this post was submitted on 27 Feb 2025
20 points (91.7% liked)

Privacy

1023 readers
890 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
20
Isn't it better* to host a mail server at home than to use Proton or Tuta? (lemmy.cat)
submitted 20 hours ago* (last edited 20 hours ago) by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

*With ‘better’ I mean that an encrypted solution is adequate in these cases because the mails are on other servers, and the companies/servers depend on the jurisdiction where they are located. But by hosting a mail server at home, even unencrypted, we are 100% in control of our data.

PS: is there a self-hosting mail server solution that stores everything encrypted? I already self-host almost everything I use, but not email.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 19 hours ago* (last edited 19 hours ago) (1 children)

Honestly? No. It takes a bit of reading into SPF, DMARC, DKIM etc., and you will need to set up an authentication method (using PAM means you need to cache your unix users credentials in mail clients), which is easy via the dovecot passwd driver. The problem is that some blocklists will block any residential connection per default, but mxtoolbox will search through those, and I basically only needed to fill out spamhouses unblock form, which is easy. Even my employer (major bank) seamlessly accepts any emails from my domain.
Bruteforce attacks can be caught with fail2ban and reported to abuseIPDB

[–] [email protected] 2 points 16 hours ago* (last edited 15 hours ago)

It takes a bit of reading into SPF, DMARC, DKIM etc.,

That alone is often (usually?) not enough. Since many IP addresses are already blackholed before you even set up a mail server on one, there is also the slow and sometimes painful process of:

  • Figuring out by trial-and-error which recipients are not receiving mail from you (or are receiving it directly into their spam folders).
  • Figuring out which email filtering services are used by those recipients' mail providers.
  • Figuring out how to contact those filtering services.
  • Figuring out what process each filtering service uses for requesting removal from their blacklists (or adding to their whitelists).
  • Navigating each of those processes.
  • Submitting documentation of having done so.
  • Waiting and hoping for the filtering services accept your request and start allowing mail from you.

...and then starting all over again every so often, whenever a filtering service changes their configs or a new one appears.

It can be done, and you might get lucky, but it often requires tenacity and a lot of patience.