
The “mail is hard” myth - tambourine_man
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
======
flurdy
A mail server is hard.

Writing applications is hard. Designing a website is hard. Professional work
is hard.

But setting up your initial mail server is not hard. Read some guides (ahem:
[https://flurdy.com/docs/postfix](https://flurdy.com/docs/postfix)), fix a lot
of typos, and you're up an running.

Same with developing the initial version of an application, or designing the
first draft. Not rocket science. Not easy but not that hard for an experienced
person with simple initial requirements.

But what is hard is keeping it running with more and more users, more
requirements and evolving tech and less time to maintain it. Never mind
forgotten skills and less priority.

Mail servers have a special knack for running out of disc space or going down
for some reason only when you are on holiday and can not get online easily.
And you usually only find out after a day or more as you start not receiving
messages but don't really notice it for a while.

Or you friends, family or colleagues using it start complaining that some
random person they are emailing is not receiving their email and you need to
look into it... (Ps. Use DKIM and then DMARC reporting)

If you just want a reliable mail service, just use
[https://fastmail.com](https://fastmail.com). If you want even more freedom
and configurations, do try to set up a mail server. But it is hard. A bit
hard.

~~~
newscracker
> If you just want a reliable mail service, just use...

non-Fastmail options that are a lot cheaper for multiple mailboxes and provide
more, like Posteo, Mailbox.org, Runbox.com, Mailfence, Migadu, etc.

~~~
darekkay
> and provide more, like Posteo

Thanks for mentioning some alternatives, but I've just checked the first
example and it does not support custom domains (which Fastmail does), so it
does not "provide more".

~~~
eikenberry
Hasty generalization. Many of those in that list support custom domains. Only
checking the first and applying that to all is just lazy.

~~~
darekkay
Where did I apply it to everything? To falsify an argument you only need one
counterexample. I'm happy with all the alternatives (as mentioned before), but
I'm not happy with a claim that can be falsified with the first example.

~~~
eikenberry
> To falsify an argument you only need one counterexample.

If you want to apply logic like that, you have to apply it correctly. To
falsify a universal claim you only need one counterexample, but the original
poster never used a universal term (all, never, etc). If it wasn't a universal
claim then you can't apply the rules for universal quantification to it.

More to the point, my comment wasn't attacking your logic, but that you seemed
to dismiss the entire list based on the one example. I didn't see where you
mentioned you were happy with the alternatives and only critical of the one,
if that was the case then I just missed the larger context and I apologize.

------
skrause
I think the biggest pain in hosting your own mail server is getting your
outbound mail delivered into the mailboxes of the large providers without
being marked as spam. Especially if you don't actually send a lot of mail, so
you can never really build up a good IP reputation.

That's why I generally recommend a hybrid setup: Host inbound mail completely
by yourself so that you have full control, but ship off outbound mail to a
trusted relay of a privacy oriented provider. For example
[https://posteo.de/en](https://posteo.de/en) doesn't filter any outgoing
messages by sender, so you can send mail from your own domains. Your local
Postfix can DKIM sign your mail before sending them to Posteo and if you add
include:posteo.de to your SPF record all your mail will be DKIM signed, SPF
authenticated _and_ coming from a reputable IP, so all your deliverability
issues will be gone.

~~~
ogoffart
> I think the biggest pain in hosting your own mail server is getting your
> outbound mail delivered into the mailboxes of the large providers without
> being marked as spam

Why do you think that? The article mention exactly this could just be a myth
that perpetuates because people repeat it without actually trying it.

In fact, I used to think exactly like you when I originally set up my personal
mail server and opted for the hybrid setup you suggest. However, when the
third party service I used to send mail shut down a couple of years ago, I
quiclky set up outbound mail on my own server. None of my emails are
considered as spam, and I haven't touched the mail configuration since.

~~~
baobabKoodaa
> None of my emails are considered as spam, and I haven't touched the mail
> configuration since.

Sounds like you never actually tried to measure the delivery rates of your
outgoing email. No email server is actually able to get 100% of its outgoing
mail past spam filters.

I've ran my own email server for a few years and I can confirm that the
article is making false claims. It's incredibly difficult to deliver email as
a low volume sender. The article falsely claims that it's not difficult and
that people simply haven't tried it. Well guess what, I did try it - for years
- with countless hours sank into it.

I wrote a blog post documenting my numerous, unsuccessful efforts to get my
email delivered. I wish people would stop spreading these baseless falsehoods.

[https://www.attejuvonen.fi/dont-send-email-from-your-own-
ser...](https://www.attejuvonen.fi/dont-send-email-from-your-own-server/)

~~~
com2kid
Gmail occasionally classifies the random email from YouTube as spam.

Given that, 100% delivery rate seems like a dream.

------
leepowers
Email is hard across time. Meaning yes, I can setup a mail server, and yes I
can configure DKIM+SPF, and yes I can initially get good delivery to all the
major providers. But that's just the beginning. Email is an ongoing
maintenance responsibility. And problems with mail delivery are almost always
an emergency for yourself or your clients.

Nothing quite matches the gut punch of being on time for a deadline then
having to push it back to troubleshoot mail problems. Or losing a weekend
because while you know enough to get started your experience isn't deep enough
to fix deliverability problems in a timely manner.

> I work on an opensource SMTP server. I build both opensource and proprietary
> solutions related to mail. I will likely open a commercial mail service next
> year.

Translation:

"I am an intelligent guy who works hard. My entire professional career is
devoted to designing and maintaining mail systems. I work full time to achieve
mastery of my craft. Yet I can't understand why people outside my
specialization might find it difficult to do my job."

Email _is_ hard. That's why I'm very happy to outsource mail to experts like
OP.

~~~
cpncrunch
>Email is an ongoing maintenance responsibility.

True, but it is generally fairly minimal.

~~~
wolrah
> True, but it is generally fairly minimal.

That's actually kind of the problem. It's the same thing with phone systems.
Any IT person worth a shit can follow a decent tutorial and end up with a
system that works. Until it doesn't.

What happens when it doesn't is the issue. For a lot of businesses this will
be an immediate critical problem. This is not a great time to be learning by
experimentation.

If these services are not critical then go nuts, but if your business depends
on these services you really want to have someone whose full time job it is to
run them. If your business is not large enough to support having a person's
primary role be administering these systems you should really have a third
party vendor do it for you.

The article is right, you don't have to use one of the big names, but most of
the time it's not a good idea to run your own if you consider email to be a
critical service.

------
klingonopera
Let's see... Postfix, Dovecot, SPF and OpenDKIM on the server-side, each of
them with their own config.

Then you've got to set up your domain, and domain headers on your domain host.
Oh, DMARC is also another thing.

Then, most ISPs will outright refuse to accept incoming mail from your IP
address, since they've basically changed from blacklisting to whitelisting. So
you've also got to relay your outgoing mail via your domain host.

And then spam rules. I took the recommended rules from the
Debian/Postfix/something-something-sorbs.net website, and I rarely receive
email from e.g. eBay, because they've been marked as sending spam. Often
happens with gmail addresses, too.

Despite all this... I still run my own mail server, but hotdamn, you're
calling this _not_ hard?

EDIT: Oh, and nowdays you've also got to entangle your TLS certificates into
the whole process somehow. I managed it, but don't ask me how, I'd need to
read up on that.

~~~
gingerlime
And if you try to host it on Digital Ocean, they actually block port 25 out,
so you're out of luck...

And you have to manage diskspace, backups, firewall/fail2ban, OS updates etc
etc etc

I'm in the same boat as you. Managed to grind my teeth and pull through
something like this for my own use and family, but it was painful.

~~~
muppetman
I run my primary mailserver on DigitalOcean. It seems to work fine. I think
you have to have either your account, or the Droplet, active for 30+ days
before they'll let you have port 25 open.

~~~
gingerlime
Last time I asked they categorically said they won’t open port 25.

I think really old droplets might have had them open though. I guess they
grandfathered these in

------
rpcwork
Managed mail server clusters for years with an ISP. Agreed, too many things
that can break and cause PITA.

However, ‘Hard’ is a subjective term. The deeper you are in a trade or the
longer you have done it, the easier it comes to feel. I visited a family farm
and found it very very hard to squeeze milk outta buffalo. My great uncle
however has dealt with that buffalo that for years and didn’t sweat it one
bit.

In a similar vein, do I really want to tend a buffalo in my backyard, when I
can get the milk I need from a supermarket?

~~~
xrisk
This is a great analogy. Why do more work when you can get the same result
with less effort?

~~~
nocman
Because it is _not_ the same result.

Yes, it is a similar result, but not the same. You give up a lot of control
even using a smaller email service provider -- not the least of which is
direct control of your own email data. Obviously, since it is email, there is
nothing you can do about what others do with emails once they are received on
their end, but it is still nice to have direct control of your side.

The counterpoint, however, remains valid. There is some work involved in
maintaining your own mail server. If you use a provider, you don't have to
deal with any of that -- it's always about tradeoffs. As the article says,
however, maintaining your own mail server isn't as hard as a lot of people
make it out to be. It takes a little of your time, but once you know the few
things you need to do, I find it to not be a big deal at all.

~~~
zaarn
Setting up offlineimap to backup your mail is easy. I run daily backups of my
protonmail account so in the even they decide to do something nasty to my
account, I wouldn't loose more than a day of mail.

~~~
nocman
True, and I use offlineimap for a different scenario where I do not have
control of the mail server. However, it is still not the same level of control
as managing the mail server yourself. I understand why some people don't want
to do that, but again, I don't find it to be much trouble at all.

------
gfodor
Number of times I have had the problem of "email not working for some reason"
since switching to gmail ~20 years ago: zero.

Number of times I had this problem when running my own mail server (and
presumably would have today): non-zero.

There's your entire explanation as to why this is a losing battle. Just _one_
incident of an email delivery problem probably outweighs any privacy risk wrt
using a centralized provider wrt email. That prior could change if there is a
privacy related incident with these providers, but so far their track record
has been good.

~~~
beagle3
It’s true, but it is only half the story. I’ve used a paid provider other than
gmail for 18 years. I occasionally had problems starting a couple of years
ago, and every single one of them was caused by google not delivering a mail
(or marking it spam, which is for almost all practical purposes, not
delivering it).

I eventually caved in and switched to fastmail - and everything is good since
then.

Google is giving you no trouble because the main instigator of trouble these
days is google.

You may find it acceptable to use them with this in mind. I do not.

~~~
gfodor
My point was that running your own server isn't about just getting Hello World
working, its about the fact that you basically are now living in a world where
you will potentially have delivery failures of your email, or incidental
things you need to fix at random. Imagine if this is how your phone worked: on
a given day, you may find yourself suddenly having to learn about why your
phone calls stopped going through, or in general, 0.01% of the time people
can't reach you with no explainable reason. The idea I could wake up on a
random Tuesday and find myself debugging ancient erlang code to diagnose my
phone calls regressing feels no less disastrous than having to read the source
code to my email server if/when it mysteriously stops working.

In any case, this is a argument as to why it's an uphill battle to convince
people that running your own server is an easy endeavor. (Which seemed to be
the point of this post.) It says nothing about switching off of gmail to
another provider as you did, or if the actual burden of running a server is
worth the privacy trade-off for an individual (i'd argue for most it isn't,
but wasn't really the point i was trying to make.)

Switching from Google to another 3rd party provider doesn't eliminate privacy
risk, it shifts around the probability distribution for certain kinds of
events to occur. (Arguably, so does hosting your own server, but hosting your
own server does rule out large classes of failures.)

------
jasode
The "host-your-own-email-server" being "hard" vs "not hard" is an unresolvable
discussion because everybody has a different mental threshold of "hard".

I'm still amused that back in October 2017, a commenter (lucb1e) argued[1]
that I was exaggerating the difficulties of _reliably_ sending email but a
year later in 2019, he confirmed the same difficulties![2]

The discussions in that thread (May 2019) and today's HN thread (September
2019) contradicts author's claim that mail stopped being "hard" 10+ years ago:

 _> Another reason is because it used to be hard a long time ago. [...],
citing the very real difficulties they faced over a decade ago,_

Hosting your own email is certainly not impossible and lots of people are
successfully doing it. (Or they they're actually not successful because their
outgoing emails are sometimes getting silently spamholed without them
realizing it.) In my case, I'd rather expend mental energy on other pursuits
(machine learning, learning Swift language, etc) than constantly worrying
about a personal email server's "reputation health" and then debugging
whatever goes wrong.

[1]
[https://news.ycombinator.com/item?id=15525505](https://news.ycombinator.com/item?id=15525505)

[2]
[https://news.ycombinator.com/item?id=19757607](https://news.ycombinator.com/item?id=19757607)

~~~
swiley
There are also different sets of features people want, some are actually
pretty difficult to set up.

~~~
jasode
_> There are also different sets of features people want, some are actually
pretty difficult to set up._

That's true but I think if we analyze discussions (see this thread and old
threads I cited) of one group of HN experts (email is "not hard") debating
other HN experts (email is "hard"), the most contested issue isn't the
difficulty of advanced SMTP features and enhancements -- it's about _outgoing
sent emails being reliably accepted_.

------
roel_v
It's not 'hard', it's 'a gigantic pain in the ass' which is (in normal word
use) one form of 'hard'. Which is why most sane people stopped doing it
themselves say 15 years ago. Especially for the few cents you can get
professional 3rd party email hosting for.

Edit: I also very much like the disingenuity of articles saying 'X isnt' hard!
Just execute these 20 commands!' Duh, executing those commands isn't the
problem, it's knowing which commands to execute, and the pain of having to
figure out the new commands to execute 4 months later when for some reason
something broke and now 20 people are twiddling their thumbs until you fix it.
Screw that, running email servers is a horrible tedious pain in the ass you
should almost never do yourself unless it's the sort of thing you enjoy (I've
run Postfix, Qmail and Exchange servers from the mid 1990's until mid 2000's).

~~~
the_jeremy
There's also a huge difference between setting up a properly configured server
and actually getting things delivered. The big ones (MS, Google) mark your
mail as spam even with SPF, DMARC, DKIM and the like. Even on the service I
use (purelymail.com) the low volume of mail and the fact that it's less than a
year old means that even when I email them first, the replies are sometimes
marked as spam.

~~~
number6
Running my own for about 2 years now. Spf dMarc and dkim set it is accepted by
all mail providers. I also get daily reports from Google how well it behaves

~~~
acidburnNSA
Same here, except to Charter, who has apparently just blacklisted swaths of
DigitalOcean IPs, probably for some reason. So I just can't email my mom.
Other than that, a great experience.

~~~
scarface74
Except it doesn’t work to send an email to someone who I assume is important
to you - “it’s a great experience”.

Isn’t that an argument for why you shouldn’t run your own mail server?

~~~
acidburnNSA
Well I just have to do the one more step of forwarding the SMTP to sendgrid or
whatever and then it will be top notch. It hasn't been enough of a pain for me
yet to do that next step. I just signal her instead of email.

------
nothrabannosir
In addition to the other comments about what is meant by “hard”, there is a
crucial omission in this article: the failure mode of e-mail deliverability
can be both hard to detect, and extremely costly. I wouldn’t mind hosting a
blog, because worst case scenario I’m offline for a few minutes, pingdom
alerts me, and we’re back. Total cost: some lost blog readers.

If I fail my outbound email setup, it can be months before I realise that most
of my emails have been getting dropped. Total cost: I depend on email for work
and family, so _very_ high.

I used to host my own email. Tested with gmail: delivery was fine. Half a year
later it turns out Hotmail was silently dropping my mails. I felt betrayed,
and learned my lesson: _email is hard._

------
fareesh
Which user demographic is running one's own email server ideal for?

My consultancy handles "all things technology" for multiple small businesses
(sized 1-50 people, located mostly in South Asia). Anecdotally:

A lot of these folks are happily using mybusinesname.accounts@gmail.com and
so-on, but decide to get their own domain for the added veneer of
"professionalism".

Many are happy to use Yandex (1000 users with your own domain for free
@10GB/inbox. Probably not appealing for some Americans given US-Russia
political issues).

Startups/sole entrepreneurs typically come to us after they've purchased a
GoDaddy domain and selected the "Business Email" option upon checkout, so they
just continue using it.

There's a small sample of companies who are willing to pay for Google Apps
because they like Gmail's web UI, and they want the rest of the Apps Suite
too.

We also deal with a lot of local big corporations for project work. They're
almost always using some kind of in-house corporate email system running
Microsoft Exchange Server with a number of different rules like no attachments
over 5 MB and other such silliness.

For us to invest time in setting up a mail server for a customer there would
have to be a very rare confluence of:

a) I don't want Yandex

b) I don't want to pay for Google Apps / Zoho / other

c) (Optionally) I want to send 500000 marketing/transactional emails per day
but I don't want to pay Sendgrid/Mailgun/Mailchimp/SES

To set it up we'd have to establish pricing and SLA. Would I agree that we do
it for less than $5/user/month? Nope!

I can't really see a compelling case to do it unless you're a hobbyist with
strong philosophical perspectives on this topic. Maybe my point of view is
different because of Geography but I doubt things are very different elsewhere
in the world as far as cost/effort is concerned.

~~~
bluedino
Lots of businesses run their own email server. It's not that complicated.

The easiest way to do it is to buy an email server, you can use Exchange or
you can use something like iMail or Kerio.

Install that on a server, get a static IP from your ISP, put the server behind
a firewall, and point your DNS servers for your domain to it. Then generate an
SPF record, and you should be good.

That's how many people do it. As a bonus, you don't need to pay $10/user per
month for hosted mail, or deal with Exchange licenses, but you will probably
want to back the server up from time to time. You even get webmail with it!

The advantage/disadvantage of this setup is that it's now up to you get to get
yourself off spam blacklists and such. When BIG_EMAIL_HOST is having problems,
there's nothing you can do but wait. But with your own servers, you are the
one who gets to email the spam department of BIG_ISP to request removal, and
then there's nothing you can do but wait.

If you know Linux, you can setup Postfix, but I did say 'the easy way'.

~~~
efdee
Setting these things up is not the hard thing. Building reputation, not
getting refused because your subnet neighbour decided to start spamming,
having to deal with BIG_EMAIL_HOST not accepting your emails, bla bla bla.

Setting things up is actually the fun, easy part.

------
acidburnNSA
I have run my own mail server for years. It absolutely was _complicated_ for
me to set up but I loved the process of learning and got it going without too
much trouble. Now I can get mail delivered to nearly everyone, except Charter.
It's been NBD from a maintenance point of view. Spam is all tuned nicely and I
generally don't have to think of it.

E-mail servers are complicated. People with skills and interest can do them,
no problem. It's not overly hard. I agree with that.

But I sure don't go recommending it to my friends who wouldn't appreciate
spending a few days learning and setting all that up.

What I can do, however, is offer them e-mail accounts! So I guess as long as
every group of 50-100 friends has one person willing to run an e-mail server,
then we're all good. Of course, it'd probably be a pain to switch when that
person dies or loses interest.

Maybe we just need to make it really easy to have a email@myname.tld that is
portable and easy to move around.

------
zaroth
To this day none of the mail servers I’ve setup can send to verizon.net.

It’s not “hard”, but there are servers who will not accept a single message
from you, rDNS, DKIM/SPF be damned. And there’s fuck-all you can do about it.

~~~
J-Kuhn
Tell their users "I'm sorry, but there is nothing we can do to send you the
mail - please complain to Verizon."

If enough users complain, they might change their policies. Ehh, wait, we talk
about Verizon here.

Don't bother.

------
tams
Been there, self-hosted my email for more than half a decade, gave up on it a
few years ago for a couple for reasons:

If you are self-hosting the most important authentication fallback for your
online identity, an ill-timed downtime or deliverability problem really hurts.

Your reputation can be affected by neighboring bad actors you have no control
over. For example, SpamRATS punishes full subnets without an actual appeals
process.

From the point of view of a major provider, the same email from your tiny
server is going to have a lower score than one from their system. Encountered
this a lot against Gmail.

And it's a commitment. If you go the self-hosted route, you will need need to
keep up on new security and filtering practices, even if you use a turnkey
solution. You might get bored with this after a while.

------
isoos
This tool needs more attention:
[https://mailinabox.email/](https://mailinabox.email/)

(tagline: "Take back control of your email with this easy-to-deploy mail
server in a box.")

I haven't uses it for a while, but last time I wanted to setup a self-hosted
server for a domain, this came out the best. (I've handed over the task to
somebody else, so no idea how it went.)

~~~
apecat
Long-term vise I think this is a dubious solution to "set up and forget", or
advise people with few resources or limited Linux skills to use.

Mail in a Box makes it seem passably easy to someone with basic skills to get
everything up and running, but then don't support in-place upgrades of the
underlying operating system. This might be fine, but I really hope people
realize what they're getting themselves into.
[https://discourse.mailinabox.email/t/mail-in-a-box-
version-v...](https://discourse.mailinabox.email/t/mail-in-a-box-
version-v0-40-and-moving-to-ubuntu-18-04/4289)

This critique is somewhat shallow, if the backup/restore option is easy
enough. But I just have a hunch there's going to be a lot of non-upgraded
boxes running fullstack-EOL everything.

Of course, a system that does in-place upgrades and then fails is going to
leave no-one any happier either.

I guess that my point really is that appliances requiring "complicated"
upgrades by moving to a new OS install aren't all that mature. But I
acknowledge I have a hard time determining who this product really is for.

------
y42
Last time I installed a mail server was a couple of month ago. I consider
mysql a pro, I feel pretty familiar on command line, working in this busines
as a SysOp and Developer for a couple of decades. But one not just "set up a
mail server". Saying "mail is not hard" sounds kind of cynical to me. You need
to handle more than one setup, you need to consider compatibilities, you need
to make it right, if you want to have a secure and reliable solution.

If your not in the busines of setting up mail servers every day: Mail is hard.
As long as there is no download-and-run-solution for a mail-server: Mail is
hard.

------
tschellenbach
Fun thought experiment. Let's rephrase hard. If you have to hire a team to
manage your email for you, how much would it cost you?

The author of the post just explained how most of his friends think this is
hard. I don't think email is very hard. But the ROI of doing this in-house is
insanely terrible.

~~~
nocman
"But the ROI of doing this in-house is insanely terrible."

^ this is far too much of a blanket statement. I've done it, in house, for
both personal and work purposes. The cost in my time was not very high, and
the ROI was very good.

Obviously there is a much broader range of experiences with managing your own
mail server than many on this thread think there is.

------
zelly
I've done this a couple times, and I think it's sufficiently difficult that if
in the future I were hiring for a Linux sysadmin, I'd have them set up a mail
server (that doesn't get spamfiltered) in less than 24 hours.

I never got spam filtered once DKIM/SPF/rDNS/DMARC were properly configured. I
think _this_ is the myth that Big Email spreads. Linux mail servers are hard,
but getting past filters is actually not hard. Spam filters are really good
today not just in their true positive rate but also their true negative rate.

Given that a lot of services use your email as a 2FA mechanism, I wouldn't
want to use a self-hosted mail server as my _only_ personal mail. You have to
have a good reason[1] to make the time and maintenance commitment.

[1]
[https://en.wikipedia.org/wiki/Hillary_Clinton_email_controve...](https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy#Domain_names_and_email_server)

~~~
donmcronald
Getting past the filters isn't hard. It's impossible.

[https://news.ycombinator.com/item?id=19945846](https://news.ycombinator.com/item?id=19945846)

That's a super high value domain (facebookmail.com) with perfect config
getting filtered as SPAM by Google.

------
zawerf
While the email experts are in this thread, can I get a guide on how to setup
a simple email address @ my own domain?

If you google, most of the top hits are for free mail forwarding using your
domain registrar. I tried this and it was pretty terrible with a ton of
caveats. For example using namecheap you can only receive but not send from
that domain, can't receive attachments, and can't even send an email to
yourself for testing purposes.

I think the easiest way is to pay GSuite $6/month?

~~~
mynegation
Don’t have experience with gSuite, but I use fastmail and very happy with
them. The idea is you go to your registrar or DNS provider and change MX
records to the Fastmail servers (they provide the host names and comprehensive
setup help in their documentation).

------
nashashmi
OT:

Thunderbird org should create/sponsor its own email server software.

That's the way to spur email development by causing development on both sides
of the chain. Sometimes in unison.

And they should also initiate an email service to put their development in
action.

Imagine the innovation that could happen then.

\- Email encryption standards for key acquisitions

\- folders/labels stored as imap keywords

\- large file sending protocol using third party services

\- msg retrieval when email severs experience outages

\- development in mail list servers.

~~~
jcranmer
I disagree. There is next to no code sharing between the server and client
side of email--implementing the server side of the protocol is vastly
different than the client side, and even the server-server versus server-
client sides of SMTP and NNTP are practically different protocols.
Furthermore, Thunderbird already struggles to get enough developers to avoid
compounding on its technical debt; such a large undertaking is simply not
possible with the current manpower.

I'll also point out:

> \- Email encryption standards for key acquisitions

This is basically a standardization problem. I've been involved in at least
one failed attempt at standardization here.

> \- folders/labels stored as imap keywords

The difficulty here is knowing when you can opt-in to this functionality,
which is again basically a standardization process.

> \- large file sending protocol using third party services

Thunderbird already supports this, and has for... 7 years or so?

> \- msg retrieval when email severs experience outages

If I understand this right, this is basically having your MUA duplicate emails
locally... which is what most MUAs do these days (at least on desktop).

> \- development in mail list servers.

What development are you talking about? Mailman is pretty actively developed,
they even had a GSoC project a few years back to add encrypted mailing list
support.

------
dsukhin
I would venture a guess that even the most technically savvy users who _could_
set up their own mailsever now, still flock to "Big Mailer Corps" for the easy
to use mail client filled with useful AI features, etc. and that even in the
presence of an easy alternative to set up their own, will end up forwarding to
their "Big Mailer Corp" of choice that offers them the most efficient user
experience for their workflow.

IMHO, the most important thing missing right now to promote more decentralzied
mail is a cometivtive open source mail (web) app, with a simple UI and a
vibrant plugin system for every use case.

~~~
octorian
> a cometivtive open source mail (web) app

Yes, this is a big deal. So many web applications provided by companies as
"cloud services" are orders of magnitude better than equivalent web
applications you can run on your own damn servers.

~~~
jethro_tell
Which is hardly shocking since they pay a bunch of people to work on it.

------
esotericn
The thing I've always worried about is that to my knowledge there's no ACK for
outbound mail.

The potential impact of one email I send not being received is absolutely
enormous to the extent that certain mails I'd pay a decent amount of money to
ensure delivery, probably more than an actual postage stamp.

~~~
jcranmer
Do you want read receipts or delivery receipts? Both versions exist.

------
supermatt
No mention of RBL? Thats what makes running a mailserver cumbersome - being
put on an RBL because of bad neighbours in your subnet and your emails
silently failing to deliver because of said RBL.

------
awinder
I think I more understood the ethos of where the author was coming from at the
end:

“And by all means, we must not push everyone to use Big Mailer Corps“

which is totally fair. For the rest of the article though, it’s pretty clear
that the author does admit caveats where any business would have to spend time
& money figuring stuff out. And the fact is there is no real cabal of Big
Email, it is such a commoditized industry. As a business you pay a pittance to
protect downside risks, it’s a no-brainer.

------
soheilpro
I don't understand why it has to be so difficult to run a mail server on
Linux, BSD, etc. So many different pieces to set up and configure.

I've been running SmarterMail on a Windows VPS for years and it's been rock
solid. It's just a single Windows service and all the configuration is done
via its web interface.

Why no one has come up with a simple solution like this for Linux/BSD yet?

------
jjav
Email infrastructure is very important for an open and interoperable Internet,
way too important for us (techies) to abdicate it to gmail. That alone is a
good motivator to run your own email services. Of course, there are other
benefits.

"It's way too hard" is a HN meme I've noticed regularly. It's really not, if
you have any tech skills or the willingness to learn.

I set up my email server in two days between jobs in 2011 and it's been
running with minimal attention ever since. I don't have precise numbers, but
to try to give some context I'd say about 2-4 hours a year worth of
maintenance.

Over the years I've expanded it to handle a few more domains (consulting
companies for self and family members). No issues.

To anyone even slightly interested or curious in the technology, just do it.
You'll gain some freedom, gain some experience and help (even if just a grain
of sand) decentralize the Internet. Don't fear the naysayers.

------
calvinmorrison
Work at a email provider. Mail is not "hard", definitely tricky.
Deliverability is a problem, spam is a problem. How do I know? We spend a lot
of time working to improve on our services because of these issues.

In general : computers don't solve the issue of trust. End of story.

------
Aeolun
This whole post is hard. It’s a perfect example of what it is trying to
disprove...

------
ridaj
To all the folks answering basically "yes it's hard" I think the headline is a
bit clickbaity but there are some interesting takeaways... To summarize, (a)
yes it's harder than setting up Big Corp Mail, but (b) a lot of the horror
stories are either old or secondhand, and (c) it's a lot less hard to set up
than it used to be.

If the suggestion is, why not give it a try, one thing I feel is missed is,
how hard is it not just to set up but to run over the long run, when the
technology evolves and you have to keep up, and why would any IT manager or
CIO want to gamble their careers on this?

~~~
klingonopera
What exactly changed in the last ...5? 10? years that has simplified the
process?

~~~
gingerlime
Exactly. I'm curious too. It seems like the author has something up their
sleeves -- OpenSMTPD, apparently. But when I look at the homepage[0], I see a
very typical linux-y man-page-style homepage... A far cry from what I would
consider simple.

There are a bunch of guides floating online for Postfix, Dovecot etc, and some
of them are pretty decent. But they go out of date quickly, or if you want to
do something _slightly_ different, you're on your own... And even if you end
up with a running system, maintaining or enhancing it is a different kettle of
fish. You can't just follow the guide again, you're back to man pages and
usenet mailing lists with some info inside a thread 23 levels deep.

[0] [https://www.opensmtpd.org/](https://www.opensmtpd.org/)

------
lelf
> _but my mails will not reach my users at Big Mailer Corps_

Unfortunately this is not a myth. rDNS/DKIM/SPF/not in any greylists, but mail
from you goes to Junk folder on GMail®, experienced that myself.

~~~
LeonM
It _is_ a myth.

The bigger mail providers (such as Gmail) are pretty strict on checking, and
feedback is fairly limited. Thus, figuring out why you were flagged as spam is
often difficult and frustrating.

There are so many subtle misconfigurations you can make with the way you have
your DNS records set up, but really you need DMARC reports to figure out why
your email is getting flagged.

It inspired me to build my startup :) We have successfully fixed dozens of
email deliverability issues for our customers.

------
gsliepen
My experience with running my own mailservers for the last 20 years: it's
definitely not hard. It's not painless, you need to spend a little bit of time
now and then, and you need to know a little bit more about email than how to
hit "send" in your mail client.

