I have been running mailinabox with a hetzner server for 2-3 years now.
- Setup was largely painless. Main problem was making sure dns settings at my domain registrar were correct.
- Almost zero problems with mail delivery on the big providers [1]. Last time my email was dropped was by amd.com.
- Last year had to do a major version upgrade to mailinabox and it was a huge hassle. I think they need to improve on this. Rolling updates are painless.
Here is my advice to people who are on the threshold of wanting to host their own email, but are unsure because of mail delivery issues. Well, there are zero problems with incoming mail. So setup mailinabox and use that email to register for websites [2]. Use it for all your mailing lists etc.
Do it for a few years and see how it feels. Occasionally send out email. If enough people do it, then over time it will become easier for more people to host their own email.
[1] I have a theory that I deployed. I asked a whole bunch of people with gmail/hotmail email addresses to send me emails first on my new email. I then replied to them. I think this ensured that from that start I was put on the good lists.
[2] Use websitename@yourdomain.come to register. Easy to block spam this way.
It was flat out impossible for me to get Outlook to accept my mail server. They'd only give me some vague response with no actionable steps to resolve it. I gave up and used a gmail account to route everything outgoing. That way mail still shows up as from:jimm@jimm.horse but rides on Google's reputation. Defeats the purpose a little but there's nothing more I can do (apparently unless I buy my own non residential ISP line, host the server in my house, and build reputatiom forever, but that's an absurd length to have to go through. ideally we'd have antitrust legislation forcing MS et al to be fair towards smaller email and save the open internet overall, but I'm not holding my breath.).
Last time I tried to set this up, I think I was unable to get it for the super low advertised price, because they require you use an ec2 instance in order to skirt their minimum monthly charge and you can no longer get free tier ec2 after the first 12 months. so the monthly amount I would have to pay was going to be a non-insignificant amount.
I've been using it for over six years now, I'm always worried it'll stop working...but besides having to bump my node.js version a few times, so far so good, knock on wood.
It’s annoying but it’s definitely possible. You have to keep harassing the Microsoft’s support email, eventually someone will deign to read it and whitelist your specific IP address.
It took me a week of back and forth but I was eventually able to get them to allow my IP address in one of OVH’s banned blocks.
I'm guessing they are talking about outlook.com, which is one of Microsoft's alternatives to Gmail. I.e. outlook.com, a host of millions of email addresses, is rejecting the emails from their server.
They have something weird going on. I had to make an account with them to redeem a game key, and they wouldn't deliver the account verification email to my custom domain hosted by Fastmail. I used a gmail address and the email came instantly. Then out of the blue 24h later the emails to my custom domain were delivered (by which time the verification codes had all expired, of course).
I've done MiaB from 2015-2017, and I've always had deliverability issues from Digital Ocean. Microsoft is particularly nasty, and Gmail kept marking me as spam silently instead of rejecting mail.
I've decided to just move on and pay Fastmail. Email isn't private anyway.
Same, ran very (technically speaking) clean MiAB setup for local business and after 2 years we had to drop it due to delivery issues with MS business accounts. Invoices missed, etc. - a royal pain in the arse. Only a full migration to gmail biz domain fixed things fully. Email. Yikes.
A thousand times this! Everyone even remotely technical or interested in tech should run their own mail server.
For anyone too young to have known, this is how it used to be. Email was desktop (workstation) to desktop. Even when working at large corporations in the 90s, email arrived and was sent to the world directly from my personal workstation.
For anyone worried about deliverability, keep in mind you can outsource the delivery part while still running your own email server for incoming email.
I have experimented with using mailjet as an outgoing relay, for low volumes it was (maybe still?) free. I don't use a relay though, I deliver everything directly. But you don't have to if you worry about delivery.
Why would you do this? For one thing, as parent post says, it gets you used to running the server.
