I'm currently using Gmail and getting more and more worried about my privacy. I'd like to know my options if I decide to jump ship. Should I setup my own email server ? Or use another less invasive service ? What are your thoughts ? How do you concile email and privacy ?
If you're worried about privacy, I hope all your contacts use GPG. Practically none of my contacts know how to use that. Practically all of my contacts use Gmail and Outlook.com. That means all of my emails will end up in Google and Microsofts hands anyway. I'm sure they will build shadow profiles on me (especially since I'm a former customer, using the same domain alias on my new host as I did with them).<p>That being said, I recently switched to <a href="https://mailbox.org" rel="nofollow">https://mailbox.org</a> (they have a very good reputation). Mainly because I love the web UI it's an awesome service and I get CalDAV and CardDAV that works beautifully.
Setting up your own email server will bring you into the wonderful world of big email corporations not delivering your emails until you subscribe to their whitelist with, for some of them, subscription fee.<p>Back in the time, I had this problem with sending emails from my private server to yahoo or microsoft (hotmail, live.com, etc...), both refusing to deliver my emails to their clients as I could be a potential evil spammer.<p>For the subscription fees, a few weeks ago I saw a price chart for <I don't remember which company, probably Microsoft> about how much you have to pay them depending on your situation and how many emails you plan to send to their servers. Unfortunately I didn't find this page again.<p>I think the best option is to go for a paid service with a good privacy policy. It will cost you a lot less in time and probably in money. Also, they will probably be more reactive than you in case of problem, and more aware about security.
Use a paid service. I use Fastmail. It baffles me every day, how HN is obsessed with Gmail as if there was no alternative and are willing to trade a minor improvement in comfort over having every email read, analyzed, indexed, profiled and put into the Ad machine. I'm also surprised that so many people use the web client and not a native client with IMAP.
After years of self-hosting I finally switched to <a href="https://protonmail.com" rel="nofollow">https://protonmail.com</a> and I'm much happier for it.<p>Self-hosting is still possible nowadays but email delivery is an uphill battle. You can expect to write several major email providers to remove you from their blacklists even if your address and domain reputation is good.<p>VPS privacy and security is questionable and dedicated servers are usually expensive. Hosting SMTP from home is virtually impossible without a VPN to a "proper" IP.<p>Are you willing to spend the time to update all parts of your infrastructure on a regular basis? Are you certain you will keep up to date on recommended ciphers and protocols?<p>How is your data going to be secured at rest? If it's encrypted, how are you going to provide the keys during unexpected reboots?<p>If you want push notifications, synchronized calendars, contacts and notes you will need to add another layer of complexity to your setup.<p>Critics of Protonmail and similar will point out that browser based encryption is a weakness, however that doesn't change the fact that it is a major step in the right direction. The battle for privacy is fought in depth, not absolutes.<p>Protonmail is hosted in a Swiss datacenter, run by a Swiss company under strict data protection laws. They offer a free tier and a paid one for your own domains.<p>If you still want to go the self hosted route iRedMail and Mailinabox both work well. Sovereign runs too many services - it should really be split into VMs or containers.
Hi, we had similar concerns about privacy and have built <a href="https://cloudron.io" rel="nofollow">https://cloudron.io</a> to solve not only the hassle of setting up email but also other services where applicable selfhostable options are available.<p>The mail server is fully built into the platform itself and automatically takes care of all the tiny details required to get over the often stated deliverability issues (SPF, dkim, PTR, ...). So far we have found that many of the issues described here are not actually a big issue as long as everything is setup the way those large providers want it to be. The occasional report from a user about getting blacklisted usually is a matter of submitting the required form on the providers unlisting site. They do act timely as well in my experience and the process is not very time consuming.<p>Overall I was pretty surprised how well it works in the end, given that there are so many reports about selfhosting email is too complex to deal with.
