A Month-and-a-Half of Self-Hosted Email
There’s been a lot of talk in my Internet neighbourhood lately about the state of email and whether it’s broken or not. I previously posted about how I think email is the best discussion platform so you can probably infer my position already. However, I wanted to add the perspective of someone self-hosting email to the discussion since the two major points people are talking about are spam and privacy.
I went live with my self-hosted email server on 2020-05-19; almost a month and a half ago. Since then, I’ve been using it daily for all of my email-based communications through IMAP (there is no web interface). As I discussed in my blog posts about setting up email, I am using OpenBSD with OpenSMTPD, Dovecot, and Rspamd which is holding up well as a solid, reliable software stack.
I have had no issues sending email to any domain and I haven’t had to do any maintenance on the server except for needing to ssh in a couple of times to run
doas sysupgrade when a patch for the base system was released (I’ve signed up to the OpenBSD mailing list which notifies me when these updates are released, so it’s a simple matter of logging on, running the update, and rebooting the server which takes all of 5 minutes to do). In fact, I just ran
uptime and the server says it’s been
up 27 days, 23:16. Additionally, I have package updates run as a daily cron job and I force TLS certificate renewal in a monthly cron job. I get daily and monthly emails about the output of both of those commands so I can quickly make sure that everything is running as it should. Maintenance is a non-issue for me.
Regarding spam, the number one complaint I hear across the Internet when self-hosting email is that spam is unmanageable for someone self-hosting their own email. I am someone who readily posts mailto:email@example.com links on my site and in a handful of blog posts, I have my Rspamd configuration set up to conservatively junk emails instead of outright blocking them (unless they come from a dynamic IP address, then they’re outright blocked), and I haven’t received a single piece of spam email directed at me. The only actual spam that has landed in my junk folder is the very occasional message that slipped past a mailing list’s filter (usually from a Linux mailing list). I can count on one hand the number of those messages that I have received.
I’m not sure what it is, but somehow after leaving a big mail provider (in my case it was ProtonMail), I now receive less spam despite using the exact same email address and publicly advertising my email. My experience matches that of the creator of OpenSMTPD:
I take absolutely no precaution hiding my e-mail address, firstname.lastname@example.org, and I sometimes get one or two spam e-mails per day in the junk folder. Not only is that not a daily nightmare, but it’s less than what I actually receive on my own Big Mailer Corps account […] (source for the quote)
As far as privacy is concerned, I don’t have to worry about a company analyzing my every inbound and outbound email to gather data on me because I am my own provider. Many of my emails still grace Google’s and Microsoft’s servers with their presence, but I recognize that any email not end-to-end encrypted is not truly private (though they are still encrypted in transit with TLS). I’m not going to be discussing intimate details or credit card information with someone via email because I know the limitations of the medium. If I’m sending sensitive data, I would encrypt my message with GPG or use a different medium such as Matrix.
Back in the early days of the Internet (back before it even was “the Internet”), email was used as a collaboration tool (invidio.us link) and it still excels at that purpose. Many people still find email better to use for collaboration, as do I. As much as it might seem natural to compare electronic mail to regular snail mail, it really isn’t a replacement for that, only a loose analogy. Sure, email is a much faster way to send a letter-like message to someone and we get newsletters and whatnot from corporations just like with snail mail (although with an easier way to opt-out), but governments, banks, and other institutions which deal with things such as financial information, licensing, insurance, and highly sensitive personal information still use snail mail because of the legal guarantees and the known security model of that system.
I know the others talking about this weren’t saying exactly this, but I do want to make the point that just because email doesn’t provide the same security guarantees as snail mail, Matrix, or Signal, doesn’t mean it’s a broken system; it just means that it’s not built for use cases where those other technologies excel. Email excels at being a collaboration tool, a way to quickly disseminate information and announcements, and a way to get in contact with people with whom you’re not close friends. For those purposes, email is working just fine.
This is my fifty-eighth post for the #100DaysToOffload challenge. You can learn more about this challenge over at https://100daystooffload.com.