But much more importantly, it gives you complete control of incoming email. Never again is there any chance of google/yahoo/microsoft locking you out of receiving important emails (account resets, bank statements, etc) when you own the receiving server.
Over time you can start relaxing the relaying and deliver directly to most places, only keep the relay to those who give you trouble coughmicrosoftcough.
Or keep the outgoing relay forever if you prefer, but still reap all the benefits of owning the receiving side which is arguably more important.
My experience has been that MAIB version updates are usually very smooth. Regular OS update (apt update/apt install) are smooth. The big problem is that the recommended path is to install on a fresh system when moving between OS versions. In the most recent release that required that, I actually did an in-place upgrade of the OS by running do-release-upgrade twice and leaving the config files as-is. I followed some steps that were posted on the forum. I ran into one or two minor issues but they were the sorts of things I'd expect to see running an "unsupported" upgrade. Other than the OS updates which just take time to download and install, the total work doing it this unofficial way was maybe a couple of hours. That's necessary every 2-3 years, I think?
I do have a few things that I've customized. Updates to MIAB will overwrite them if they're involved in the services it provides. Recently NextCloud updates have been better about removing all of your plugins. The only problem I ever had with it during an update was when the SQLite DB got corrupt. That basically made it so you had to reset NextCloud.
It's not the hours of work that is problematic (though that should go away too). It is the stress of somehow losing my mail. Of course I have backups, but still I would rather not deal with the hassle of recovering from them.
I really wish, we were in a place where such software were designed for NixOS.
> - Last year had to do a major version upgrade to mailinabox and it was a huge hassle. I think they need to improve on this. Rolling updates are painless.
Ran into this too, multiple times. Just not worth it if it breaks the underlying OS.
Your [2] note about using website names in emails is an awesome but underrated benefit. I’ve been doing that with hey.com email at the moment. (Using a custom domain, any address that doesn’t have an inbox goes into the “catch all” box. I can upgrade an address to a real one by setting up a free alias address which is pretty simple in their UI.)
I’ve only caught one sold email being used for spam so far (sketchy wristwatch store that wanted an email to unlock some discount I never used) but really happy I’ll know about the next one.
Used MIAB for years -- one install, about 20 domains, most low volume but 1-2 sending tens of thousands of emails a month. Some notes:
* Every thread that mentions hosting your own email brings out the it's-pointless-do-do-your-own-mail zealots; ignore them. If you're interested in trying it, try it.
* The only deliverability issues I ever had were with ATT networks because they don't use modern TLS; that was fixable. Mail to Google? Goes through, doesn't go into spam. Mail to Microsoft? Ditto. And this is on a Digital Ocean VM, which isn't the most reputable IP pool in the world.
* MIAB will happily be your full-fledged authoritative DNS server. Although I've since migrated to separating DNS from mail hosting, it was very convenient for a long time.
* Setup is dirt simple. And you get MTA-STS as well as DANE/DNSSEC right out of the box.
* The backup function worked without issue the one time I needed it. I'm sufficiently paranoid that I also do regular snapshots of the whole VM.
* There's a fork, Power Mail In A Box, that updates the UI, adds the ability to plug in relayhost settings, and does a few other nice things. It hasn't been updated in about a year, but was similarly solid.
My only quibble with MIAB, and the reason I migrated to Mailcow recently, is that I wanted to easily set up per-domain relay settings from the UI.
I'm on the fence. I wanted to do a super simple app hosting service on the Odroid SBC. I have few services running, but two of them: Authelia and Gitea need smtp for some actually valid reason.
If all I needed was SMTP? I'd likely just use Amazon SES or Mailgun.
I know some folks have concerns with the privacy of that(1), and really want to run their own SMTP. If that's the case, Mail In A Box can do the job, or you can go with a pure SMTP solution like https://github.com/ix-ai/smtp (not endorsing it -- it's just been on my radar) or a roll-your-own Postfix/Exim solution. The latter requires almost zero resources after it's set up; slap it on a $20/year VM and you're done.
1. Chasing privacy with email is a chimera. If you really want private communications, email is not the tool.
Amazon SES is great, because you pay per email and the rate is incredibly cheap. Mailgun is very expensive though, and the problem is they have a very limited free tier, and then you must jump up to a $35/year package that gives 50,000 emails - this is simply far too much for many projects early on in their rollout.
I prefer something like Brevo, which has smaller jumps per tier or even something like MXRoute for $49 per year (limit of 300 emails/hour)
Edit: Completely forgot about ZeptoMail by Zoho - incredibly good value service.
Oh, that's only for "fun". Playing with quick deployment of throwaway apps. No real privacy expectation. Of course it would be nice to learn along the way
Sounds like MIB is overkill and way more than you need. I'd still suggest setting up a dedicated self-hosted postfix for your services yourself. Start with local-only delivery. Then you can set it up to forward using external services (or indeed MIB or something similar if you end up self-hosting email on top of that) should you want to and you consolidate future changes of automated external mail delivery to a single point.
What got me interested is their integration with traefik. It just worked. Not without 9 hours of finding out the right proxy settings, but know I'm attached to it like to IKEA furniture.
On a more serious note, they showed an example of properly proxying a imap/smtp SSL connection. If you asked me before integrating it, I'd have thought it might be impossible, since SMTP has some STARTTLS negotation baked into protocol.
I only knew how to proxy SSL in HTTP and never knew that bare TCP can be used to PROXY and terminate tls as well.
This isn't the kind of thing I'd run - I'm still running old school Sendmail, IMAP-UW and Cyrus SASL - but it's good to see resources that make hosting email more accessible to everyone.
There are altogether too many people who think it's their place to tell others they *shouldn't* self host email, and I think that's a horrible take. It's not too different from saying, "I couldn't learn Finnish, so you shouldn't even try".
Actual, technical objections are fine, but most of the time objections brought up by gatekeepery people just show a lack of understanding and experience. For instance, the most common is "you'll never be able to deliver to...", which is ridiculous. Even if you're on a network that has a bad reputation, you can always smarthost through other providers, and you'll still have all the advantages of having logs and your own filters for incoming email, plus the security of possessing your own data.
The Internet is a better place when less centralized, so it's nice to know that we still have people who haven't thrown their hands in the air and given up to Google / Microsoft / Amazon :)
ISPmail/workaround.org is how I got serious with self hosting my emails 10/15? years ago. Really good starting ressource if you want to know how all the internals of a mailserver work
I've been using maddy.email running quietly on my RPi for a couple of years now. I think it's 'simpler' than mail-in-a-box because it implements IMAP, SMTP, all in one server which can be backed by a database, instead of managing installation and updates of many different programs. It also does DKIM automatically and uses ACME/LetsEncrypt to automate certificate management.
It doesn't have as many features as mail-in-a-box though for a example no webmail or Cal/CardDAV, so I have to run those separately. It would be great to extend the project
Another similar project is stalw.art mail server. I haven't used that yet but it looks promising, and it supports JMAP (a possible IMAP successor)
I am also using Maddy so my programs can email me with notifications (I'm not using it to email anyone else) and it has been great.
One thing about Mail-in-a-Box is you have to dedicate your entire machine to being MAIB, whereas Maddy is just a regular program you can run along with everything else.
At this point Stalwart and rspamd two combined will most likely offer a better experience. In terms of supporting modern standards, security and offering enough configurability without requiring arcane knowledge. You can get a good setup with way less effort and fragile components.
The hodgepodge of software used by MIB is just not good any more.
Also Stalwart Mail supports JMAP which is a nice protocol. Not sure how many email clients support it yet though. If I were to host my own mail I'd probably go with Stalwart as it provides a single binary/service for running imap, jmap, smtp, etc. No need to fiddle around with Postfix, Dovecot, etc.
This is awesome! Have really been thinking about this a lot lately, and my SES->Google Workspace solution works, but isn't viable if we ever left Google Workspace. I might set one up because abdullahkahlids' statement is compelling and correct: "If enough people do it, then over time it will become easier for more people to host their own email." (Plenty folks did this in the heady 90s...)
A few questions:
- I see that it seems to require Ubuntu, assuming this would work on Debian as well without too many needed tweaks? And are there plans to support CentOS? Ubuntu is my daily driver as a desktop OS, but I rarely use it for server apps due to all the "extra stuff" installed and the network stack is slower out-of-the-box than CentOS and I am usually too lazy to do anything about that other than put my server stuff on CentOS.
- Is more documentation available (especially a hardening guide)? For example, I see that Munin's installed (huge fan of Munin, but I'd want to firewall it off for sure), Roundcube used as the front-end management, there are variables you'd want to configure (like support email), I'd probably want to not have sieve open to the world, etc. Basically, I'd love to see a concise list of services and open ports at minimum, so I could figure out what to omit from installation and what to firewall off.
I JUST finished my server migration 2 days ago. Because the configuration was such a hassle I just duplicated my setup. Why wasn't this posted like 2 months ago when I started?
I could have tried this so easily on the new server before moving from the old one.
I am using a traditional provider as "frontend SMTP". Decided against doing my own because I need to send and receive emails for job hunting atm.
I operated an email forwarding services[1] and have research this area extensively because eventually customer will keep asking for IMAP.
When hosting email, receiving is easy part. But storing and fetching it is hard.
Sending out, on other side, is hard to configure but easy to store(there is not much to store except DKIM config).
But the hardest part is actually getting providrs to accept your email. I always had issue with ProofPoint and Outlook(Microsoft 365).
I also have issue with 800 emails per hours on fastmail.
Lot of thing like that come up when hosting your own emails.
However, it's worthed it, it open a lot of amazing thing once you own your own email.
With that being said, I recomend Maddy https://maddy.email/ it's a very simple deployment that handle pretty much everything. No need to glue multiple system together.
Does anyone have a recommendation about where to host an internet-facing mail server? I've been running my own mail server on various VSPs (digital ocean and linode), but sending email is not quite as reliable as I'd like it to be.
Are there different hosts I could try? Or am I better off paying for something like fastmail and using them as a smarthost?
N.B. this may only work with hosts that don't use UCEProtect and, honestly, if they're legit, they won't use UCEProtect
I have two email servers running on Digital Ocean just fine - one set up in 2016 and one set up in 2021. It's a matter of doing the initial work to deal with the rejections - following the process the various hosts have set up. There will be a few block lists that you need to submit tickets to to have your IP unblocked. You'll want to create bulk sender accounts (even if you're not) with Yahoo, Microsoft, and Google. It's mostly superstition - "may this web form bring blessings upon my IP". Don't bother actually trying to check any of the reports in the UIs - only Yahoo sends emails to abuse@ for spam reports for small senders.
You'll want to join the Mailop list [0]. I'd say it takes about a month or two, mostly spent waiting, before you are in the clear and have perfect deliverability. Yes, it's annoying. Yes, it can feel hopeless. But it clears up pretty quickly. I've only since had problems with smaller providers and it usually gets resolved by contacting them.
[0]: https://www.mailop.org/ - I think people who work at Yahoo, Google, and Microsoft all monitor this list
If you've got a sensible ISP, you can host from home just fine.
You'll need an ISP who can permit traffic on port 25 (usually blocked for domestic connections); a "static" IP address really is necessary (a fixed address, not behind a NAT); and your ISP must be able to handle your reverse DNS entries (IPv4 and IPv6). Any ISP who can handle commercial customers will be able to do all that. And a UPS power source is highly recommended.
In some ways, email is a good place to start self hosting. It's based on store-and-forward, so you can be down for a while ... and when you come back up, any stored email will be delivered :)
But be aware of security, and don't let your server become a spam relay!
Smarthosting is the best solution since it prevents the necessity of being at the whim of rather shitty companies that only take action when things get really bad, like Digital Ocean.
I host my own mail server on Vultr. One thing to note if you want to use them is that, by default, they block outgoing SMTP ports by default. You have to file a support ticket to unlock that port for your account, and you need to have a server running under your account on their infrastructure for at least a month before they'll unblock the port.
It's a bit annoying, but they do it to prevent people from using their infrastructure to send spam. And you only ever have to do it once.
I'd say Mail-in-a-Box, along with Modoboa and iRedMail, are perhaps the only serious open source email server setups right now, that are not based on Docker. Commercial ones do exist in the form of cPanel and Plesk (if you need some sort of support), although the underlying software is pretty much the same.
The only downside with MiaB is it is unnecessary complicated to update (both the software AND the server OS). This shouldn't be too hard to address in the future...
Free iredmail makes updating extremely labourious. You have to manually update every package to each version step by step. It's a nightmare which is why the paid for version exists. I'm not opposed to paying but beware what you get yourself into.
Jumping into the Mail-in-a-Box discussion: setting it up is pretty smooth, but watch out for those tricky DNS settings. If you're battling with Outlook acceptance, you're not alone - seems like a common headache. Some folks just route through Gmail to dodge the hassle. And hey, if you're looking for a cheap alternative, AWS SES might just be your ticket. So, whether you're DIY-ing your email server or seeking easier routes, the email server world's got a bit of everything. Stay nimble!
I ran a miab for about 5 years, maybe around 2018, I also actively tried to do extra things that would improve delivery, including registering postmaster accounts on the various postmaster whitelist tools etc in order to increase the chances my mail would be delivered.
Unfortunately if you host your mail on linode/digital ocean, you will eventually be blocked, and mst of your email will end up in spam folders.
This year after 13 years of running my own mail services, I finally gave up, I was sending emails and then sending followup “did you get my email” messages from gmail
I've since moved from SOGo to grommunio[0]. It's Activesync support is great, far better than SOGo, and supports MAPI for Outlook and they'ved just released EWS support for Apple Mail / Outlook for Mac. Couldn't be happier. The other parts are fairly standard, rspamd, postfix etc.
On a somewhat different note, I have been using iCloud custom domain hosting feature. The spam filtering is horrendous. Anyone else has this problem? I am tired of checking the spam folder everyday and I find legitimate emails almost 2-3 days a week. Of course, I click on not-spam but I think Apple's servers just don't learn very well (maybe due to focus on privacy?)
I’ve definitely seen an increase in Spam filtering issues on iCloud.
I recently emailed a new contact for the first time and their reply to my email went into the Junk folder. How does that happen?
This last week I’ve had two other emails from people that I’ve corresponded with for years go into Junk.
Given how poor iCloud Webmail is - to the degree that it looks like Apple simply doesn’t care about it as a product… at all… I’m not surprised if the internals are being neglected too.
I've been using mail in a box since 2016 for a handful of personal domains.
It's easy to setup and very low maintenance. Backups are solid too.
Just make sure your hosting package/provider allows and supports self-hosted mail. PTR dns records specifically as without your mail might work but much ends up in spam boxes.
The mail in a box setup guide covers this too.
It’s all fun and games until you lose big client email offer because MS outlook decided to mark yours as a spam.. not a scare tactic but a warning that if you do that, make sure you have parallel communication channels with whoever your communicating with, just in case.
Just wondering, is making email hosting with cute name still a thing?
I own a couple of cute domain names (something like love.com or pretty.com, but obviously not those), so I'm thinking if I can do a hotmail on those domains.
I've been using Mailu (https://mailu.io/) for years and have had no problems. I love that it has the concept of domain admins so that people can manage mailboxes for their own domains. DNS isn't automatic, but meh. Upgrading is easy (Docker + automatic migrations).
I think having “encrypted SQLite” as a column is a bit too specific, and biased to favor your own product in the comparison. I think a more fair column would be “encrypted at rest” – even if it comes out that your own solution is the only one that ends up with a green check mark.
We also thought of renaming it to "Mailboxes Encrypted Individually". We really wanted to make it clear that each individual mailbox is encrypted. Any other suggestions?
Why does that matter? As in if I as a user have three mailboxes, they're encrypted individually? Or each customer has their mail encrypted separately to other customers? I think the latter is worth mentioning more than the former (though if you're doing the former you're of course doing the latter also).
Correct, the former. There are no other open-source email servers (or closed even) that does the former that we know of. The deep-dive write-up is here if you want to read more https://forwardemail.net/encrypted-email.
Edit: It matters because if someone has access to the filesystem, or our MongoDB database, then they still can't read/write to your email mailbox because they don't have your IMAP password (which we only show to you _once_ for 30 seconds and render in-memory). We use ChaCha20-Poly1305 encryption on the SQLite mailboxes (which is generally considered quantum-secure[0]). Passwords are generated[1] via Node.js `crypto.pbkdf2`.
I guess since you encrypt the whole sqlite db that means you can still offer indexing and FTS while remaining encrypted. But, the application would still have the encryption key in memory. So this protects against an attacker/bad-actor that can access the FS but not if they could access the memory space of the application serving mail items. Is that right?
On "matters" - I was distinguishing all of a customer's mailboxes being encrypted together vs their mailboxes being individually encrypted. I was saying that the former is the most useful point of comparison I'd want to see - is my data encrypted separately to other people's - not the latter. But I may not be representative.
Don't believe the armchair scare-mongering "experts" that will undoubtedly tell you in these comments that no big provider will receive E-mail from you.
I've been running my own mail servers for the last, well, 25 years or so. It's fine, if you get your own IP, don't get unlucky by inheriting one after a known spammer, and just keep a clean server.
Don't let other scare you into "having to use" Gmail or other huge ad-tech E-mail providers. That's not what the Internet was designed for.
Similar. It's been a good experience and no more or less successful than gmail. I've had a couple of delivery hassles (easily fixed) but plenty of stuff gets lost in gmail's or outlook's filters. So at the end of the say, not much difference in usability, but much more interesting :)
I've been using mailinabox and it goes to a lot of trouble to provide correct DKIM etc, which I'm sure helps avoid deliverability problems. (Thanks Josh.)
It largely depends on where you’re hosting your mail server. Certain providers (e.g. Digital Ocean) are a complete no-go. Their IP ranges are completely untrusted.
DigitalOcean blocks port 25 now anyway[0], since I think June this year, for all new accounts. So not really a viable option now. We have to relay email from our servers there. Bit annoying, and no support won't make an exception or turn it off after a bit of good behaviour.
Gmail generally works fine. Outlook works too most of the time.
"Outlook Enterprise" is a mess that refuses email for no good reason. Sometimes it's because Microsoft's DNS resolvers are broken (and can't validate SPF/DKIM), sometimes it's because the mail server rewrites message headers and then tries to validate the signature (which fails, obviously).
Set up an embassy. Register your domain for Outlook, but don't really update the DNS (just add Outlook to SPF and DKIM to pass the validation, but don't change the MX). Then tell your MTA to send through Outlook servers when the destination is there (detecting this is a bit tricky), otherwise route normally.
I haven't really implemented this in production, but it worked for me one time as a proof-of-concept when I had an issue with disappearing mail - my message went through that time. Later it worked without any tricks, so I haven't bothered.
Sorry, nope. It was my own idea (to best of my memory, I haven't seen this anywhere else, so I think it was an original one), I've tried it out, it worked, but I never finalized it, nor wrote anything about it.
It wasn't anything complicated, though. I've just did the documented steps to set up Outlook with my own domain (not sure if that's a free option, I have MS365 subscription for Office apps), except that I made no changes that would disrupt my existing mail system - I've added to SPF and DKIM instead of setting/replacing them, and I haven't touched any MX records at all. Then I've just grabbed Outlook's SMTP details and sent a test email to my other test Outlook account via SMTP and it got delivered with my email address, which gave me a confirmation that my idea had actually worked. I haven't really updated my MTA to do the routing thing, as I was about to replace it anyway (I did since then, replaced Postfix with Maddy).
Maybe your domain isn’t on blocklists, but what about your IP?
Assuming you don’t send spam, the question of whether or not your IP is on blocklists is primarily a function of both how long you’ve had your IP address, and how well-behaved its neighboring IPs are.
For example I just tried checking[^1] the public IPv4 address of a VPS I’ve been managing for about a year. It’s never sent or received any email for at least as long as I’ve been using it, but it’s showing up on two blocklists![^2]
Surprisingly, my home IP address (which is a dynamic IP, in a pool of other residential IPs) is only on two blocklists[^3] as well. I would have expected more, because in my experience IPs known to be residential are almost always blocklisted, just as a matter of fact!
Of course this doesn’t check the main blocklists used by Microsoft and Gmail. I’d expect my home IP to be on those (because I’d expect the entire pool to be), but maybe my VPS might not be!
Anyway, the point I’m trying to make is that whether or not the battle has been “lost,” it’s definitely stacked against anyone who doesn’t start out with essentially a known-good, static IP address that you can control the reverse DNS record for.
You could do absolutely everything else right, but if you can’t get ahold of an IP address from a reputable provider that isn’t known for spammers using their service, you’ll probably have a lot of trouble with delivery of outbound mail. And that’s not a battle that I want to fight right now…
Yeah... this tends to be the issue. Also, I wouldn't even bother trying to get removed from the UCEProtect blacklists, it's literally just extortion. (luckily I use a small hosting provider so they're not even on the UCEProtect lists)
You're naively ignoring the simplest solution: smarthost through a provider with a good reputation.
You still get to control your incoming email, your filtering, you get logs of everything, you control your email at rest, and you'll still get good logs for outgoing, but deliverability simply is no longer an issue.
So, what other objections do you have for email self-hosters?
Then either you didn’t configure your server correctly or you were trying to run a server on an IP address that’s part of a blacklisted netblock (e.g. residential).
I’ve had a mail server in colo for over a decade, and I even recently had to change IP addresses on that server, and I’ve had zero deliverability issues. Set up SPF, DKIM, and reverse DNS, and obviously don’t do anything stupid like send spam or leave an open relay, and you should be fine.
> Then either you didn’t configure your server correctly or you were trying to run a server on an IP address that’s part of a blacklisted netblock (e.g. residential).
This is frequently the case but not always. Sometimes you don't have any server issues, and originating IP is totally fine, but your messages are 250-accepted then somehow just disappear into the void without reaching the recipient mailbox (not even the "spam" folder).
Fortunately, it's rare (in my experience), but super annoying when this happens, because with FAANGs there's absolutely no way to reach out for any technical support (unless you know someone who works there and they can help you).
I been running my own mailserver for ~two decades.
Never had much deliverability problems and none at all with google.
Outlook sometimes is a problem but I always got it fixed.
Nowadays I user docker-mailserver which is a bit more low level than mail in a box but much easier to setup than everything from scratch
The game is far from lost. You need to be able to set PTR, which you can do by sending from a cheap VPS, otherwise basically everything will block you as spam. Other than that, it's not too exclusive, for lack of a better word.
FWIW, I use MIAB and my e-mails aren't dropped regularly from what I can tell. Before this, I was using a mix of CPanel and gmail but for a variety of reasons, I wanted to take greater control of my e-mail.
I signed up with a small VPS/hosting provider that offered a decent amount of storage space with their VMs. I don't send spam and have maintained the domain name for a lot of years. I checked the IP for blacklists before migrating the domain to it. I may have had to e-mail one blacklist provider about being removed but if I did, I don't remember it.
Since MIAB sets up DKIM and SPF, your deliverability is pretty good out of the box. I don't send spam and so I think the IP's reputation has been getting better and better over the last few years. The truth is that for personal e-mail, the majority of messages are inbound and that's really not a problem.
So you go through the effort of setting up your own mail server only to send all your outgoing email through a third party? Why even bother at that point?
There's value in running your own inbound server. Some of the big services will silently drop "spam" into the bitbucket. It's just gone. I've had this happen on Microsoft 365 accounts.
By running your own server you can deal with spam as you see fit. I get very little so I deal with it using the "delete" function in my MUA.
Personally I do it because most of the services I tried were dropping mail that I cared about. No amount of "whitelisting" with their provided tools would prevent this. Almost all big inbox providers perform a very early filtering step before even considering user rules and filters.
But I don't want to bother with outbound reputation so I still use relays to send messages.
I recently set up my mail server using docker-mailserver and I can send stuff to gmail and outlook no problem. Just have to follow instructions and set up DKIM, SPF and PTR records properly.
Someone who understands they can't make a small email server project that can resist a state-scale adversary,and won't bother with people arguing for that level of privacy.
It's more secure, generally, than Google, or Microsoft, or Yahoo, if you know what you're doing, for all of not having the possibility of getting locked out of your own email for no discernible reason and with no real recourse, for not allowing intrusion through other mechanisms of their massive infrastructure, or for not allowing access to your email at rest. Also, many large cloud providers still have issues where one customer can masquerade as another. They don't learn.
Since there's no way to ever know with any certainty whether employees at any large provider is looking at your email (we already know they're scanning it), then you can never have any certainty at all about how private it is. If you set up an email server that uses SSL / TLS for SMTP delivery and reception, then you'll have logs showing whether email you sent or received communicated with the sender's / recipient's email server directly, using encryption, without anyone in the middle being able to intercept.
We can't control the fact that if the NSA really wanted, they could likely make a certificate for any domain that appears legitimate to our servers and do a MITM. Therefore, while I'd assert that my servers are much, much more secure than Google's, I'd never be so naive to say it's "NSA-proof" because of limitations of the Internet that don't necessarily apply to the NSA.
everyone already knows this though.... Ive never seen any software with zero bugs... maybe he is trying to bring awareness to the fact that programmers suck
If my memory serves the project started around the time of a popular blog post called NSA-Proof Your E-mail[1]. It may have been Josh's inspiration for the project, I'm not sure. In any event, the techniques described are pretty standard mail hosting and so MAIB's techniques are pretty much the same. I think it's just saying that while it does improve some things, it's not going to be what that blog post promised.
- Setup was largely painless. Main problem was making sure dns settings at my domain registrar were correct.
- Almost zero problems with mail delivery on the big providers [1]. Last time my email was dropped was by amd.com.
- Last year had to do a major version upgrade to mailinabox and it was a huge hassle. I think they need to improve on this. Rolling updates are painless.
Here is my advice to people who are on the threshold of wanting to host their own email, but are unsure because of mail delivery issues. Well, there are zero problems with incoming mail. So setup mailinabox and use that email to register for websites [2]. Use it for all your mailing lists etc.
Do it for a few years and see how it feels. Occasionally send out email. If enough people do it, then over time it will become easier for more people to host their own email.
[1] I have a theory that I deployed. I asked a whole bunch of people with gmail/hotmail email addresses to send me emails first on my new email. I then replied to them. I think this ensured that from that start I was put on the good lists.
[2] Use websitename@yourdomain.come to register. Easy to block spam this way.