this post was submitted on 27 Feb 2025
21 points (92.0% liked)

Privacy

1023 readers
1095 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
21
Isn't it better* to host a mail server at home than to use Proton or Tuta? (lemmy.cat)
submitted 1 day ago* (last edited 1 day ago) by retiolus@lemmy.cat to c/privacy@lemmy.dbzer0.com
16 comments fedilink hide all child comments
 

*With ‘better’ I mean that an encrypted solution is adequate in these cases because the mails are on other servers, and the companies/servers depend on the jurisdiction where they are located. But by hosting a mail server at home, even unencrypted, we are 100% in control of our data.

PS: is there a self-hosting mail server solution that stores everything encrypted? I already self-host almost everything I use, but not email.

you are viewing a single comment's thread
view the rest of the comments
[–] yojimbo@sopuli.xyz 0 points 23 hours ago* (last edited 23 hours ago)

2 points I'm not sure got mentioned here

  1. There is a new hero on the block - his name is mox and he is bloody awesome! It's a single binary written in go, that takes care of (citing) ...IMAP4, SMTP, SPF, DKIM, DMARC, MTA-STS, DANE and DNSSEC, reputation-based and content-based junk filtering, Internationalization (IDNA), automatic TLS with ACME and Let's Encrypt, account autoconfiguration, webmail.. pretty much everything. As somebody who maintains few mailservers for living - this is a wet dream come true. It implements eg MTA-STS that I haven't seen even on many commercial offerings yet. You run it once - it returns a long file with DNS records for MX, SPF, DMARC, DKIM etc... You run it second time with some switch - it generates its systemd file. Then you just spin it up - and that's it. I always wanted to write something like this but I am nowhere near clever enough. There may be some performance constrains, it's probably not "production grade" yet - but I've been using it for over a year with stellar results.

  2. There has been a lot of gatekeeping (they call it security strengthening) going on lately. In my experience even year ago If you managed to fit into your DKIM / DMARC / SPF rules stated in your DNS records you could still deliver pretty much everywhere. Even with a dynamic IP. As of June 2024 google started enforce PTR records and M$ I believe followed (meaning if your ip doesn't have a correct PTR record your mail isn't deliverable to Google / Microsoft mailservers). Most residential ISPs will not enable you to edit your PTR and since more and more people / companies use bloody google /M$ cloud services I don't think it's worth running mailserver just from home because the deliverability would be a hit and miss. You need at least to proxy the outgoing mail through some cheap VPS with public ip that you can set a PTR on.