Hacker News new | comments | ask | show | jobs | submit login

One little trick that I rarely see mentioned for working around the negative or neutral reputation your MTA's IP might have is that you can route your outgoing emails through another MTA that has a higher reputation. For example route them through smtp.gmail.com (or for other options see https://support.google.com/a/answer/176600?hl=en). It does not mean you have to use Gmail. It does not mean you have to change your MX records. It does not mean you have to use a @gmail.com address. None of that. Your recipients will not even notice you are routing through smtp.gmail.com (unless they inspect the detailed headers). All you need is a Google account and password to authenticate against smtp.gmail.com, and Google will happily route your email to wherever, to any external domains, etc.

Doing this makes you retain all the advantages of running your own MTA: none of your emails are hosted at a third party provider, no scanning of your emails to personalize ads, no government agency can knock at the door of an email provider and ask them for the content of your inbox, etc.

The only downside is that in theory Google can scan and block your outgoing emails (not incoming emails since these hit your MTA directly). But if you don't send spam, this should never happen.

Another option is to route your mail through your ISP's MTA. Yes ISPs usually offer SMTP relay service accessible only from their customer's IP addresses (eg. for Comcast it is "smtp.comcast.net" IIRC.) However the reputation factor of an ISP's MTA might be worse than Google's MTA.

Sending email this way is typically known as smart hosting. https://en.wikipedia.org/wiki/Smart_host. It's a pretty reliable way of sending out email if your IP has a less than perfect reputation. In this instance less than perfect could be something completely out of your hands.

Are you an EC2 user, well there is a black list for those IP's. Are you on a residential connection or a dynamic IP... there is a black list for that also. So you may have a perfectly configured MTA with a pristine IP and still have delivery issues. Using a smart host is perfect in these situations.

It's been mentioned before but part of running your own mail server is the process of learning and tweaking things to your liking. I remember the days when you could run a server on your own home connection on port 25 without any issues - but those days are long gone. A crucial part of every sys admins journey historically has been setting up and configuring a personal use mail server.

You can always run a mail server at home on a port other than 25 and have an upstream email service deliver it to your alternate port.

So if you'd rather not deal with filtering your own spam, or would like a excellent smart host with SPF and DKIM - let me know.

I'll provide commercial spam filtering with backup MX or smart hosting services to any HN user for 50% off from duocircle.com - just message me... running your own is sort of a right of passage.

I use MailGun for this, they have a very easy guide which checks that you've done everything right and they're free for a few thousand messages per month. It's been great for the few years I've been using them (though it's just for light personal use).

I didn't realize this had an actual term.

I've smart-hosted using postfix, direct for incoming and gmail/sendgrid/mandrill (before it was neutered by mail chimp) for outgoing.

It was fairly cost effective - generous free tier (upto 12k emails) for outgoing, and a small vps to host postfix (~$5/month).

I'd like to try this out. Not sure how to PM you, though…

This completely defeats the original purpose of this HN. Why would anyone invest effort in hosting an independent email server to have all its content routed clear-text through Google's servers/databases?

Because your mail will end up at Google anyway? Even if you don't use Gmail, all your friends do.

PGP solves that problem, and yours. Running your own MTA comes at a price. You need a domain, certificates, your ISP needs to not block port 25, possibility of abuse (so separate IP, server, domain, certificates), server which costs money needs to be maintained and draws power and requires space, and another responsibility to maintain. Disclaimer: It is possible containers mitigate some of the above problems. It is also a legacy protocol. Just run PGP on top of it and use any free provider out there. If you don't use that you can assume Google's oversight (the NSA) sees your mail.

I would like to agree with you (it sure is much easier than running a mail server), but isn't the problem that your friends also need to use PGP?

They are talking about MTA output. Mail input and archiving are still important factors.

I personally want to control my input addresses.

Hosting your own you can get funky wildcard postboxen.

Hosting your own you can archive all the mail without 3rd party approval.

I can see the advantage of the small amount of outbound being via someone else.

I have a VPS I use as a smart host.

There is no way that Google is not recording messages sent through smtp.gmail.com.

The only issue with this is Google's sending limit (which I believe is ~500 messages per day, perhaps it's even less through SMTP). That could be bad if you wish send an opt-in email newsletter, for example. Also, Google passes the X-originating-IP header on all mail sent through its SMTP servers (at least it did the last time I tried this), which can easily be a one way ticket to the spam box for all of your outgoing emails.

Huh..never thought of this. I run my own e-mail server on a Linode. I have constant trouble not being classified as spam. I did a whole post on it:


The sad reality is, I'm thinking of moving my e-mail back to someone else. It might be Fastmail, might be Amazon. Running my own e-mail server is a pain and I hate having to send people a message on Facebook or Reddit saying, "I sent you an e-mail. Check your spam folder."

If I route my e-mail through Gmail's SMTP server as a relay, that shouldn't affect my DKIM/SPF stuff right? I'd just have to change SPF/DMARC to say gmail is allowed to relay messages for me, correct?

I did a similar thing 2 years ago and chose Fastmail. Their web-app is best of breed ex google -- unfortunately, the honest truth is nothing is as good as gmail web + gmail apps + google cal.

Fastmail does have more issues -- lack of fit and finish, their web app is sometimes buggy, their spam detection is buggy, it's imap, the lack of gmail style conversations being the fundamental unit of work in the app shines through sometimes, the gmail app on android does not interact well with fastmail, etc. However, they have recently fixed my biggest complaints: charging 11 cents per sms message to do 2fa and their rules interface looking like it was written as a my-first-javascript project. So it's actively improving. I like it enough that I recently re-upped for another two years.

They do enjoy one big advantage over google besides privacy: tech support! Like a human, that reads and responds to issues submitted through their site! I've contacted them twice with questions about setting up my domain and one other thing and I got replies, from someone who knew what she/he was doing, within an hour each time!

Also, they will do a catch-all address (eg xoxo@xoxo.com) which receives email from every address not specifically defined. Thus you can implement the best anti-spam technique: every email you give out is domain@xoxo.com which forwards to you@x0x0.com so you can tell exactly who sold or leaked your email address. eg latimes@x0x0.com was sold all over the place.

I love fastmail. Really I do not like gmail style conversations so I prefer fastmail over gmail.

I too love the FastMail web interface. It rocks! On Android, unfortunately, FastMail comes up short. I have yet to find a satisfactory solution

I've had my mail servers at Linode for about 8 years now, no problems at all. If anything, I am more restricted on mail processing rules than anyone else.

Yes in theory all you need to do is update your SPF to whitelist Google's SMTP relay.

Silly question, but have you tried sending an email to someone running spam-assassin and check the headers of the received mail to see if there's anything obvious flagging you? For example, on Linode make sure that your reverse DNS for IPv6 are also set correctly.

I find it hard to believe that you get classified as spam for no good reason, unless perhaps that Linode / Digital Ocean are known for hosting so much garbage and people can be tempted to outright block them, but I doubt Gmail does that?

But doesn't this also mean that google will read it and use the info in targeted ads, analytics, etc. If so, it might make this approach less desirable if your goal is a decentralized comm channel not spied on by big guys.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact