. And, it's using free
software, not some proprietary closed source platform which you have no clue
about. So by using it you support free software projects. A win win situation
for everyone.

For more details, see:

[https://mykolab.com/faq](https://mykolab.com/faq)

[https://mykolab.com/features](https://mykolab.com/features)

------
dkei
Post should be dated with "(2013)" appendage.

What's with these endless bouts of Google-hate on HN? seemingly if there isn't
anything going on at the moment someone would readily whip something out from
the archives just to keep the Google-bashing going and they will be generously
rewarded with karma.

What have they ever done to you?!

~~~
rayiner
> What have they ever done to you?!

I don't dislike Google, but I think it's a problem that the vast majority of
its users couldn't precisely articulate exactly how Google uses all the
personal data they collect, from documents, searches, e-mails, phone usage,
etc.

And I think it's improper to rely on the "people use Google voluntarily"
canard. It's a classic case of information asymmetry: Google has all the
information about how it uses personal data, and consumers don't. While I
imagine most consumers understand that if they search for "laundry detergent"
Google might show them ads for "Tide," what Google does goes far beyond that
and I think very few people really understand what they are bargaining away in
return for using their services.

~~~
dkei
Is it a Google specific issue though? I mean there is a policy users could
read, they have the dashboard, transparency reports, bug trackers, forums,
blog posts, the works, probably more than anyone else offers.

Also there are the many articles the keep popping up about Google with various
motivations behind them, I think "people" are more "aware" than you give them
credit for.

Also don't you think that data is/are a major part of the functionality of
these products? they operate on data, data collection isn't a side effect but
it's built into the utility of such services almost by definition.

~~~
rayiner
At the end of the day, people don't read privacy policies.[1] They depend on
intuition: if I watch a lot of cat videos on Youtube, I might get ads for cat
products. When your data analysis goes outside the boundaries of what users
would intuitively expect based on their knowing,[2] and voluntary interactions
with your service, then I think you're on shaky ground.

And no, it's not a Google-specific problem. Google is just the face of this
new industry based on privacy-monetization, and the criticism it gets is to be
expected based on its leadership position.

[1] And I think it's wrong-headed to infer consent from inaction.

[2] When you're talking about, e.g., Android, many users don't even realize
they're interacting with Google services.