It's annoying that the default settings of almost all mail server software are
suboptimal, but once I set it up correctly (yes, that took some time but
nowadays there are plenty of tutorials) I had to do almost no maintenance at
all. Apart from power failures that were unavoidable, the biggest issue has
been spam blocker lists becoming outdated or going out of service. After that,
the occasional hickup after a dist-upgrade or moving to a different country.
But on average, my mail server is working perfectly fine 364 out of 365.2425
days. And, this is considerably better than the mail servers at the
universities and companies I've worked at. Your Gmail might have given _you_
no problems, but it is not working 100% of the time for everyone either.

So I'd say maintaining your own mailserver is as hard as painting rooms
yourself, or changing the battery or light bulbs of a car. Not everyone wants
to do that, and that's fine. If you're not afraid of it, it's a rewarding
experience.

------
peterwwillis
_" Mail is not hard: people keep repeating that because they read it, not
because they tried it"_

Actually I repeat it because I ran mail servers for years, for personal use,
for small businesses, for large businesses.

It was hard because spam was difficult to deal with, I don't know if that's
gotten easier. It was hard because managing mailboxes, spam boxes, whitelists,
webmail, etc for users was non-trivial. It was hard because occasionally you
would be blacklisted and it took days to un-blacklist you, either from a spam
list, or from a "big provider" because for whatever reason they just didn't
want to take your mail. It was hard because you couldn't just run an open
relay on most ISPs, you usually had to use your ISP's relay, and thus suffer
their own issues; if you used commercial IP space that was less of an issue.
It was hard because it had to be secure, and follow standards. It was hard
because as your own hosting provider, you had to do all the things providers
do: have a stable connection, manage your DNS, do backups, manage
configuration, upgrades, patches.

We're not trying to bullshit you. We did it, and it was hard. Maybe it won't
be for you, or maybe the "hardness" is just fun for you. But it's not a myth.

------
pcamen
In the late 90's I worked for an email server software company. Since then,
almost 20 years now, I've been running my own mail server. I wouldn't say it
is hard so much as a PITA and very time consuming. I spend quite a bit of time
reviewing logs making sure that my server has not gotten hacked or compromised
in some new way.

Over the years, a new exploit type comes along, like backscatter, that I then
have to figure out how to secure my server against. And I'm also very
proactive at reviewing logs and banning IP's against the constant barrage of
probing. I must spend a few hours a week dealing with the mail server.

And then there are periodic "someone isn't getting my mail" problems that I
have to track down, where Yahoo or pacbell.net or some other large mail system
decides that my server is insecure for some reason, despite not being on any
DNS RBLs (which are also sometimes a problem for no good reason).

If it weren't for the fact that I have so much more flexibility and ease-of-
use on my own mail server for setting up many domains and multiple email
addresses, I would move everything to a provider and not manage it myself.

------
earenndil
> Let me tell you a secret: Big Mailer Corps are not worried about you but are
> worried about big senders harassing their users. They do not care about your
> personal server sending a few mails, even if its in the thousands per
> months. What they care about is the infected computers or compromised
> servers flooding their users. What they care about are the marketing
> companies that are literally shitting over them, sending individually
> millions of commercial mails per day, trying to work-around spam filters,
> and that sometimes manage to go for a while without being rejected. Unless
> you are sending hundreds of thousands of mails to them on a daily basis,
> quite frankly and without trying to hurt your feelings, you fall
> waaaaaaaaaaaaaaay below the radars.

This is absolutely not true. A server I had mailed out daily run outputs to
local users, and was also configured to send an email to one of the users'
gmail accounts. I also used that server for personal email, but eventually had
to stop because the daily run outputs got us blocked by gmail.

~~~
rhizome
_the daily run outputs got us blocked by gmail_

Are you sure? How many tens of thousands of daily run outputs were you
mailing?

------
vbezhenar
For me mail is hard because software is convoluted. I need to install for a
minimal usable personal mail server: SMTP server (postfix), IMAP server
(dovecot), DKIM software (OpenDKIM), Spam filter (Spam Assassin). Also I would
likely need to install Procmail for some basic mail sorting. So that's 3 huge
projects and 2 small projects. They need to hook up with each other. I need to
learn configuration files for every of those projects. Add to that dozen of
different DNS things (and, recently, HTTPS thing), that you need to configure.
Also TLS certificates. Well, that's a daunting task for me. Some kind of
simple personal web server software which does it all (may be not for 100k
users scale), runs on low end VPS server (10 MB RAM consumption) and requires
zero configuration for typical use-cases would help a lot.

And, yeah, don't tell me that delivering is easy. I did everything right,
DKIM, SPF, PTR, all those things. No black lists. Gmail still does not deliver
my mails sometimes.

------
commandersaki
A tale of caution for those would-be self hosters: a friend of mine had a
Linux system running mail operations and somehow got ransomwared (theory is
via supermicro IPMI). All the filesystems were encrypted and the console login
banner was changed to an attacker controlled advertisement to a TOR address
for getting the system unlocked. He didn't pay. Logs show there was no data
ex-filtration. But as usual, his backups were a couple months old so he lost a
significant chunk of his email (he used web interface/imap and I don't think
he cached his email locally).

I felt vindicated, giving up self-hosting of email and pushing it towards a
third party provider because I was concerned about backup/disaster recovery
scenarios. When something fundamentally shakes up your life - you might not
have the ability to function well and managing a mail server is a stress you
could live without.

------
nathankunicki
His assessment on how “Big Mail Corps” accept mail is plain wrong from my
experience. When I ran my own mail server, I had SPF, DKIM, rDNS and strict
DMARC setup correctly, and got 10/10’s on mail-tester.com.

Admittedly my main problems were with people on Microsoft hosted emails. They
seem to run some kind of IP address based blacklist-by-default operation. My
emails to Hotmail/Outlook.com users would randomly get either rejected or go
straight to spam.

I went through countless online forms, Twitter conversations with clueless
CSR’s who kept asking me what Outlook client settings I was using, and finding
random people on LinkedIn I could message.

In the end the solution that seemed to work was to reach out separately to
everyone I was sending an email to on Hotmail/Outlook.com and getting them to
explicitly mark my email as not spam. After a while it seemed to take and stop
rejecting/marking my emails.

~~~
tyldum
I run my own, but from time to time large blocks of IP space on Digital Ocean
seems to get put into some blacklist. My solution was to use a fallback
delivery through SendGrid and their free tier (happens rare enough, and my
volume is low). Postfix handles this nicely for me.

------
raintrees
The only "hard" part I find with running my own mail server for the last 25
years is switching platforms.

Deriving a large part of my income by supporting Microsoft software in small
business environments, I have been running Exchange versions all that time. I
have enjoyed Outlook as a primary business tool, and looking at the conversion
strategies to move over to a *nix mail server that will support that client
and the 25 years of horded emails I now store (don't mess with my jokes
folder, dude) has been the most daunting part of it.

Even though I have been on Debian releases as my primary workstation OS for
over 12 years now, I still have virtual Windows sessions to keep using
Outlook. And granted, that also lets me simulate what my clients "see" when I
am assisting.

------
al_form2000
TFA is so wrong on so many levels, I do not even know where to begin with. It
surely does not make me want to rush to test the author's MTA.

Unless he's talking of a one mailbox server, accepting outgoing only from
localhost and somehow endowed with a non residential ip (or good luck with
rdns, rbls, etc.). But that was always trivial, post UUCP era.

Background: I've been running mail servers from 1996, several different MTAs,
for my company and for customers. Getting the thing up and running is not
(very) hard -for a primary MX net facing machine. That's where work begins
though.

My primary MTA is still sendmail, and sendmail.cf was never one of my problems
- I do not have a degree in compilers, whatever that is, and surely I never
read sendmail.cf

------
luxuryballs
I remember a story where a guy had the DNS of his custom mail domain changed
after a malicious actor social engineered his domain name provider. The story
was coupled with the recommendation to use a mail provider for the added
protection that it would in theory be way less likely for their domain used by
many accounts to be hijacked in this way. The guy got really screwed because
once they got his domain and thus his email they could change passwords all
over.

I finally ditched gmail once I realized how politically motivated Google was,
and I also realized that I’d rather have a company owe me the service rather
than using a free one where they could technically disable my email at any
time.

~~~
jethro_tell
I mean for the last part, you can pay for it. Gmail yes but there are others
that are still a product but not Gmail. Fastmail comes to mind.

~~~
luxuryballs
That’s exactly who I went with.

------
jefftk
Another voice saying: I've done my own mail, and it is hard. When my messages
don't get through to the recipient due to my unusual choice of running my own
mail, from their perspective it's as if I never sent the messages.

------
grafelic
And when you finally have a well-running setup, use:
[https://mxtoolbox.com/](https://mxtoolbox.com/) (No affiliation) To verify
you have everything set up properly.

------
locusm
Just like to offer an alternative view to the "if I move to G. Suite all my
problems will go away" myth. Ive had quite a few clients over the years that
have faced deliverability issues on G.Suite with sending IP's being on
blocklists. Google isnt immune to this people. e.g.
[http://multirbl.valli.org/lookup/209.85.208.194.html](http://multirbl.valli.org/lookup/209.85.208.194.html)

------
andrerm
> We can’t let that happen: allowing e-mail to be fully controlled by a small
> set of cooperating multi-million users hosts is just accepting to be
> screwed.

I agree but don't say it isn't hard. It's hard and it's not for everyone but
if you can the benefits are worth it.

Now I don't think having more small mail servers will stop big mail servers
abusing their power but without a significant number not small servers better
just give up.

For the record I do have my mail server on a vps

------
reti
Had been running my own mail server for the last 10 years, doing mail
forwarding for a few friends domain names. Finally just moved all those
domains to mailgun, and it's been great. 10,000 forwarded emails a day, for
free.

To be honest it wasn't that hard doing it myself, but it broke 2-3 times over
that number of years when providers changed their delivery requirements (see
DKIM, DMARC etc). It was never something I enjoyed troubleshooting.

------
kbwt
From a few days ago:

* CVE-2019-11500 : Critical Dovecot and Pigeonhole vulnerability ([https://www.openwall.com/lists/oss-security/2019/08/28/3](https://www.openwall.com/lists/oss-security/2019/08/28/3))

I still run my own mail server, but I hate having to keep up with these
security vulnerabilities which can come up at the most inconvenient time.

------
flas9sd
Setting up and maintaining a mail server is not hard for the initiated, but I
fear is archaic and endangered to be irrelevant as basis for interpersonal
communication beyond a work context. It has its place as identity provider,
able to receive invoices, but this can be subject to change too - and only
newsletters and mailing lists will remain.

------
grobibi
“The configuration reads almost as plain english and a usable configuration
file can actually fit … in a tweet.”

That tweet is way too hard for me.

------
stdcall83
Lately I've been having issues sending mail to Linux kernel mailing list, mail
was just rejected and not sent through Gmail SMTP server.

After countless attempts to fix that or to understand why Google think I'm
spamming I set up my own mail server on DigitalOcean Droplet. I used
mailinabox and the setup was a piece of cake. it works flawlessly now.

------
quotemstr
I've run my own mailserver since the late 2000s. I've never had much trouble
with deliverability. Spam hasn't been a real issue either --- I run with
deliberately light spam filtering because I find the occasional ridiculous
spam email hilarious. (My favorite spam of all time begins "Yes, I am Bernie
Madoff".)

------
jancsika
Here's the difference:

* setting up gitlab ce is easy

* setting up LE certificate is easy

* setting up wordpress is easy

* setting up mail is easy

If at some point in the future any of the first three stop being easy in an
obvious way, there's a whole team of developers who will work hard to restore
easiness.

That's quite different from a blog author shrugging because their
configuration-in-a-tweet is obsolete in three years.

------
AndyKelley
[https://gitlab.com/simple-nixos-mailserver/nixos-
mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver)

I invested 3 hours of time setting it up, $4/month in hosting, and now I have
andrew@ziglang.org as my main email and have never looked back.

------
ethhics
The only issue I had setting up a mail server was sending mail to servers
using some service which blocks my domain. Places like my university and my
work using Proofpoint, for example, seem to only allow mail from large, easily
verifiable domains.

------
jchw
This person keeps saying “Big Mailer Corps” which is extremely annoying.
That’s a really easy way to blame someone without actually calling out either
specific entities or behaviors. I work for what they probably consider a “big
mailer corp” and I wholeheartedly and deeply doubt there is some weird
conspiracy against people running mailservers, it just actually is difficult
and yes some of us really have tried. It’s kind of unfortunate that it’s hard
because I don’t think, for example, you can use a personal gmail with custom
domains, unless you have a separate Google Apps account. Fastmail and
Protonmail do support this, and probably at least a couple other providers.
It’s probably worth the paltry $5/mo that Fastmail charges for the saved time
and effort debugging, updating servers, and fighting spam filters over years.

Disclosure: Google employee. (I do not work on anything related to mail.)

------
morpheuskafka
Is there any reason you can't forward all outgoing mail through AWS SES with a
custom MAIL FROM domain so it looks like it's coming from you? That way you
would have a high reputation IP pool at nominal cost for a low volume.

------
jcranberry
I thought the pain of setting up your email server was doing all the IT stuff
to make sure that it's always working and you're not going to end up losing
all your mail and all that.

------
azinman2
Why would I WANT to run a mail server, regardless if it’s hard or not? I don’t
gain a lot of value, and now I’m on the hook for everything not fun.

------
vogelito
How hard is it to do your email yourself and make it secure?

For example, adding 2FA to your users, monitoring access, spam detection,
etc...?

------
tehabe
I remember that I had to set up sendmail via m4 scripts to use mutt on a local
machine. Those were fun days.

------
fit2rule
Running your own mail server is like having a pet dog. You have to keep it in
good shape, exercise it, feed it well .. chain it up when necessary, clean up
after it and so on. Keep the neighbours kids from stealing it and using it to
deliver drugs, etc.

If you treat it like a pet, it makes it a lot easier to manager. "Oh, did I
forget to check the mail logs this week", and so on..

~~~
MiscIdeaMaker99
I don't see self-hosting email as being any different than any other self-
hosting service. I mean, take "mail server" out of our your analogy above, and
replace it with "web server," and everything still applies.

~~~
al_form2000
No, it does not. Read the thread to know why.

~~~
MiscIdeaMaker99
I've been a sysadmin for 20 years, so I suppose I just see things differently
than you.

~~~
al_form2000
Been a sysadmin for 25 years myself.

~~~
fit2rule
30 years here. Still got my old dogs, through thick and thin.

------
ChrisMarshallNY
Everything is easy to folks that have the time to grok the tech.

I like to write software. I don't like running a Linux server, although I know
that i could learn to be an excellent admin. It's just that every second I
spend learning Linux admin, is a second I'm not spending learning Swift.

So I just use shared hosting for my sites; even though I'm perfectly capable
of running a VPS.

~~~
scarface74
To add to your point, I like writing software, I know how to set up networks,
load balancers, VMs, databases, messaging servers, etc. I have no interest in
doing it or being on call. I mercilessly recommend managed alternatives
anytime I can. I have a manager who was glad to kill our SFTP server and pay
more money for AWS’s managed solution.

He would much rather hand his boss - the founder - a bill than have to explain
why our server went down.

~~~
nocman
That's all great until interruptions in the service you are depending on
interferes with your business getting done (and you can't fix or mitigate the
problem yourself).

Don't get me wrong, if you choose your partners carefully you can make this
work in many (probably most) scenarios, and save yourself some headaches in
the process. But even with the bigger players (like AWS), there is a tradeoff
to handing such things over to someone else. Services aren't always as
reliable and partners aren't always as resposive as they are advertised.

I totally get why people don't want to do such things themselves. I just think
it is important for people to realize that doing so has its own set of
consequences and risks that they should be aware of. I suspect most of the
folks on HN are aware of this, but there does seem to be an awful lot of "it
would be dumb to do that yourself" sentiment here.

~~~
scarface74
_Don 't get me wrong, if you choose your partners carefully you can make this
work in many (probably most) scenarios, and save yourself some headaches in
the process. But even with the bigger players (like AWS), there is a tradeoff
to handing such things over to someone else. Services aren't always as
reliable and partners aren't always as resposive as they are advertised._

AWS is a lot more reliable than almost any in house solution. As far as being
responsive, if you have a business support plan with AWS, you can always reach
live, helpful support. Trust me, being on the Dev side, when I need resources
on AWS, it’s just a click, script, or CloudFormation template away. Getting
resources provisioned through the infrastructure gatekeepers can literally
take weeks.

And just from the CYA standpoint and “no one ever got fired for buying IBM”.
If your colo goes down everyone looks at you crazy and you have a lot of
questions to answer. If AWS goes down and you took the appropriate steps at
least making your infrastructure AZ redundant if not multi region redundant,
it’s going to make news and no one is going to question why you chose AWS.

------
iamgopal
Making your own electric car is easier. But still I wouldn't do it.

~~~
nocman
I realize you are likely using hyperbole, but in my experience managing my own
mail server is trivial compared to the complexity of building your own
electric car.

------
moonbug
Completey ignores any economic argument for making it someone else's problem.

~~~
MiscIdeaMaker99
What argument is that, exactly?

~~~
moonbug
opportunity cost.

------
awinter-py
this article doesn't have the word 'security' in it

~~~
MiscIdeaMaker99
And why does that matter, please?

~~~
awinter-py
I think one of the hard things about operating any server is securing it.

If the author is arguing that 'mail is easy now' you can't make that argument
without addressing the security aspect. I _hate_ google and I still use gmail
because their project zero team is so good.

Big consumer tech companies are finding their own ways to make this argument:
apple with privacy, google with security research, even facebook with
providing better privacy controls, although this isn't in their DNA and
they'll fail. More products are supporting MFA/FIDO now.

If 'mail in a box' etc are going to convince me to self host (which I would
love to do), security is the missing piece.

------
higherkinded
Lasting long against HN-mainpage-level load. That's what's hard.

~~~
Macha
It looks to be a static site generator. It's surprisingly easy to weather that
storm with a simple web server + static sites, it's dynamic sites using
Wordpress etc. that have the most trouble.

------
xrisk
Heres the point though: I want to be _writing_ email, not configuring email
servers.

And if I need a Google/Apple email for usage on my phone, I'd rather just use
that one instead of hosting my own email solution.

This is without even considering the fact that configuring email is not as
trivial as say, setting up a website. And you're never going to get spam
filtering as good as the Big Email corps.

------
notyourday
People do not run their own mail server for the same reason people ( including
the author of that guide ) do not host jquery and bootstrap on their own
servers -- it is not that it is hard, it is that not running their own mail
server or not hosting their own jquery and bootstrap code is easier.

~~~
wolco
Most people drop jquery locally on the server in a js folder. It's probably
the easiest part of the project.

~~~
notyourday
Yet the author of the blog post did not do it, which is a point. It is not
about what is 'hard' or what is 'easy'. Rather it is about what is easiest.