I have been setting up mailservers since the '90s when you still had to deal with sendmail's configuration format. I've used most email servers available on unix platforms. And I'm also someone who wants to do everything myself and not depend on anybody else if I don't have to. Still, and it hurts me to say this, it might simply not be worth your time. I use a paid service for my main mailbox now.<p>I have a mailserver handling some personal email, but I feel it's too risky (to take the responsibility) and too much effort to host email accounts for just a few other people. You can and probably will be every once in a while blacklisted by one of the big providers or have legitimate email bounce, even if you have SPF, DKIM, TLS and your own spam filters set up. You also have to keep an eye on your servers to see if no new filth gets through. And you'd probably want to keep a backup relay ready. You have to provide ways for the users to configure or fine-tune their individual spam settings and mark messages. You most likely want to install a web interface next to the IMAP and/or POP service, which opens another can of worms.<p>I feel I'm too old now – meaning I have so many other responsibilities – that I don't want to babysit something that is after all rather crucial and should "just work". If you have the energy and time, please go for it, otherwise just search for a reliable paid service.<p>Note that assuming privacy when talking about email, even though most protocol interactions might be encrypted these days, is in my opinion somewhat misguided. Don't use email if it's truly private. Or use end-to-end encryption, such as PGP.<p>There might be a hole in the market for a company that helps geeks host reliable email servers, for those that want more control than just an IMAP account with sieve support, but maybe the margins are too low and fighting spamming subscribers too hard.
I'm the ex-CTO of Lavaboom, a German startup that did encrypted email. Right now I'm working on Oakmail, which will be even more radically open and easy to use. I reckon it will be 2-3 months before we launch an open beta (and of course you will be able to deploy it any time once it's usable).<p><a href="https://oakmail.io/" rel="nofollow">https://oakmail.io/</a>
If you have concerns for privacy, find a paid service you trust.<p>Hosting an email server yourself is a great learning exercise but you'll be forever playing whack-a-mole with spam and wondering if your setup is actually properly secure and waiting for the day you get hacked.<p>I did this myself for a few years and at one point had very few deliverability problems, then one day out of the blue I ended up on a black list and started getting complaint emails. After that it was either rebuild on a new ip address and start again or choose a paid provider and move on, I did the latter and opted for Fastmail.
If you're concerned about privacy, don't use a free service. Pay for it and the privacy concern usually goes away.
If you specifically concerned with US laws go German:
<a href="https://posteo.de/" rel="nofollow">https://posteo.de/</a> is a good one to consider.
<a href="http://mailinabox.email" rel="nofollow">http://mailinabox.email</a><p>Formerly, I'd say maintaining your own email server isn't easy. It was hell trying to set one up 10-15 years ago. This guy (and the contributors) have made it about as easy as it can get. I've hosted mail for one of my domains on a DO droplet, where I set up a mail server with that guide. Been running it for ~4 years. No issues. Highly recommended.
Interesting, I am not the only one. Additionally for me, its also pretty expensive to host domains for all my startup-ideas on gmail. I know, it's just $5/user/mo, but if you run 20-30 "fun ideas" it adds up...<p>So I used a scaleway.com instance and installed <a href="https://github.com/sovereign/sovereign/" rel="nofollow">https://github.com/sovereign/sovereign/</a><p>I forked it and made it especially for my own usecase working for the scaleway VPN
<a href="https://github.com/tomw1808/sovereign" rel="nofollow">https://github.com/tomw1808/sovereign</a><p>So far I am pretty pleased. I opted against mailinabox because I want to use the server for other things too and mailinabox strongly suggests against it...
I can highly recommend Mail-in-a-Box [1], especially if you're looking for a solution that is secure, easy to install, and doesn't require any fiddling. You can host it on a cheap VPS for $5 a month and it'll happily chug along without any problems.<p>Deliverability will only be an issue if you land up on an IP address that was previously abused, so it may be worth checking out the IP address reputation on DNSBL [2] before setting up Mail-in-a-Box.<p>Make sure you configure an SPF record for the server's IP address, and then also set up DKIM and SPF. I have yet to see any deliverability issues using this setup.<p>[1] <a href="https://mailinabox.email" rel="nofollow">https://mailinabox.email</a><p>[2] <a href="http://www.dnsbl.info" rel="nofollow">http://www.dnsbl.info</a>
You may want to consider German-based Tutanota (<a href="https://tutanota.com" rel="nofollow">https://tutanota.com</a>) who uses open-source cryptography, rather than some alternatives such as Swiss-based ProtonMail who use a combination of open-source and proprietary closed-source cryptography.<p>Failing that, head on over to <a href="https://privacytoolsio.github.io/privacytools.io/" rel="nofollow">https://privacytoolsio.github.io/privacytools.io/</a> and check out alternatives and other related information.
