This is exactly the right perspective. If the US has secret warrants in the form of NSL (National Security Letters) or similar, it's easy to imagine Australia having precisely the same thing. I've enjoyed being a user of fastmail for some time but I'll be switching to one of the new projects (e.g., LEAP) or self-hosting in the future.
>I'll be switching to [...] or self-hosting in the future
I can really recommend self-hosted email. This is not as hard as it sounds. Of course, you should have the following abilities:
1) find some good documentation (or friend) that explains a clean setup with spam filter, correct DNS/SPF and HELO entries, such that you don't get on the blacklists. Note that this is almost a one-time effort, you'll have to adjust things every 5-10 years, I guess. [1]
2) be able to administrate a Linux/BSD machine, i.e. to keep it simple and up-to-date in the long term.
I really hope that Tuxevara will finish his series about a modern email setup. This is his first part:
[1] For example, I had to add SPF entries since my mailserver also had an IPv6 address, otherwise Google and others blocked me - for understandable reasons.
Where does one host such a service such that one's neighbors haven't put your subnet on e-mail block lists? I wasn't able to host e-mail from my home IP address; do spammers not pollute the waters at hosting companies? Can you buy an IP address that isn't blacklisted, and won't be part of a subnet block?
Since there is so much malware out there delivering spam from private computers, dynamic IP ranges (which is what you usually get at home) are part of every modern blacklist.
Yes, this is very unfortunate. It means that you'll either have to rent some server or virtual server (which makes sense if you want to run tons of other services there).
Or, you'll need some VPN (possibly in addition to an IPv6 tunnel), which is cheaper.
A third option is to rent an own server/vserver, but to keep the costs low by sharing it with friends.
> I can really recommend self-hosted email. This is not as hard as it sounds.
For me the biggest hurdle is absolutely not the manual setup process or the need to adjust things from time to time. Rather, it’s the fact that there doesn’t seem to be a simple, quick and reliable way to tell if my setup actually works.
How can I be sure that my email actually reaches its destination? That there’s no error in my DNS entries? That an obscure email service used by one of my clients doesn’t whitelist only major email providers? Can I be sure that things fail loudly when they don’t work?
I really hope I’m wrong and it’s possible to implement some kind of monitoring that tests my self-hosted setup and alerts me by SMS if something’s wrong with it.
I've self-hosted my email for years, and for the past 5 or so have had a stable IP address. I've got SPF records, but am missing DKIM.
I've had no problems, but just recently I had two separate emails be ignored by GMail users. Some followup communication suggests to me the mails were never seen, but I am unable to find out if they ended up in the spam folder or not. (At least one other GMail user did receive a recent mail from me.)
That has shaken my confidence in my email setup, which has run without issue for many years now.
And I don't have any end-to-end tests, other than seeing people reply to my emails. I occasionally check my domain on various blacklist checkers.
> That an obscure email service used by one of my clients doesn’t whitelist only major email providers? Can I be sure that things fail loudly when they don’t work?
These are simply symptoms of FUD. Using that line of argument, you'll always end up with the biggest players, even though there is no technical reason to do so.
> to implement some kind of monitoring that tests my self-hosted setup and alerts me by SMS
On the other hand, how would you check that $BIGPLAYER's mail setup works with any other email service? You can't. Could you blame anybody at $BIGPLAYER? In a free service: No.
So why would you want do put so much higher standard on your own setup than on $BIGPLAYER's setup? Just to be able to say: "Oh no, available technology is not good enough, I'm staying with $BIGPLAYER."
Obviously I trust $BIGPLAYER’s setup. To name a few reasons: 1) their large user base makes it simply more probable that a given bug will be discovered by someone else than me; 2) they have a dedicated team with more experience and resources to spend on testing and fixing bugs; 3) their setup has been working for me for many years now.
I was unaware of LEAP, I assume you mean: https://leap.se/en/services/email ? Interesting approach, to use a local proxy to be able to transparently wrap legacy SMTP/IMAP with some added security and convenience beyond "just" GPG/PGP.