The real problem for a small company mail server isn't setting up a respectably secure operation: set up SPF and DKIM and you're good to go. The problem is maintaining deliverability for anything more than very casual usage of mail into a very complicated ecosystem. At any point in time a random switch can flip on some heuristic somewhere and suddenly a large mail provider will reject you, or you're on a blacklist that provides no explanation or ability to remove your mails, and that isn't isolated: it will spread throughout the ecosystem, and leave a stain that can linger for a long time.
I've run a few-thousand person newsletter mail list for more than ten years, and fairly recently switched to SES because it's simply not possible to guarantee deliverability even at that modest scale running it yourself from your own servers. If you're not hooked into the ecosystem then you have to fight ongoing battles that only a professional in the mail deliverability business has time and connections to understand and effectively win.
Even then, you have to be very careful: don't mention sums of money (e.g. censor all discussion of research funding), don't trigger dumb spamassassin rules (e.g. sentences with lots of long words in a scientific paper), don't talk about known trigger words (e.g. no scientific articles on the role of growth hormone in mouse aging) and so forth.
It is crazy. The absolutely rational response to all of this is to outsource mail delivery.
The real problem for a small company mail server isn't setting up a respectably secure operation: set up SPF and DKIM and you're good to go. The problem is maintaining deliverability for anything more than very casual usage of mail into a very complicated ecosystem. At any point in time a random switch can flip on some heuristic somewhere and suddenly a large mail provider will reject you, or you're on a blacklist that provides no explanation or ability to remove your mails, and that isn't isolated: it will spread throughout the ecosystem, and leave a stain that can linger for a long time.
I've run a few-thousand person newsletter mail list for more than ten years, and fairly recently switched to SES because it's simply not possible to guarantee deliverability even at that modest scale running it yourself from your own servers. If you're not hooked into the ecosystem then you have to fight ongoing battles that only a professional in the mail deliverability business has time and connections to understand and effectively win.
Even then, you have to be very careful: don't mention sums of money (e.g. censor all discussion of research funding), don't trigger dumb spamassassin rules (e.g. sentences with lots of long words in a scientific paper), don't talk about known trigger words (e.g. no scientific articles on the role of growth hormone in mouse aging) and so forth.
It is crazy. The absolutely rational response to all of this is to outsource mail delivery.