
Ask HN: Self Hosted vs. Gmail / Outlook? - zabana
I&#x27;m currently using Gmail and getting more and more worried about my privacy. I&#x27;d like to know my options if I decide to jump ship. Should I setup my own email server ? Or use another less invasive service ? What are your thoughts ? How do you concile email and privacy ?
======
unicornporn
If you're worried about privacy, I hope all your contacts use GPG. Practically
none of my contacts know how to use that. Practically all of my contacts use
Gmail and Outlook.com. That means all of my emails will end up in Google and
Microsofts hands anyway. I'm sure they will build shadow profiles on me
(especially since I'm a former customer, using the same domain alias on my new
host as I did with them).

That being said, I recently switched to
[https://mailbox.org](https://mailbox.org) (they have a very good reputation).
Mainly because I love the web UI it's an awesome service and I get CalDAV and
CardDAV that works beautifully.

~~~
requinard
I found that mailcow is a bit too heavy on the requirements. Instead I've
started using mailcow ([https://mailcow.email/](https://mailcow.email/)) which
runs a mail server in docker.

It's a bit less of a hassle to actually start up and keep maintained.

------
grumph
Setting up your own email server will bring you into the wonderful world of
big email corporations not delivering your emails until you subscribe to their
whitelist with, for some of them, subscription fee.

Back in the time, I had this problem with sending emails from my private
server to yahoo or microsoft (hotmail, live.com, etc...), both refusing to
deliver my emails to their clients as I could be a potential evil spammer.

For the subscription fees, a few weeks ago I saw a price chart for <I don't
remember which company, probably Microsoft> about how much you have to pay
them depending on your situation and how many emails you plan to send to their
servers. Unfortunately I didn't find this page again.

I think the best option is to go for a paid service with a good privacy
policy. It will cost you a lot less in time and probably in money. Also, they
will probably be more reactive than you in case of problem, and more aware
about security.

~~~
sliken
I've heard this before, but I have my own vanity domain, a well run mail
server (postfix), and I I've never had a problem. I do support DKIM, SPF,
DNSSEC, and of course I don't send spam.

I have heard that newly registered domains do have a period before they are
trusted.

~~~
mister_unknown
I can confirm that. It took me a while to get a sane mailserver setup, but
eventually I don't have any troubles with Gmail/MS/Yahoo anymore.

~~~
atmosx
I used to run my own mail server for ~7 years and never had issues. I used
DKIM, SPF, etc and still do although they're problematic with mailing lists...

Postfix before, openSMTPd the last few years.

------
WA
Use a paid service. I use Fastmail. It baffles me every day, how HN is
obsessed with Gmail as if there was no alternative and are willing to trade a
minor improvement in comfort over having every email read, analyzed, indexed,
profiled and put into the Ad machine. I'm also surprised that so many people
use the web client and not a native client with IMAP.

~~~
noja
What are you talking about? HN is full of people pushing Fastmail over Gmail.

~~~
WA
I'm talking about the number of stories about Gmail and their respective
upvotes:
[https://hn.algolia.com/?query=gmail&sort=byPopularity&prefix...](https://hn.algolia.com/?query=gmail&sort=byPopularity&prefix&page=0&dateRange=pastYear&type=story)

Gmail is popular on HN, and probably more popular than all other alternatives.

------
corv
After years of self-hosting I finally switched to
[https://protonmail.com](https://protonmail.com) and I'm much happier for it.

Self-hosting is still possible nowadays but email delivery is an uphill
battle. You can expect to write several major email providers to remove you
from their blacklists even if your address and domain reputation is good.

VPS privacy and security is questionable and dedicated servers are usually
expensive. Hosting SMTP from home is virtually impossible without a VPN to a
"proper" IP.

Are you willing to spend the time to update all parts of your infrastructure
on a regular basis? Are you certain you will keep up to date on recommended
ciphers and protocols?

How is your data going to be secured at rest? If it's encrypted, how are you
going to provide the keys during unexpected reboots?

If you want push notifications, synchronized calendars, contacts and notes you
will need to add another layer of complexity to your setup.

Critics of Protonmail and similar will point out that browser based encryption
is a weakness, however that doesn't change the fact that it is a major step in
the right direction. The battle for privacy is fought in depth, not absolutes.

Protonmail is hosted in a Swiss datacenter, run by a Swiss company under
strict data protection laws. They offer a free tier and a paid one for your
own domains.

If you still want to go the self hosted route iRedMail and Mailinabox both
work well. Sovereign runs too many services - it should really be split into
VMs or containers.

~~~
mycloud
I can second this. I used to selfhost mail and it was a lot of work to keep
up. Nowadays I am also quite happy with protonmail but since I got cloudron
installed for other services, I just enabled mail there and will see how that
goes over the next few months, so far so good. Hopefully I can go back to
email selfhosting through that in the long run.

Also I agree, the privacy implications when using a VPS is still something
worth taken into account.

------
nebulon
Hi, we had similar concerns about privacy and have built
[https://cloudron.io](https://cloudron.io) to solve not only the hassle of
setting up email but also other services where applicable selfhostable options
are available.

The mail server is fully built into the platform itself and automatically
takes care of all the tiny details required to get over the often stated
deliverability issues (SPF, dkim, PTR, ...). So far we have found that many of
the issues described here are not actually a big issue as long as everything
is setup the way those large providers want it to be. The occasional report
from a user about getting blacklisted usually is a matter of submitting the
required form on the providers unlisting site. They do act timely as well in
my experience and the process is not very time consuming.

Overall I was pretty surprised how well it works in the end, given that there
are so many reports about selfhosting email is too complex to deal with.

~~~
type0
Cloudron is the best of its kind, I always recommend it to non-technical
people that need self hosted services.

------
wvh
I have been setting up mailservers since the '90s when you still had to deal
with sendmail's configuration format. I've used most email servers available
on unix platforms. And I'm also someone who wants to do everything myself and
not depend on anybody else if I don't have to. Still, and it hurts me to say
this, it might simply not be worth your time. I use a paid service for my main
mailbox now.

I have a mailserver handling some personal email, but I feel it's too risky
(to take the responsibility) and too much effort to host email accounts for
just a few other people. You can and probably will be every once in a while
blacklisted by one of the big providers or have legitimate email bounce, even
if you have SPF, DKIM, TLS and your own spam filters set up. You also have to
keep an eye on your servers to see if no new filth gets through. And you'd
probably want to keep a backup relay ready. You have to provide ways for the
users to configure or fine-tune their individual spam settings and mark
messages. You most likely want to install a web interface next to the IMAP
and/or POP service, which opens another can of worms.

I feel I'm too old now – meaning I have so many other responsibilities – that
I don't want to babysit something that is after all rather crucial and should
"just work". If you have the energy and time, please go for it, otherwise just
search for a reliable paid service.

Note that assuming privacy when talking about email, even though most protocol
interactions might be encrypted these days, is in my opinion somewhat
misguided. Don't use email if it's truly private. Or use end-to-end
encryption, such as PGP.

There might be a hole in the market for a company that helps geeks host
reliable email servers, for those that want more control than just an IMAP
account with sieve support, but maybe the margins are too low and fighting
spamming subscribers too hard.

------
smnscu
I'm the ex-CTO of Lavaboom, a German startup that did encrypted email. Right
now I'm working on Oakmail, which will be even more radically open and easy to
use. I reckon it will be 2-3 months before we launch an open beta (and of
course you will be able to deploy it any time once it's usable).

[https://oakmail.io/](https://oakmail.io/)

------
daledavies
If you have concerns for privacy, find a paid service you trust.

Hosting an email server yourself is a great learning exercise but you'll be
forever playing whack-a-mole with spam and wondering if your setup is actually
properly secure and waiting for the day you get hacked.

I did this myself for a few years and at one point had very few deliverability
problems, then one day out of the blue I ended up on a black list and started
getting complaint emails. After that it was either rebuild on a new ip address
and start again or choose a paid provider and move on, I did the latter and
opted for Fastmail.

------
mikebos
If you're concerned about privacy, don't use a free service. Pay for it and
the privacy concern usually goes away. If you specifically concerned with US
laws go German: [https://posteo.de/](https://posteo.de/) is a good one to
consider.

~~~
mintplant
How exactly do privacy concerns "go away" when you start paying? Your email is
still readable by a third party.

On the other hand, I can see trusting a paid provider more for reasons of
stability, level of support (in case, say, I lose access to my account), and
continued development (the Gmail webclient has been relatively stagnant for a
while now).

~~~
awendt
It may be readable by them but their life (as a business) does not depend on
the content of your conversations. That's a big difference.

------
felixsanz
If you're worried about privacy check
[https://protonmail.com](https://protonmail.com)

------
akulbe
[http://mailinabox.email](http://mailinabox.email)

Formerly, I'd say maintaining your own email server isn't easy. It was hell
trying to set one up 10-15 years ago. This guy (and the contributors) have
made it about as easy as it can get. I've hosted mail for one of my domains on
a DO droplet, where I set up a mail server with that guide. Been running it
for ~4 years. No issues. Highly recommended.

~~~
jsnathan
In a similar vein there is docker-mailserver [1].

[1]: [https://github.com/tomav/docker-
mailserver](https://github.com/tomav/docker-mailserver)

------
tomw1808
Interesting, I am not the only one. Additionally for me, its also pretty
expensive to host domains for all my startup-ideas on gmail. I know, it's just
$5/user/mo, but if you run 20-30 "fun ideas" it adds up...

So I used a scaleway.com instance and installed
[https://github.com/sovereign/sovereign/](https://github.com/sovereign/sovereign/)

I forked it and made it especially for my own usecase working for the scaleway
VPN
[https://github.com/tomw1808/sovereign](https://github.com/tomw1808/sovereign)

So far I am pretty pleased. I opted against mailinabox because I want to use
the server for other things too and mailinabox strongly suggests against it...

------
richardkeller
I can highly recommend Mail-in-a-Box [1], especially if you're looking for a
solution that is secure, easy to install, and doesn't require any fiddling.
You can host it on a cheap VPS for $5 a month and it'll happily chug along
without any problems.

Deliverability will only be an issue if you land up on an IP address that was
previously abused, so it may be worth checking out the IP address reputation
on DNSBL [2] before setting up Mail-in-a-Box.

Make sure you configure an SPF record for the server's IP address, and then
also set up DKIM and SPF. I have yet to see any deliverability issues using
this setup.

[1] [https://mailinabox.email](https://mailinabox.email)

[2] [http://www.dnsbl.info](http://www.dnsbl.info)

~~~
educar
I find this funny because your own email is on Google apps.

------
crawrey
You may want to consider German-based Tutanota
([https://tutanota.com](https://tutanota.com)) who uses open-source
cryptography, rather than some alternatives such as Swiss-based ProtonMail who
use a combination of open-source and proprietary closed-source cryptography.

Failing that, head on over to
[https://privacytoolsio.github.io/privacytools.io/](https://privacytoolsio.github.io/privacytools.io/)
and check out alternatives and other related information.

------
thesmallestcat
I use GoogleMail behind a custom domain ($50/year) and am quite pleased. I
used to be a FastMail customer but a couple minor outages and weirdness around
billing made me switch a few years ago. Functional "report spam" is a big win
for GoogleMail, and as an apps (or is it "GSuite" now?) customer you don't
have to worry about ads/privacy issues. Don't self-host, I self-hosted
(Postfix/Dovecot) before using FastMail and it was a huge headache between
reasonable spam filtering on the receiving end, and undelivered/spam-marked
emails on the send side, although I learned a lot by self-hosting. Also, it
was hard to pretend I was serious about privacy/security when I was self-
hosting on a box that any Linode admin could shell into as root, especially
after Linode's security dramas. This is not to say that self-hosting cannot be
cheaper and more secure than alternatives, but if you're not a full-time
sysadmin regularly setting up mail hosts, you probably will get something(s)
wrong. I never could silence that voice in the back of my head saying "what if
some really important email couldn't be delivered to/from me?", which was
sometimes right. As others have said, you have to use GPG if you're serious
about privacy, regardless of your email provider. Anyway, for me, $50/year is
a great deal for reliable email with good spam filtering, and being able to
use my personal address/domain for Google Hangouts and Docs is a decent win
for collaboration.

------
hugo19941994
I run Postfix & Dovecot (with SPF, DKIM, DMARC, DNSSEC, TLS) from my home
network with a remote backup just in case it goes down, as well as my own DNS
servers.

I had to ask my ISP to disable some rules on their end and pay a fee to have a
static IP address, but overall it was pretty painless. Though I can imagine
some providers being much worse.

After the initial hurdle of setting everything up in my experience everything
went mostly fine. I had to whitelist my domain on Microsoft's site, but Gmail
and Yahoo worked fine from the start. I haven't had a problem since. My
university teachers receive my email just fine, so did my co-workers before I
was given a corporate email address.

Is it worth it? Maybe not. It was more of a learning experience for me, but I
find it works just as well as any other provider I've used. At least for now.

As others have said there are lots of outdated guides. I found the Archlinux
Wiki and the manpages to be the most useful resources. Also please stay up to
date on the software.

------
CarlHoerberg
Setting up Dovecot (with master-master replication) and Postfix (+
spamassassin, dmarc, SPF) isn't too bad. There's a lot of dated guides out
there though. Stick to the man pages as far as possible.

------
ionised
Running your own mail server is more work than it might seem, especially when
it comes to setting up security and spam filtering and such.

If you want to use another web mail service other than GMail then I can
recommend;

[https://kolabnow.com/](https://kolabnow.com/) (the lite option just gives you
webmail)

or

[https://posteo.de/en](https://posteo.de/en) (very green-energy and privacy
focused

------
coka
If you care about privacy _and_ freedom, check out Kolab Now.

[https://kolabnow.com/](https://kolabnow.com/)

~~~
Yizahi
Can someone share their experience with Kolab Now? I'm almost convinced but
still have some doubts. What about them versus Fastmail? Fastmail is USA based
entity so has their own cons. What about customer service if something go
wrong? Can we report bugs somewhere etc.

I'm not planning to hide from Mossad or NSA, but have some above average
quality and privacy service, not funded by bulk selling my data.

~~~
leejoramo
Fastmail is an Australia based company. The do operate servers around the
globe and have a significant presence in the USA.

[https://www.fastmail.com/about/company.html](https://www.fastmail.com/about/company.html)

I am not implying this is any better or worse for your privacy. I personally
use and trust Fastmail with the security and privacy of my email. However
everyone concerned about such matters should do their own research and decided
based on their own needs.

------
dral
The premise here is thatservices such as gmail or outlook don't respect the
privacy of their customers. Can someone point me to an actual case where gmail
for business (using gsuite) or outlook haven't respected their privacy
engagement ? Or a serious report on that matter ? thanks.

------
madiathomas
I chose Google GSuite to avoid non-delivery of emails which was happening when
I was still on self-hosting. Most emails I send used to be marked as spam and
blocked. Not anymore. Fee I pay every month is very low compared to the time I
used to spend managing my own servers.

------
sigi45
I'm using gmail for my daily use and tried maintaining my own server and it
was too much effort.

I'm a little bit worried what happens when gmail is blocking my account for
whatever reasons, but if, i would create a second own managed mail address
only for accounts.

------
feistypharit
I'm really happy with [https://www.migadu.com](https://www.migadu.com). i just
converted to paid. It's nice to be able to add users and domains without a
price change.

~~~
ac29
One of the small businesses I work with has used them for ~6 months. Way too
many rejected emails and mail server failures for my comfort (about 1%). I'm
probably going to switch soon if the problems aren't resolved. Too bad, the
product and price is perfect for our needs otherwise.

------
smt88
ProtonMail? Fastmail?

~~~
dnh44
I just set up a new domain on ProtonMail. I like it. No IMAP though.

~~~
pbhjpbhj
So it's just browser based, but they do have mobile apps it seems.

Also looking in to it there's a "IMAP bridge" being developed to allow use of
traditional MUA.

~~~
arosier
Currently in beta [https://protonmail.com/blog/bridge-beta-
signup/](https://protonmail.com/blog/bridge-beta-signup/)

------
yuvadam
Pay for a good email service instead of selling your private data to the
advertisement industry. I personally use Fastmail and they are awesome.

------
msh
Setting up your own mailserver and especially maintaining it is a lot of work.

Hosted I would look at fastmail, mailbox.org and proton mail.

