Hacker News new | past | comments | ask | show | jobs | submit login

I'm running an email server and I can tell you that this is by and large not the case.

If you put some decent effort into making sure that you don't send spam, try to monitor if anyone thinks you send spam and react when someone complains that you send spam (and stop it), it works.

In my experience people telling these stories often do send spam, but they don't believe they do. ("It's not spam, it's a Newsletter. No, it has no unsubscribe link. These are people that agreed to be put on the newsletter by clicking on some ToS they never read, and they can unsubscribe by some arcane mechanism that we will make as complicated as we can. But we're definitely not spammers.")




As other are saying this just isn't true.

I've run my own email for decades and I've designed and run some pretty big commercial installations.

As a small provider, you run the risk of existing in a netblock used by other people sending spam. A small co-op I ran encountered this problem once. They were operating on the cheap and while they weren't sending spam their neighbors had been.

Even as a large provider at a billion dollar company, figuring out delivery issues is a huge pain and generally not worth it. There are unofficial professional postmaster meetups around the bay and these can be helpful in getting escalation contacts to fix issues, but even with entire teams of people dedicated it's a lot to handle and is usually worthwhile to outsource the work to other companies who already have these types of relationships established.


> If you put some decent effort [...] it works

Well, I put in more than some decent effort, and I didn't get it "to work". I detailed my efforts here:

https://www.attejuvonen.fi/dont-send-email-from-your-own-ser...

Please stop spreading falsehoods. If you were able to somehow get your own email server to deliver email to Gmail and Outlook, great, good for you - but stop pretending that anybody can do it.


I did run my own email server for 20+ years. As you may imagine, I had to learn a thing or two about DMARC, DKIM and SPF, but spread over the years it is not a big investment to make.

Most of the time, delivery problems were of my own creation. Like running out of disk space or accidentally disabling TLS.

Once in a while, Microsoft would start swallowing emails or Google would push everyone to use DMARC.

But overall, the experience has been very pleasant. I host my mails, I own my data. I am not shy of using Google, but my work is not defined by their whims. When Google tells me I ran out of space in my account I just delete stuff because I have copies of everything outside of Google infrastructure.


Lots of sister comments here saying that they've been running a mail server for X amount of years, where X is a rather large number. That will obviously come with some reputation for your mail server, reducing the curve of being classified as down. I would be interested in hearing from someone who tried to setup a new mail server in the last 1-2 years who was able to run it without a hitch.


In my case x>10y for a personal server, but that reputation got ruined when some test email account I had created with a weak password and forgotten, got breached and some spammers started sending spam. My mail server (smartermail) notified me within an hour of the abnormal number of emails and I disabled the account immediately. But that was it for the reputation of that IP. Fortunately I could switch to a spare, clean IP.

That being said, now I monitor and auto-ban failed authentication attempts to smtp/imap (among others) and running the service is fairly low maintenance.

But the morale of the story is that you are only one weak password from one of your users away from your mail server getting blacklisted as a spam server. So while I think it is fairly easy to run a personal server, running one for a small organisation is another matter.


i use a very low sending limit in my mail server. If a user were to send out spam, it would end up being relatively few by the time i noticed.


According to AWS, most mail servers will not even count statistics for low-volume senders. If that is true, then it won't matter whether your personal email server has been up for 20 years or 1 year, it won't have any reputation.


Yeah, I have that problem with gmail, I had a test account with a weak password get exploited a few years ago. Now for any new gmail address I want to send to seems to endup in spam. The problem here is there is no getting out of jail easily for low volume email users.

My personal gmail account is full of spam and emails I do want from email lists end up the spam folder randomly.


This matches my exprience. I switched recently after 10+ years, and was cautious that this might be a problem but it hasn't been at all. I think it has more to do with the choice of ISP.


I think they meant servers with no reputation are punished. Other comments said so at least.

What ISP should someone choose?


Interesting, I misinterpreted what was being said!

I'm doubtful a default block would work, as that would even penalise the 'big boys' of email when they make basic network changes and piss off existing customers of both sender and receiver... Its easier and logical to conclude something without reputation yet is therefore sending too few mails to be useful to a spammer.

I've had good experiences with smaller ISPs (currently Mythic Beasts). In contrast, OVH was a poor experience.

I find that reputation (beyond the known "block-lists") appears more likely being tracked for the whole AS number, therefore a lot more to do with your "neighbours" than anything else.


>What ISP should someone choose?

What matters most is if the IP address they issue you has been blacklisted for spamming. DigitalOcean is fine but you need to check the IP address before you do the work of building a mail server. Some of their IPs are on a lot of blacklists.

If it's only on a very few you need to look into who's blacklisting it. There are some that offer a way to get delisted and make it easy, there are others that block pretty much every IP address DigitalOcean has (or large ranges of them) and they won't de-list anything within them. Many of those blacklists are managed overseas and not used much in the U.S.

No matter the ISP you should check the IP address they issue for a VPS before you build the email server.


I've been running my own email server for around 7-8 years and just setup a new email server on a DigitalOcean vps earlier this year using "Mail-in-a-Box".

That's about as easy as it gets but it still requires some work and you need to check the IP address DigitalOcean issues to see if it's blacklisted before you set it up.

Google makes it easy to get whitelisted. Microsoft email services (Hotmail/Outlook) are a pain though. I tried to get through their process but got nowhere. Other services I had to submit a request to get de-listed. So it does take awhile to go through all that.

Still, I prefer that to hitching that wagon to a 3rd party provider like Google, or any other.

Before I set mine up the 1st time I'd been screwed a few times by 3rd party providers. The last one, I can't recall which, but it was either "MailChimp" or whomever bought them, that I'd configured an app to use and almost as soon as I'd released it they announce they'd been acquired and I would have to use the new services APIs, and of course they cost more, and their services were geared towards mass mailing, and that's not what my apps do, and their API sucked for my needs.

It was about 12 years of dealing with 3rd party bullshit that motivated me to set up my own email server.

If you just want to fiddle around with one to get a feel for it Mail-in-a-Box is a good place to get started: https://mailinabox.email/


And even if you did get it to work there is absolutely no guarantee that they won't block you tomorrow morning for no reason at all.


I setup and have been running an email server for around 20 domains for over a decade. There have been no issues delivering to Gmail or Outlook, AOL, or Hotmail. There was some work I did initiallity to remove our IP addresses from blackhole lists, which had resulted from whatever the prior owners of the addresses had done. That was, however, minor and didn't take much time. Similarly, setting up DKIM, SPF, and the like were necessary and ugly to do, but they didn't take much time.


My mail server running on DigitalOcean has been relatively trouble free over the last 9 years. It runs docker-mailserver and is used by me and a dozen employees of my various small businesses.

It requires some effort to maintain and understand, and I’ve had a few deliverability issues over the years but they are generally with niche providers. I’ve never had trouble sending mail to the big providers.

Every time I read comments about the impracticality of self-hosted email, I scratch my head. Maybe I’ve just been lucky.


I think DO is really good about policing their IP space. When I signed up for the Microsoft JMRP [0], DO was already a contact of record for the IP I was using. I just appended myself to the list to get any abuse reports as well.

>Every time I read comments about the impracticality of self-hosted email, I scratch my head. Maybe I’ve just been lucky.

I feel the same. I've had one or two hiccups but smooth sailing for the most part. I'm also happy to provide receipts that show how the recipient's mail server is responding when I send the emails. It's a powerful tool to say, "your mail provider is misbehaving, look!" They will wonder how many people tried to send them email that didn't get to them.

[0]: https://postmaster.live.com/snds/JMRP.aspx


That's what I've been using for some years and it's never been a problem for me. You are right that you have to have at least a basic understanding of how a mail server works, and there is some configuration to know about. But I think of all the things I host myself, docker-mailserver is the least cumbersome and among the most reliable.


Easy on generalizations, mate.

I've been running my own mail server since mid '00s. Initially hosted with one of West coast Canadian colos and subsequently moved to an EU colo. Had some deliverability issues with Outlook and Yahoo, but these were episodic and rare even though I set up DKIM only last year and have been running with just SPF and DNS/PTR before that.

I know at least a dozen of others with similar setups and timelines. But we all use dedicated colo'ed boxes on IPs from clean netblocks that weren't previously used for shared hosting. I strongly suspect that attempting to run a mailserver on Digital Ocean, OVH, 1and1 and similar mass-hosting providers will not go well. Just like it will be an uphill battle to run it on a residental IP.


> Easy on generalizations, mate

What did I generalize, exactly? Parent poster was claiming that anybody can set up a mail server with good deliverability - that's a generalization. I said good for them (acknowledging they managed to make it work) and said that I also tried and couldn't make it work - therefore, clearly not everybody can make it work. Did I not argue against generalization there?


> I strongly suspect that attempting to run a mailserver on Digital Ocean, OVH, 1and1 and similar mass-hosting providers will not go well.

I run my mail server on Linode, no issues at all.


> If you were able to somehow get your own email server to deliver email to Gmail and Outlook, great, good for you - but stop pretending that anybody can do it.

Yes, that's probably true. I've been running my own server for 20 years now, and I guess that in itself helps with getting my mail delivered (apart from t-online, but who cares about them). At some time I also hosted some mailing lists, but I quickly abandoned that because that's a surefire way to get your IP blacklisted sooner or later. If you set up a completely new mail server, there probably is a lot of luck involved, and I wouldn't recommend it to anyone, at least not for your critical business mails. I pretty much keep doing it only out of nostalgia, it doesn't really make any sense otherwise.


Haha I have the same experience... I have given up trying to send emails to t-online, but every other email-provider accept emails from the server I manage. It sends a few thousand emails per day.

A few years ago we had problems, but then I realized some of the emails sent from our servers had non-ascii characters in headers (subject, from, to) which caused email-providers to distrust our server. Using encoded-words syntax ("=?UTF-8?B?" + BASE64(text) + "?=") fixed that problem:

https://en.wikipedia.org/wiki/MIME#Encoded-Word


My little server on Hetzner is delivering to gmail and outlook since two years with no hiccups: postfix,dovecot,rspamd.


> but stop pretending that anybody can do it

I do it as well and apparently so do many others.

Not sure why it seems problematic for some, but it hasn't been an issue at all for me.


I think the "decent effort" part is the key thing. We had to change our mail routing temporarily earlier in the year (after having sent via Office 365 for multiple years) and keeping on top of emails that were being blocked was a non-trivial amount of effort (and stress) for a period of time.

Unlike the person to you're replying to we had no issues with Google or Microsoft (once we did the requisite things) - it was Yahoo (and the people they provide email for) and then multiple mid-size organisations who used IP based block lists. At one point our mails were being rejected by our local NHS trust, the London Fire Brigade and a mental health agency we make referrals to. None of this was complicated to resolve but it was energy that could have been better used elsewhere.

I'm not usually part of the "let's go cloud without doing any cost-benefit analysis" movement but with email delivery I was happy when we could go back to routing via Office365 again. If a recipient decides to ban Microsoft's IPs that's usually going to be a bigger problem for them than me.


> If you [...] it works.

I've been running mailservers using free software for 20 years. I've run two for personal use, and several for groups like companies. In the old days, you could indeed throw up a server, and provided you don't spam, and you're not in a bad neighbourhood, outgoing mail would be accepted.

In more recent years, my experience has been that it takes time for a new mail sender to be acccepted; could be a year or two to build reputation. That's assuming you do everything right.

My personal mail, by the way, has been on the same domain since about 2001. I've quit running a mailserver now. My small ISP runs a setup that's basically what I would have built, so I use that; the support is excellent. But it's still on the same domain.

Last company I was at ran their mail on their ISPs mailserver. The ISP got taken over; service deteriorated, to the point it became unacceptable. So I built $EMPLOYER a mailserver; it took me longer than I predicted, because the bosses had all kinds of finicky requirements (don't they always) that I had to figure out how to provide after the fact. But that "artisanal" server beat the bejabers out of the ISP system; it was fast, reliable, and when anything went wrong I could fix it - which that ISP couldn't.


To most, including Gmail, it's actually no problem with DMARC in my experience too.

However, one of my servers IPs is on a Microsoft blacklist since many years now. It sends <10 messages / day. I've tried every unlist form I could find, even called MS but it does not get taken of that list and they "won't disclose why". I'm routing SMTP to MS via another relay now :)


> I'm routing SMTP to MS via another relay now :)

How do you do this? Could you share details on the setup?


It's a rather simple Postfix setup:

transport.db:

hotmail.com relay:[relay.server.tld]:587 # and other domains

main.cf:

transport_maps = hash:/etc/postfix/transport smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd

relay_passwd.db: # if necessary / not authenticated by IP relay.server.tld user:pass

The relay can/should rewrite the Return-Path to pass SPF. It's no problem for DMARC as the DKIM signature added by the initial server still authenticates it.

It requires manually adding domains of custom 365 installations to the list - at this size I do this manually, but should probably be automated "on bounce" or maybe even by a smart rule based on the MX record.

In Exim4 it's also possible to conditionally rewrite based on for example the recipient domain.



same experience here, perfect score but no mail into Microsoft


You need control of the entire netblock you send email from. Everything was going smoothly for me for 7 years until the entire Digital Ocean netblock my static IP was in landed in a permanent blacklist due to enough of the other IPs in that block having repeated complaints. I don't remember the mailing blacklist it was on but unblocking that single IP required the netblock owner (Digital Ocean) contacting the blacklist provider directly


this is why persons self-hosting email servers are much more likely to have success using a small to medium sized, trusted local ISP where you can establish a relationship with the persons who run the ASN. And determine for certain that the ipv4 /24 your mail server's /32 is contained within does not contain random other $5 to $30/month people buying VPS/VMs/low-budget-dedicated-servers with credit cards.

If you can have a high degree of confidence that no outgoing smtp spam traffic has ever been emitted from any of the other IPs adjacent to where you're hosted, the opaque blacklists of the big mail receiving providers (gmail, etc) are much less likely to consider your legit traffic as spam.


I think the vastly different experiences have a lot to do with the quality and scale of the ISP. Best results with small, good quality ISPs.

Also running my own servers for personal and business, and working well.

But when we tried to use one of the large VM providers the experience was much less reliable. Despite ensuring the IP was not on the various block lists etc. mails would be accepted and silently discarded by recipients ISPs, perhaps due to the level of abuse of these IP ranges.


Exactly. I’ve been running my own email server for over a decade not because I think I’m artisanal, but for practical reasons. But I don’t send out spam or “newletters”.


Or any kind of transactional email, I assume?

I've run a hobby website for about 15 years that does not even have a newsletter of any kind, and includes "stop sending me emails" in each transactional email (all users are double opt-in verified), and password resets are still not delivered half the time to gmail addresses.


In my experience people telling these stories often do send spam, but they don't believe they do. ("It's not spam, it's a Newsletter. No, it has no unsubscribe link. These are people that agreed to be put on the newsletter by clicking on some ToS they never read, and they can unsubscribe by some arcane mechanism that we will make as complicated as we can. But we're definitely not spammers.")

Yes. I do get that impression from most complainers.

I send from my own domains, and if I sent it, I wrote and addressed it personally.


Indeed, after setting up dmarc and such delivery is no longer really an issue. I guess around 10 years ago, that was different!

But what is a problem is providing a good enough web interface, search, and so on.


I've run an email server for 10 years now and by and large this is the case. I am the only person that uses my domain/IP/mailserver. I know it doesn't send spam. I've still been blocked by MS Office 365, marked as spam by google, etc, every few years. It's quite a hassle to get unblocked involving lots of lying about having a Microsoft account or the like to tech support till you get to techs who actually know what a mailserver is.

Frankly, I'm shocked you've never been arbitrarily blocked and I find your insinuations offensive.

The last time I was getting blocked it was the solarwinds fiasco where their internal mail tunneling/forwarding and filtering setup broke all DKIM and suddenly solarwinds users like NOAA.gov were rejecting me and adding me to naughty lists. There was no fallout for the megacorps and their broken setups. There was only damage to independent mailserver operators doing the right thing.


I deal with this every day. Personal fully controlled server. I don’t conduct business over this server, have only one email, a personal email, associated with it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: