Why can't I host my own email?

The problem is that spam was/is so bad that extreme measures were taken to curb it. There are all kinds of invisible forces that you abutt that can be difficult to figure out, such as IP blacklists and the like. And even if you set everything up properly and host your email with a responsible host, Microsoft will still mark your mail as spam.

I host my own email server with Vultr on an OpenBSD VM using OpenSMTPD and Dovecot, relaying all outbound mail through SMTP2Go (their free tier more than meets my needs). I have all of the necessary DNS entries set to mark my mail as legit, and I sign all outgoing mail using strong 2048-bit RSA keys. Thus far, I'm able to send mail and not have it marked as spam (at least to everyone that I've corresponded with thus far). It was a lot of work to get to that point, but not terrible.

I've been self-hosting email for about 20 years, from a dedicated server in Europe. The server hardware has been replaced a couple of times but kept its IP.

If you set everything up right, and choose the host for your mail server carefully, and never change IP, after a fairly short time you won't have much problem with being marked as spam. No more so than with any other email host.

As is so often the case, the people that say you should never do it probably have little relevant experience, they are just repeating something they heard.

There's a lot to say here from both sides - people running their own mail infrastructure (like I have for almost 25 years) and big mail providers dealing with brutal, unrelenting spam.

But there is one piece of this that's ridiculous, broken and almost cruel: silently dropping messages marked as "spam" with no notification given back to the sender.

Why does this practice exist ? Who believes that this is decent or acceptable behavior ?

If gmail doesn't want my inbound message - for any reason - that is just fine.

If they drop it on the floor without telling me that is totally shitty.

You can host your own email.

I have been hosting my own for at least 15 years now, and I don't have big issues - I can deliver email to MS, gmail, et al.

Pick a decent hosting provider (not the cheapest options around!), make sure you have matching reverse DNS, forward DNS and HELO name (exactly the same is best!) on both v4 and v6 (if you have v6), disable IPv6 privacy addressing for your mail server (again, if you have v6), make sure you set up SPF, DKIM and DMARC, and keep your server secured.

By following these rules, in 15 years I have had only had deliverability issues with AT&T and Deutsche Telekom - both of which were fairly easily resolved.

In terms of software, you can use one of the out-of-the-box email server packages, but I personally run postfix, dovecot and rspamd on a debian stable VM. Stick to the versions from the repos and you'll have very few problems upgrading it in future, too - my current mailserver VM started on Debian Squeeze or Lenny around 2010, and is currently on bullseye (the latest stable).

If literally anyone could find your Mastodon address and message you, you'd get spammed daily there too, and it'd be the same problem.

So you think, fine, whitelists! But you still need to be able to accept messages by new authors without knowing their From: address ahead of time. You'd have to comb through your spam folder past tens of thousands of messages from new authors to find the one new genuine sender. Rings of trust don't solve it either because either you get spammed by someone in a ring of trust, or messages end up in concentric rings of spam folders.

You can host your own mail. It's just very hard to do it correctly, easy to screw up, and there's basically no gain whatsoever by doing it yourself. Some problems are just difficult and cannot be easily solved by a single person. You can't be your own CA [and have anyone trust your connections]. You can't create your own TLD [and have everyone be able to resolve it]. You can't create your own ASN. You can't create your own IP address. There are some things in life you have little to no control over, even on the Internet.

Microsoft in particular is a total pain in the ass to deal with.

I was hosting my own mail server, did not have open relays and I know 100% sure nobody on my server sent spam. It was fully configured with all the DMARC and SPF trimmings.

Yet one of my users needed to email users at live.com/outlook.com/hotmail.com and kept getting banned. Every time I was able to unblock it using an automated link.

One time it didn't work and I actually got through to someone. He was like "Yeah, your server doesn't send enough legitimate emails so it doesn't build up 'reputation'". This sounds ridiculous, not sending spam is not enough, you have to send a certain amount of legit mails to stay unblocked??

Anyway it kept happening so I eventually gave up :( It only happened with consumer MS-hosted emails addresses though. I had no issue reaching companies using M365 for business.

But email is just so incredibly broken... All the patches to kinda try and fix it are a mess. We need a whole new protocol.

You certainly /can/ self host. I've been self hosting my own email since circa 1999 on my home internet link. I've been through four different ISP's in the ensuing 22 years, but email still flows.

What often happens is that virtual hosting firms (Linode, Digital Ocean, etc.) are often used by spammer's for their hosting too, and so if you try to host by renting a "cloud vm" or "cloud server" and are unlucky to have an IP address a spammer previously poisoned, or just happen to be in the same netblock as a prior spammer, you find your new IP often 'blocked' from the big services, for no good reason than you happen to be from a "bad neighborhood". And this is usually the genesis for all the scary stories about "can't self host".

But reality is, you can self host, but you do have to set things up with all the modern requirements (SPIF, DKIM, etc.) as well.

You can set up your own email server. There isn't anything to "fix" (unless you can "fix" all the spammers) but does require setting up SPF in your DNS and it helps to support DKIM/DMARC. Also, your internet provider / VPN host likely blocks port 25; if that is the case, you need to use a "smart host" email relay service.

https://www.google.com/search?client=firefox-b-1-d&q=self+ho...

https://www.google.com/search?q=self+hosted+email+server

https://www.google.com/search?q=dkim+dmarc+spf

Self hoster of 3 years here. You can do it. Don't let the big players scare you off when they send your mail to spam (GMail) or outright 550 refuse to accept it (Microsoft).

So far I've managed to avoid needing to relay my mail out using something like SMTP2Go but eventually I may have to. For now GMail seems to be learning when I email my regulars and Microsoft unbanned me after I joined their Outlook.com Smart Network Data Services (SNDS)

In better news, incoming mail works flawlessly. It's even spam free if you use a catch all address (dodgywebsite.example@yourdomain.example) and drop mail from any company that leaks your address out.

>How do we fix this?

You start by taking every person who says "not worth it, man, just use GMail" and beating them with a rubber hose until they install and run a mail service for their vanity domains.

More seriously, it's possible we've let this problem fester for so long that it's going to take serious effort to fix. By which I mean governmental intervention. Google, Microsoft and Yahoo cannot be allowed to dictate who gets to send and receive email, as they effectively do now through their massive marketshare dominance.

Spam is a problem, but it's not an intractable one. In the 90s, sure, the technical problem was pretty hard. By the 00s, everybody just let Google handle it because Google wasn't going to Be Evil, and Google managed to solve it with a giant technical hammer.

Technical people also tend to dismiss solutions because they don't fix every problem. The old Spam Solutions Checklist exemplifies this attitude. But what we have now is worse, i.e. just letting the world's most invasive corporation control all of it.

You can, and should, host your own email. The more people do this, the more companies like Google and Microsoft will be forced to accept email from small servers.

That being said, when you set it up, make sure you set up an SPF record. Also, check the IP Address to make sure it is not already blacklisted.

Cpanel makes it almost effortless to set up an email server, if you have just a little bit of tech know-how.

I've hosted my own email since, at least 1993 (that's on the Internet: I was on UUCP at least some years prior to that).

If you have a static IPv4 in a range that is not actively hostile, and you have proper SFF/DMARC records, things should generally work out?

And otherwise, services like https://www.mailchannels.com/ should help? (Still, you will need proper SPF records.)

I've literally had a 95+% delivery rate from users in actual Lagos Nigeria using the strategy outlined above.

You start by grouping all sources of advice in to two categories:

1) those who say you can't and/or shouldn't do it. They don't know you. They might as well say you can't fix your own computer, you can't learn to write a shell script, or you can't fix your own car. They "can't" because they're afraid of failing. Ignore them completely.

2) those who say you can, and give you tips on what's difficult and how to make things better. Obviously we can self host, as many people, myself included, do self host, have done so for ages, and will continue to do so.

Some people in category 1) try to make themselves seem reasonable by bringing up these huge lists of things you have to do, but it's all completely doable. Just recognize when a particular person happens to be in category 1), and stop wasting time with them :)

I've self-hosted continuously since the late '90s, and I've even experimented with starting over, so to speak (that is, starting with a completely new domain and new IP), and it's work, but nothing beats OWNING your own data and email. Having direct access to logs means you know exactly whether delivery attempts were made, whether destination servers accepted email for delivery, and precisely when. If you have an interest, it's totally worth it.

You absolutely can host your own email server. I did for over a decade. Spam ranking is tied to IP addresses so you just need to get an IP address that doesn't already have a bad reputation, and build it a positive reputation over time. Then, as long as you don't send spam from that IP you should be good as long as you keep the same IP for your server.

That said, I abandoned running my own email server years ago. It only went down a couple times on me, but when it did it was always when I really didn't have time to fix it (which is basically always). It's not really difficult at all, but it's MUCH HARDER than just using gmail or whatever.

Of course you can. Just try it, and you'll see that the problem isn't "I can't", but rather "I don't want to deal with this shit"

In my opinion, the difference between Mastodon/ActivityPub/the fediverse and email is adoption. If Mastodon was more popular:

- A handful of instances provided by large companies would probably crop up and end up hosting the majority of users

- Spammers would notice that they could reach a large number of people via Mastodon, and start spamming

- The providers of these large instances would moderate heavily to prevent their own instances being used for spam, and begin blocking / not federating with small instances

I should add that spam is probably _already_ a problem on Mastodon, but perhaps not to the extent that it is for email since the average Mastodon user is (for now!) way less likely to fall for a scam and therefore a much less valuable target.

I want a whitelisting system for email where:

* If you're whitelisted you get through or I can manually whitelist you.

* If you're not whitelisted, I send a bounceback response stating that I'll look at your email for $X where X is set by me ( e.g. $0.25 or $1, but I decide). No guarantee of refund, but I have the option of refunding. For me, if you wasted my time, I won't refund. However, if you're a legit human that isn't marketing to me, then I would refund.

Then, I just adjust the price until spam disappears or I'm willing to look at your spam at that price.

Apologies if I'm being dismissive, but obviously it's possible to host email. How much there is to fix is a matter of perspective.

All that's required is to properly configure the service. Beyond that you probably haven't paid the people who run the other system enough to accept mail from you; they're under no obligation.

I'd go on about socioeconomic factors, demand-side economies of scale, perverse incentives and why it's more expensive to send than receive but that's a whole thesis dissertation and belaboring the point a fair bit.

I've set up my own mail server with Mailcow (https://mailcow.github.io/mailcow-dockerized-docs/). Can't have taken more than an hour to get everything set up, including SPF/DKIM records for the domain. Set the domain, throw a `docker-compose up -d` at the repo and it Pretty Much Works (TM). I need to set up something to parse and visualize the DMARC reports from other mail servers at some point, but that's it: fully-featured mail server with ActiveSync, spam quarantines, AV, no diving into obscure config files necessary. Alternatives like Mailinabox provide a similar experience.

Some mail servers (Gmail, Outlook) discriminate against small mail providers by marking their stuff as spam. Ironic, because the spam I receive almost exclusively comes from free mailboxes. It doesn't happen consistently, and it tends not to happen anymore once the other party responds.

Truth to be told, I receive WAY more email than I actually send so I usually don't need to care about being marked as a spammer. I care more about control over my emails than I care about the occasional reminder I need to give Outlook users to check the spam folder.

I host my own email. I'm not permanently marked as spam/blacklisted. Although it takes a fair bit of tedious setup and configuration to get it to work right. And every now and again a blacklist site will mark my domain temporarily when it detects that some server in my IP block is acting suspicious. This mainly happens because I host on a VPS.

The only problem with email self-hosting is just how many moving parts are involved in a typical setup if you're using tools from unix-land. You need many different programs to work together in a typical setup:

- postfix

- dovecot

- spamassassin

- fail2ban

- kerberos

- ssl+tls

- etc..

And you have to know about how unix account security works because some of the older programs haven't been updated to use modern authentication mechanisms and so they need to be isolated and carefully managed, etc.

The other problem is DNS/verification. You have to set up your DNS records with arcane configuration options that are not well documented in order to play along nicely with the email community and not get blacklisted/blocked.

Some projects have popped up to try and offer containers that have everything pre-configured. ymmv.

There’s a lot of FUD out there about hosting your own email. I’ve been doing it for years and it’s great. Use postfix and dovecot, and research how to maximize your delivery.

I notice that people recommend against self hosting by pointing out that gmail, aol, hotmail, etc. are likely to hide your email in spam folders, refuse it, or just silently drop it on the floor. The flip side of that is that these companies are providing broken email service to their customers: it’s not a mail delivery problem for me, it’s a mail acceptance problem for you. My email setup gives me about one false positive on incoming mail per year, at most. So don’t use these providers; their service is broken.

I have run my own mail server since maybe 1995? As is the case with most things I have learned how to do with computers, there are a few guidelines to follow (SPF, PTR record, etc.) and it helps to have a static IP from your ISP, although not necessary - I have several clients still hosting email using DDNS.

You may wish to consider using something like a Synology NAS where a stripped down mail server is a free feature for 5 mailboxes or less. They also support DDNS...

And when spam levels get high, a quick analysis of source IP addresses gives me new entries for a block list at my firewall. I wrote a simplistic visual basic script to harvest the IP addresses, since I still use Outlook as my PIM.

Currently, because MS and Google more or less have a duopoly on email. They don't trust you not to send spam, and they will make it as hard as possible for you to prove that you're not a spammer. Ostensibly this is so they can protect their users. More cynically, I suspect they're quite happy about this.

Historically, because we are - for whatever reason - unwilling or unable to deal with spammers. I mean the people sending the spam and profiting from it. There are virtually no repercussions for spamming millions of people with garbage on a daily basis. Every cent you make is profit.

Putting spammers in prison would make it a lot easier to go back to hosting our own mail servers.

I believe the magic part is to find a VPS whose IP block isn’t spam-tainted. Avoiding the largest VPS hosting providers may conceivably help. But really I have no idea, and maybe one just has to try a few. I’m one of those people who have been self-hosting their own domain and email for roughly twenty years, adding stuff like DNSBL, graylisting, DKIM, DMARC and SPF as they became established. But very low-maintenance overall. I never had any perceptible problems with mail delivery. Some spam gets through DNSBL/spamassassin, but it’s on a very manageable level. I guess what I’m saying is you should give it a try. We need more people doing that.

You can self host; you just can't (easily) self-host your outbound SMTP.

That's okay; SMTP is a system based on forwarding hosts. You still have an SMTP server; it just doesn't send directly to a destination, but is configured to talk to an other SMTP server, one which is reputable (or else itself routes through a reputable one).

Hosting the receive side of e-mail is no problem at all; you do need an ISP with port 25 open. You can also run your own SMTP server easily. I run a TLS-enabled SMTP server on port 587, to which K-9 mail on my phone connects.

Hosting you rown IMAP server, webmail and all that: all no problem.

Just you have to figure out the sending situation.

I've self-hosted my email on my own domain, own box, in my own home, on my own internet connection for two decades now.

I've not had trouble being marked as spam, I have set up dkim and spf.

The real reasons you cannot self host is a combination of:

ISPs blocking outgoing TCP traffic with destination port 25 and does not provice a smart-host / relay for you to use or does provice a smart-host, but do not document it, or configures it in such a way that it only relays if you have some authentication that you don't, or that reverse-dns is configured (at the same time, they do not provide reverse-dns for you).

"I can host my own Mastdon server ..."

Is an e-mail provider required in order to run a Mastodon server.

https://docs.joinmastodon.org/user/run-your-own

I think e-mail, i.e., the software, is "decentralised" if one is willing to break conventions and standards applying to how it is used. The way email software is used today is of course highly centralised, for various reasons. However the option of using email software to administer email in a decentralised way, i.e., going against standards and conventions, is not a topic one ever sees discussed.

With every item of software, there was a time before the standards and conventions existed. The software still works without the standards and conventions. Someone had to test it before those "rules" were established.

But an "email industry" has arisen, and a ridiculous number of individuals and organisations choose to depend on mostly unregulated third party "email providers". When people encourage others to follow conventions and standards, such as using third party email providers, e.g., because it's easy, and others follow these suggestions, a decentralised solution can effectively become centralised.

I host my own servers and have no problems with it, here some hints:

https://support.google.com/mail/answer/81126

https://www.mail-tester.com/

https://mxtoolbox.com/diagnostic.aspx

Test test test, and you will be fine.

It is entirely possible to host your own email server, I do it for example, there is no way to reliably know that other people are receiving your message.

That is: When self-hosting email you can reliably receive email, but can't reliably send it.

The fundamental problem is that email is a broken protocol and too many people are making too much money mitigating the problem of spam rather than solving it.

Companies that need to keep their email servers working have to deal with extortion from anti-spam companies to attain reliable message delivery. It is a racket.

This means that even if you get everything working 100% with all the perfect security protocols and conventions in place the chances of anybody actually receiving your email at this point is roughly 50/50. There is nothing you can do to ensure reliable message delivery without getting your servers whitelisted by most of the popular spam houses. And even then you have to deal with large public companies like Google and Microsoft that may or may not forward messages to recipient based on secret rules that change constantly.

So while it is possible, I host my own email, I can't rely on it. I use gmail for situations were reliability matters.

It is better to use something like Mastodon for correspondence if you can help it.

I host my own email and never get marked as spam.

One fantastic tool is: https://www.mail-tester.com/

And another is Gmail. When you send an email to Gmail you can see some spam info in the headers which you can use to fix problems.

I just hope I never get blacklisted. Sometimes you can fix this by sending the blacklist a message but this is not always possible.

I've successfully hosted my own private mail server [1] on a Hetzner system for the last 6-7 years. It's a steep learning curve, and a rather large time sink in the beginning to set everything up, but it's been running smoothly ever since.

[1] https://news.ycombinator.com/item?id=30428882

You can host your own email. I do.

What you can't do easily is talk to other large public email servers. Which I don't.

My home email server receives email I send to it, but won't forward email to other domains. This is very useful - basically anything on the iPhone is shareable via email, so now I can capture a copy of things outside of the phone easily and privately from anywhere without having to go through an untrusted third party such as Google.

In addition to having SMTP setup, I have IMAP setup, so I can retrieve email from my phone or other email client that various other self-hosted services on my local network generate, or my desktop PC running Thunderbird.

I do have to monitor logs as I get regular password-guessing attempts on the services. I have a script that checks for repeated failed logins or other bad behaviors and adds malicious IPs to a blocklist ipset.

It would be interesting to federate with others and participate in a private SMTP network. I'm sure these already exist.

I run an AWS instance that hosts my own domain mail server. I have hundreds of email addresses, and each of them is forwarded to a gmail account. (I use the myaddress+tag@gmail.com to make each one unique. I do this to identify and squash spam - if one email address becomes contaminated, I delete it and change my email on the compromised company's server.

I also run a mailing list server.

So my email is usually sent from a gmail.com address, and I usually receive email on my own domain.

Some lessons - sending email from your own domain is difficult as you have to not only make it accepting to spammer-averse sites. You also have to protect it from sites that would LOVE to relay email through your server.

As for receiving and reading email on your own domain - you have to provide your own spam filters - and this is VERY DIFFICULT. 320 billion spam emails are sent every day, and 94% of malware is delivered in those emails. That's one reason I use gmail as the way I read email.

I was a little discouraged after reading previous threads here, but decided to give it a try anyway.

I tried mailinabox and mailcow which didn’t work out, but mailu did.

Final setup is a pfSense vm on vultr, VPN back to my local pfSense box (with snort filtering) and mailu in an LXD container. Mailu guides you through setting up various dns records which helped me a lot.

I've been using https://maddy.email/ for self-hosting from my own home server. It's amazing! It's the first time email setup has been easy for me. I don't have any problems with SPAM so far, and gmail accepts my messages without issue.

You can host your own email but there are a few things you need to do:

1. Setup SPF, DKIM, and DMARC - you need to do all three.

2. You want to use an IP range that is not otherwise used by spammers or marketing people. This may be hard with a virtual server in just about any datacenter.

3. Consider a 3rd party spam filter, unless you like spending a lot of time on spam filtering.

I hosted my own email for years and had no real issues. The only reason I stopped was that my main motivation for self-hosting was security, and there are now providers (ProtonMail, FastMail, et al) that are reasonable options to solve for my needs and require no maintenance effort on my part.

My experience has been that all the major providers will deliver mail if it's appropriately signed with DKIM and you have proper SPF records, as long as you aren't originating from an IP that has a low reputation score. The biggest challenge is getting a clean IP, since there is limited IPv4 address space and most IPs have been recycled so much at this point that they all have low reputation scores. The best way to get an IP with a good reputation score is to host on physical hardware, not on VMs, with a smaller provider that has minimal customer churn.

Hosting email isn't hard. Hosting email that blocks out spam, and prevents your server from being hacked is more work.

There are some nice middle grounds for self hosting like zimbra, or for the less adventurous, a tool like MDaemon which lets you self host but provides support in the right areas. Incoming email is pretty trivial, and outbound email can be greatly improved by using an external outbound email service. Whatever works for the level of time you want to invest and maintain.

Try it out with a domain and you'll see if it's ok for you. You have to remember a lot of developers today don't have devops or hosting skills. There are developers who did have to manage complex web hosting themselves so it's not completely out of the realm of possibility. I self hosted for a long time, switched to cloud, and am thinking of switching back.

First, you need to set up the technical side: rDNS, SPF, DKIM, DMARC, no IPv6, TLS, etc. Lots of guides on the internet for that.

After setting up the technical side (which you can test with a site like https://www.mail-tester.com), you need an IP (v4) without a bad reputation. This is the hardest part, because it's less easy to control.

If your IP has been used to send spam, or sometimes even the neighbouring IP's, you won't get through to a lot of providers.

These are the best places (in my experience) to check IP reputation:

https://talosintelligence.com/reputation_center/lookup https://senderscore.org https://www.barracudacentral.org/lookups/lookup-reputation

And also check for blacklists, for example with https://mxtoolbox.com/blacklists.aspx.

If your IP is on a blacklist, you can remove is most of the time by requesting it via their (90's looking) websites.

Also, if you send a lot of mail, Microsoft and Google have programs for senders to monitor reputation:

https://sendersupport.olc.protection.outlook.com/snds/ https://www.gmail.com/postmaster/

But... even with an IP with a neutral reputation, your mails may be sent to the spambox. You need some volume of legitimate email over time to build trust (this is called warming up an IP).

Write a letter to your Senator and House representatives. This is an abuse of monopoly position by Google.

Its true that self-hosted email servers usually get marked as spam but you can fix a lot of things and make it less likely to be blocked as spam using tools like: https://www.mail-tester.com/

I run my business' email on a cloud VPS. It's a two step solution, with a FreeBSD host running a tightly configured Postfix as my mail gateway, and a Windows server running hMailServer (This is a great piece of Windows-based open source software. Highly recommend.).

This solutions captures the majority of spam and phishing. Occasionally, a well-crafted piece of spam gets through, and I check the Postfix config to see if I can close that hole.

What I do monitor closely are the valid emails that Postfix rejects. This happens a couple times per month, and is mainly due to the sender using GMail, and Google's mail servers being marked as sending spam.

Overall, I'm pleased with this solution. It's minimal configuration, minimal maintenance, maximum usefulness.

You can self-host, it works fine. If you want to run the server from a residential IP though, you will have a bad time. Otherwise, you may have to manually delist your IP from a few blacklists. It's not nearly as odious as everyone claims, it just isn't very fun.

no matter how impeccable your rdns, spf, dkim and dmarc configuration is, even if you're an absolute master of configuring postfix and opendkim, etc, your outbound smtp deliverability success rate is going to be very much dependent on the reputation of your IP space.

the best possible IP space will be somewhere that the entire /24 and parent /22 or larger block does not belong to anybody else's low cost VPS, VM, dedicated server or shared hosting. Which is hard to find these days unless you personally know somebody at a mid sized regional ISP that can sell you a custom package of colocation and some small sized piece of public IP space (like a /28 or /29 for your server) in known clean IP ranges.

Networks are two things: technological constructs and societal constructs.

Technologically: email still works the way it always has.

Societally: because email as a construct wasn't built to account for spammers, and the after-the-fact patches to address this issue aren't universally rolled out or universally adopted, and there's little incentive for the big incumbents to provide opportunities for new players by shaking up this status quo, email has devolved into a (human)-trust-based network where your mail only gets relayed if the relaying source trusts you as a person, not a pseudonymous node online.

So you can stand up an email server, but the real legwork is in getting a trusted authority to peer with you and route your traffic.

I "sort of" hosted my own email using Sendgrid API free tier to send and webhook to receive, and a custom client in a Python MPA. I was chuffed I wasn't paying 5 a month for GSuite.

I looked later at, and set up, https://mailinabox.email/ and that worked fine too.

I'm not sure about all the cant, it's definitely possible and I never had an issue with deliverability. I had no idea what I was doing but I made sure I got all the right dkim secret and signing keys or whatever that was required set up "extra special like" for both solutions.

I was not sending mail merges though so maybe that would have thrown things off I don't know.

The biggest difference between the 2 protocols (Mastodon and email) are age and volume.

Email is old and used by everyone, Mastodon is new and used by nobody.

Email is targeted for attacks because it's used by a lot of people and there has been enough time to develop mass messaging tools.

A simple way to get most of the benefits of self-hosted email (run from your own domain, keep full control of your data, manage mailboxes yourself, etc.) without the problem of being marked as spam is to use a service like Amazon SES as an SMTP relay.

It is very doable, we host our own email servers at SmartSurvey and send a relatively high amount of traffic.

Depending on your skill/software it might take time for you to test your configuration is setup correctly although there are sites like mail-tester.com that will tell you whether you have SPF/DKIM etc. setup correctly.

The problem you might have is with cloud IP addresses. Since these are reused heavily, it is possible some attacker previously used your IP to send spam and got it blacklisted. If not (there are services to check IPs) then you should be fine but note that some lists block /24 ranges of IPs instead of specific IPs so some providers are fairly unusable.

What I don't get that we now have all the DMARC infrastructure, that should in theory enable to use the reputation of domains instead of IP addresses, but apparently nobody cares, and your IP has to be reputable, no matter what.

I was looking for this recently but as a Web3 service (so emailing other Ethereum addresses) and found one that let you host an email account but you had to stake X amount of money to use it to avoid spam (spam gets too expensive /awkward to do when you have to hold $100 for a week before you can use it). Didn't sign up but seemed promising that there could be some cool self-hosting options in the future that somewhat mitigate spam and avoids the whole current email issue. Obvious giant caveat that you can only email other people who have Ethereum wallets but still, thought it was pretty cool to avoid the blacklist problem.

I run several small business email systems in the UK. You do need to get at least SPF and the usual MX, A and PTR records sorted at a minimum. Also A and PTR and (E)HELO must agree.

You can relay your mail via another service if you need to gather some karma for your domain but ensure you get your DNS records right. That way you can run your own full mail system from a "dodgy" IP address.

It's not for everyone but neither is IT in general. If you can fathom a Mastodon server then you can manage an email system - technically speaking. However, you must get the basics sorted out and don't send anything that can be construed as spam!

You can do it, but spam filters are so extreme that you may find your mail goes undelivered or auto-filtered into spam.

Small hosting companies struggle with email deliverability, so you have to ask yourself if it's something you want to deal with. Sometimes if you end up on a blocklist there's no easy way to get off of it, and you may find yourself unable to get an email into someone's inbox until you have the time to redo a lot of work (moving to different servers, IPs, etc).

From my perspective, you're better off using your time to do literally anything else unless email is something you want a very deep understanding of.

There are two sides of email: sending and receiving. They use different protocols and often different servers. How about self hosting an IMAP/POP3 server and sending mail through the SMTP server of the registrar for your domain? I didn't investigate the feasibility but I own two domains and I'm sending email for both from the SMTP server of one of them (can't even remember why, so long time passed since it happened.) I receive on their separate POP3 accounts, check with K9 on Android (the original UI version) and download and filter to folders with Thunderbird when I have to.

You can definitely self host. In terms of spam there's a bunch of config you need to do to not be put into the spam folder automatically.

I've done it for my side project, not saying it was easy and require a bit of linux knowledge but nothing you can't google.

Off the top of my head you have to setup your DNS and enable DNSSEC SPF and DKIM records Make sure your reverse dns is setup correctly DMARC as well

After that it's pretty much the same as your big email providers you build up your reputation by not sending out spammy shit emails then that's it.

Note: Be sure to secure your email server otherwise someone will try to hack it

Google still marks some of my mail as spam even though I have jumped through all the spf/dkim/dmarc hoops. Yet I still get tons of actual, obvious, previously-marked spam in my gmail inbox. F google.

You can just fine. The nay-sayers are, frankly, just repeating old-wives tales for the most part.

I've been running my own mail server from a VPS (vpsdime) for somewhere around 6-7 years now and the only issues I've had were related to general sysadmining headaches.

Postfix+dovecot(+mysql) setup, SPF/DKIM/DMARC and reverse-pointer record set. Both microsoft and gmail happily accept my emails and give them all the little checkmarks. Checked just a few weeks ago as I added an new domain.

It's a bit of set-up, but email is ancient tech: once set-up it doesn't need much tending.

> I can host my own Mastodon server, or all kinds of other novelty / fun things

Curious, how easy it is to set up things like a self-hosted Mastodon? Is it a few minutes, a few hours, or a few days worth of work?

I self-host my own e-mail.

There's a webpage out there (https://dnschecker.org/ip-blacklist-checker.php) that lets you look to see if you've been blacklist and there's only one massively aggressive DNS rbl that blacklists me out of many dozens of them.

I'd suggest actually trying to setup your own e-mail/dns and see if it works or not. If you wind up on a static IP that is in a ton of RBLs, move to another block or another cloud service.

What annoys me most about email is that it's painfully hard to deploy. Other things are pretty straight forward, you just run them as service, probably some database with them, some http proxy and that's it, you're good to go.

That's not the case with email. You have a lot of different components to it, like postfix, dovecot, opendkim, and wtf else with as many confusing configuration options and DNS fiddling. It is so overly complicated for what it does that I'm starting to think that email was a mistake....

Email just like all of the first generation internet protocols (like FTP) suffer from the same problem. It was born in an era where security and issues stemming from mass usage were non existent. As time went by some US companies made email almost a monopoly (Gmail) while other parties added layers of after though security (DMARC, SPF, etc) while at the same time advertisment (spam) also made the situation worse.

Hosting your own email is a problem because of these things, otherwise a fun exercise (that I gave up long time ago).

At a high level, email is two-way (email hosts have to accept your email servers' communication if you choose to send to them), but navigating to a webpage is one way (client initiates an HTTP download from the server). Therefore email needs some kind of 'web of trust', since email servers have to trust that other valid email servers regulate their spam and aren't malicious. Not saying the current situation is ideal necessarily.

I think the standard answer is to use a smarthost.

The blacklisting shouldn't be permanent, though; my self-hosted mailserver took about a year to earn the trust of GMail. I hzave no idea how Hotmail's spam filtering works. I think they just shitcan randomly, unless it's sent from Hotmail.

I'm no longer running a self-hosted server. It's hosted by my (obscure) ISP, but it's still a custom domain. I have no deliverability problems, not even to Hotmail.

You can. I did that for decades until I got tired of maintaining that server.

Use a reputable VPS provider (one that's not likely to tolerate their customers being spammers), once you get the server check the IP against various blacklists (get a new server / IP if that happens). Make sure you set up your SSL certs and DKIM, SPF and DMARC properly.

Across the years, I had very few instances where my outgoing mail ended up in someone's spam box.

I've been self hosting email for 10 years now, don't have an issue with spam/blacklisting, I would say claims of self hosting emails death have been greatly exaggerated.

The main thing is to have a regular TLD, not something like .biz or .xyz etc, use DKIM/SPF, >> ensure your PTR record is setup << (critical) to match the domain name you're hosting your mail server on and you should be good to go.

You need to have a domain name with the DMARC information in the TXT DNS record. Also most large email providers have some sort of separate "registration" process that internally helps them perform heuristics. For example, Google calls this "Google Postmaster Tools" [1].

[1] https://www.gmail.com/postmaster/

you should be able to host your own e-mail system.

the first BUT ... :)

* an "e-mail system" consists of many components which have to be (tightly) integrated -- MTA, MDA, MUA just to name the most obvious ones

* e-mail touches a lot of different fundamental areas of (inter)networking -- especially for example DNS ... if you don't get those things right, your outgoing mail will be considered SPAM by most of the larger mailsystems out there

* last but not least: the annoying incoming SPAM ... you have to setup some kind of filtering and maintain it

* additionally: you are targeted by several kind of attacks, because mailboxes are an essential bottleneck in lots of security-related workflows ... read: password reset / access-tokens etc.etc.

to integrate all of this is not trivial, but also not rocket-science, it just demands experience and knowhow in a lot of areas.

which leads to the second BUT ... ;)

those areas are sooo uncool right now - cloud/services/mobile/crypto/web3 ... these are the hip places to be today ...

why bother with something sooo 20th century like operating a mailsystem or a server-system at all!?

only "weirdos with alu-hats" and "old farts" are doing this ... (i'm one of them ;))

br v

After all websites started requiring email for interactivity, it became a proxy for the identity, propped up by some trust in Google and whoever else. No one is interested in letting you ‘confirm’ your identity. This is more evident now that email hosts require the phone number in turn.

If you're reluctant to use the centralized identity, you obviously have some malicious intent.

You can, I do. It's really no problem.

You do have to make a bit of effort to setup DKIM, SPF etc. But really it's not too difficult.

I've been runnning mailcow[1] on a small Hetzner vserver for a bit more than 4 years with minimal downtime and maintenance.

I followed their guides for the most optimal setup, and so far i feel deliverability has been comparable to commercial offerings.

Can certainly recommend.

[1] https://mailcow.email/

Yes, SMTP is amazing. It's a decentralized, fault tolerant messaging protocol. Civ2 used to have multiplayer over SMTP.

Is the impact of DKIM and SPF on email delivery measurable? Have any studies on this subject been published? Such an important part of our lives should be better understood. Reading this thread feels like witnessing clergy swinging thuribles towards the congregation while mumbling the gospel to build a connection with God.

You can host your own email. I do it. I don't really have many problems. Every now and again someone's misconfigured mail server decides that my email is spam but really this doesn't matter to me so much. At least the major email providers that everyone else seems to use happily accept my emails.

You can host it yourself. For example with a Freedombox: https://wiki.debian.org/FreedomBox/Manual/Email?action=show&...

E-Mail isn't email.

Provide as MX to your own is impossible if you only have dynamic ip: Most ranges are on spam lists, for good reasons.

Hosting everything else is possible.

I work for a company that makes use of three components: a so called smarthost, that does AV and Spam detection, a newsletter host and groupware server.

Many more combinations are possible.

Have you actually tried to? I've been running my own server for like 3 years now, works fine. You need to actually set up your SPF/DKIM/DMARC/PTR records/etc correctly, but I've never had an issue with my mail getting delivered or being sent to spam.

Nothing can be done. Everything will eventually succumb to spam. Spam is omnipotent. In fact, Google and FB are just giant very successful spammers. The only difference between Mastodon and email is that email is 40 years older. As Mastodon grows, spammers will take over.

You absolutely can host your own email. I do and have since before Google existed. Antispam hurdles do exist but clearing them is just a process. For most people it isn't worth the effort. Sometimes I wonder why I still bother, but it is definitely not impossible.

You can do whatever you want. For a pull-based service, I have no problem with you posting things, but if you're sending to me, I make the rules and I'm not interested in prioritizing your freedom to send things over my freedom to not receive things.

What do you mean by hosting? It is basically necessary to relay outgoing mail via a reputable ISP in order to not be spam-sorted. They will then make sure their outgoing IPs are respected.

For incoming mail you need a spam-filter, but that is in your hands.

Without scarcity, there will always be spam.

https://messari.io/article/look-to-the-stars-navigating-the-...

Mastodon is too obscure and small for anyone to notice. If Mastodon ever achieved the scale of email, the necessary anti-abuse measures would also result in centralization of Mastodon services, just like we see with email.

I don't get it: I'm selfhosting my own mailserver and I have no issues with gmail / outlook marking me as spam, what is everyone talking about? You just need to set up DKIM, SPF and wait a couple of weeks.

Why can't you? I've done it for the last decade or so with absolutely no issues.

I even run my own webmail suite.

I even have about half a dozen friends who also use it on the regular.

Not sure what's stopping you or anyone else?

That's strange. I have a virtual server running vor about 15 years with several upgrades. Debian stable. Email works just fine with the occasional spam mail coming through.

I hosted my own email server from 1995 to 2010 (Solaris on a Sun IPC, sendmail and IMAP compiled from source). What finally drove me to move my domain to gmail was the spam.

I have been hosting my own mails for years

Although not directly. I got a webhoster, with my own domain, and the hoster also provides mail servers

I never noticed any problems.

Although often people do not respond to my mails.

The problem is that decentralized services only work when everyone is on decent behavior. When the degenerates onboard, you need the harsh hand of a centralized authority.

Nothing to fix, it's already solved . I host my mail using cloudron on digitalocean. Have you tried selfhosting or are you guessing it will be hard?

this looks like prime territory for another federal oversight.

essentialy email has been taken over by the minority for financial benefit, and creates a noncompetetive situation.

it has been obvious for years that small email servers are being squelched for thier properties, and independence rather than for something that has actually occured.

this is direct interference with a computerized messaging system, and it is causing harm.

I have been self-hosting my email since 20 years. It can be done. I haven't had problem with mails being marked as spam for a long time.

You can - https://www.postfix-tutorial.com/

Recently switch to Hetzner and have had 0 problems. They maintain clean IPs and if they catch you spamming they block outbound mail

Why you no host? (https://yunohost.org/) ;)

You can host your own mastodon server but if it fills with spam others will refuse to federate with you.

You definitely can but trust me - it is a huge pain in the ass

And I generally recommend doing a lot of hosting yourself

i can. so you can too. the hardest part is finding a clean ip in a clean block. the rest is quite simple and straightforward. dkim+spf set up was enough for my opensmtpd to deliver my mail to all the big players without any going to spam

You need to maintain your ip’s reputation, which, for ourselves, is barely possible:(.

It is not you. It is the monopolies like Gmail, Outlook.com etc that make it hard.

You can. Ive set up mail records for jobs before. Its just a question of maintaining the dns records and paying whatever fee to your registrar like everything else.

Not sure what the story is with self hosting spam filtering. I think most people call an external service

To me it seems you can, provided you own a good IP address.

I set up mail-in-a-box a few years ago and it works great.

Email is as close to ‘fixed’ as you’re ever going to get.

you can host your own email : https://mailinabox.email/

Because all the big players will mark you as spam.

It's doable, and it's quite easy

because it's secretly a social network and those are very hard

Works for me. Shrug.

The flagging and blocking of legitimate messages from domains with good standing is not a general problem. But it is a malpractice primarily of Microsoft and Google.

The reason is that they have clear financial incentives to sabotage communications in order to press people into using their services.

Given the centrality of email to daily life and business, big-tech service providers do cause a clear harm by their actions, and what is needed is are successful legal prosecutions against them for that practice.

It's an interesting problem. In days of yore, the Royal Mail and US Postal Service had special powers of state that made letters sent effectively certain to be delivered. Interfering with the mail was a very serious criminal/federal offence. At one time in British law, the mere act of posting a letter was considered tantamount it having been received, and to this day many legal processes derive from that, even though the delivery has gone electronic.

The principle agent problem is that as service providers they are not impartial in their actions. While they may superficially seem to have every right to block communications to users within their domains "to prevent spam", or on "security" grounds, they are intermediaries whose good faith is not ascertainable. Even if they were acting in good faith it is a classic example of iatrogenic over-reach of "care", by which nefarious motives may be veiled by an appeal to seemingly reasonable "security" policies.

While their Terms of Service clearly make no warranty for delivery of important messages, this is not an acceptable level of service. We have hobbled along in this legal no-mans-land for 30 years at least.

Therefore I see the problem as more akin to a net-neutrality issue and is more subtle as a rights issue than it first appears. How can big service providers with an obvious conflict of interest and incentive to sabotage legitimate communications be made to play ball?

Technically we can prove, from mail relay messages, that communications have been delivered to the boundary of their digital estate, so the technical basis for a legal intervention is there. Part of the problem is that recipients who are harmed need to coordinate with senders that experience harm. And both parties need the basic technical competence to know and prove that they are being harmed.

Your mileage and anecdata may vary, but I maintain multiple mail domains for projects and businesses in Europe I've set up for people which send dozens of messages per day from self-hosted servers. Almost none of these have any problems. The only problems people report come from recipients on Microsoft and Google systems.

I sometimes politely ask people explicitly to white-list addresses, or carefully explain why a non-Google/Microsoft alternative address is a more professional and reliable contact point.

Nontheless, the 'crimes' of these big companies causes me tangible cost and I do with there was a legal remedy for it.

A lot of people have asked us why they can't host their own email. It's a great question!

Hosting your own email is about as easy as hosting your own website, or server. Basically, you would have to install an email server on your own computer, and then configure it so that it can send and receive email.

If you've ever tried to set up your own web server, you know what kind of a pain it can be. You'd have to install the right software, configure it, make sure it's secure, and do all kinds of other stuff that you probably don't want to do (unless you're one of those rare people who just loves doing stuff like that).

If you think about how much time and effort it takes to manage a single computer—let alone a network or an entire data center full of them—you'll see why we're in the business of helping people with hosting, instead of telling them to host their own stuff.

if i’m not mistaken this happen because e-mail server don’t have an identity.

it’s too easy for scammer to create a domain name.

or is it only because smtp doesn’t have any kind of authentication and rely only on IP adress?

I wonder if a crypto-based email system would solve these problems. With crypto, you have cryptographically secure identities, and if you had to pay for sending emails, this would deter unlimited indiscriminate spam.