I use GoogleMail behind a custom domain ($50/year) and am quite pleased. I used to be a FastMail customer but a couple minor outages and weirdness around billing made me switch a few years ago. Functional "report spam" is a big win for GoogleMail, and as an apps (or is it "GSuite" now?) customer you don't have to worry about ads/privacy issues. Don't self-host, I self-hosted (Postfix/Dovecot) before using FastMail and it was a huge headache between reasonable spam filtering on the receiving end, and undelivered/spam-marked emails on the send side, although I learned a lot by self-hosting. Also, it was hard to pretend I was serious about privacy/security when I was self-hosting on a box that any Linode admin could shell into as root, especially after Linode's security dramas. This is not to say that self-hosting cannot be cheaper and more secure than alternatives, but if you're not a full-time sysadmin regularly setting up mail hosts, you probably will get something(s) wrong. I never could silence that voice in the back of my head saying "what if some really important email couldn't be delivered to/from me?", which was sometimes right. As others have said, you have to use GPG if you're serious about privacy, regardless of your email provider. Anyway, for me, $50/year is a great deal for reliable email with good spam filtering, and being able to use my personal address/domain for Google Hangouts and Docs is a decent win for collaboration.
I run Postfix & Dovecot (with SPF, DKIM, DMARC, DNSSEC, TLS) from my home network with a remote backup just in case it goes down, as well as my own DNS servers.<p>I had to ask my ISP to disable some rules on their end and pay a fee to have a static IP address, but overall it was pretty painless. Though I can imagine some providers being much worse.<p>After the initial hurdle of setting everything up in my experience everything went mostly fine. I had to whitelist my domain on Microsoft's site, but Gmail and Yahoo worked fine from the start. I haven't had a problem since. My university teachers receive my email just fine, so did my co-workers before I was given a corporate email address.<p>Is it worth it? Maybe not. It was more of a learning experience for me, but I find it works just as well as any other provider I've used. At least for now.<p>As others have said there are lots of outdated guides. I found the Archlinux Wiki and the manpages to be the most useful resources. Also please stay up to date on the software.
Setting up Dovecot (with master-master replication) and Postfix (+ spamassassin, dmarc, SPF) isn't too bad. There's a lot of dated guides out there though. Stick to the man pages as far as possible.
Running your own mail server is more work than it might seem, especially when it comes to setting up security and spam filtering and such.<p>If you want to use another web mail service other than GMail then I can recommend;<p><a href="https://kolabnow.com/" rel="nofollow">https://kolabnow.com/</a> (the lite option just gives you webmail)<p>or<p><a href="https://posteo.de/en" rel="nofollow">https://posteo.de/en</a> (very green-energy and privacy focused
If you care about privacy _and_ freedom, check out Kolab Now.<p><a href="https://kolabnow.com/" rel="nofollow">https://kolabnow.com/</a>
The premise here is thatservices such as gmail or outlook don't respect the privacy of their customers. Can someone point me to an actual case where gmail for business (using gsuite) or outlook haven't respected their privacy engagement ? Or a serious report on that matter ? thanks.
I chose Google GSuite to avoid non-delivery of emails which was happening when I was still on self-hosting. Most emails I send used to be marked as spam and blocked. Not anymore. Fee I pay every month is very low compared to the time I used to spend managing my own servers.
I'm using gmail for my daily use and tried maintaining my own server and it was too much effort.<p>I'm a little bit worried what happens when gmail is blocking my account for whatever reasons, but if, i would create a second own managed mail address only for accounts.
I'm really happy with <a href="https://www.migadu.com" rel="nofollow">https://www.migadu.com</a>. i just converted to paid. It's nice to be able to add users and domains without a price change.