Hacker News new | past | comments | ask | show | jobs | submit login

I will never ever use 2FA if it's not via SMS. I just don't care enough to be bothered.



You've never had anybody try to seriously take over the email account you manage domains names with, have you?

(Try owning a domain name with the word "anonymous" in it, and watch the skript-kiddies descend en-mass...)


Well, I didn't (I'm not the OP). I host my own e-mail myself.


I've been forwards and backwards on that one myself many times...

Do you seriously think you're more capable of securing your mail server than Google/Microsoft/Apple?

Is the time/effort you'll spend maintaining it worth the privacy tradeoffs?

How are you dealing with outbound mail? Where are you hosting your email that isn't already on half the spam blacklists already?

(That last one was the killer for me last time I ran a mail server of my own, neither my home ip address, nor any of the Digital Ocean/Hertzner/Linode/AWS vpses I could easily use/afford to make outbound mail connections with were ever trusted by the big email providers. A self hosted mail service that couldn't reliably get mail into the inboxes of 80+% of the people I correspond with didn't end up being of much use... I've ended up back with Gmail and hating myself for it.)


> Do you seriously think you're more capable of securing your mail server than Google/Microsoft/Apple?

I don't know about Apple, I stay away from them.

I also stay away from Microsoft, but I had to go through some of their products in my time, so there's good chance that I'm more capable.

And Google? Extrapolating how they interact[1] with the rest of the world, it's not improbable, too.

[1] Did you know, they were a source for backscatter for several years?

> Is the time/effort you'll spend maintaining it worth the privacy tradeoffs?

Wrong question. The correct one would be: why would I give up access to server logs (yes, I use them sometimes) just to give up my privacy on top of that?

> Where are you hosting your email that isn't already on half the spam blacklists already?

In a place that is not a known spam source? (Yes, this excludes AWS and Digital Ocean.)


>In a place that is not a known spam source?

Examples? Shall we take turns guessing the names of these elusive spam-free providers? Your non-answer reads to me as, "Just don't use any providers that you can actually afford, and you'll be fine!"

(Sorry if this comes across as grouchy--I can't sleep, and I have to get up early tomorrow.)


Well, there are smaller companies with own server rooms that offer VPS-es.

I use one in my country (Poland), and I use it since a little longer than Amazon entered our market. I don't think such a regional provider would be of much use to you, unless it operates in your region, of course.

What my comment boils down to is to avoid big hosting places.


Using proper DKIM/SPF goes a long way in getting your emails accepted by the big providers these days. That + TLS and you're probably going to make it through even from a DO VPS. From what its worth, it seems to me like a lot of the email servers that don't pay attention to DKIM/SPF are also the ones that don't bother worrying about IP blacklists, so even if they don't bother checking you've got a decent chance of making it through, but YMMV.


Not the previous poster, but I run my own server too. I don't think I can secure it better, but I don't think I have to; it's secure enough against automated scanners, and I'm not worth the effort of a manual attack by someone who knows what they're doing.

As for the time, after setting it up and later configuring DMARC, I don't ever touch it. And despite not having almost any volume, I've never had problems getting received by Gmail (though, to be fair, most of my outgoing email are replies, which might help).




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: