Why I host my own email

What started as a test of whether or not I could do something became, over time, an obsession. Gaining complete control over my email was a motivator for sure, but curiosity was an equal impetus. Anyone who read my post about hosting ethitter.com‘s nameservers will recognize a pattern.

Managing flow

Creating multiple accounts with a single provider as a means to organize emails doesn’t provide much flexibility. Using one address or another works until one loses track, or the wrong address is shared in the wrong place. At that point, one has no ability to divert incoming messages to other destinations before they land in the inbox. Gmail and others do offer a way to forward messages after they’re received, but a reactionary approach wasn’t to my liking.

By moving to my own service, I could create meaningful aliases and direct those messages wherever I needed. misc-receipts@ethitter.com and service-providers@ethitter.com are a lot nicer than ethreceipts@gmail.com and ethservices@gmail.com. That I can decide at the mailserver level where those aliases go, rather than doing so after a copy is already in an inbox where it doesn’t belong, is quite powerful. Coupled with the ability to update these aliases at will, and to distribute to multiple destinations, I’m afforded the flexibility I desired. Furthermore, since the server handles routing, not the email client, messages are delivered (largely) unadulterated, rather than having FW: appended to the subject and other forwarding garbage injected in the headers.

For my purposes, I have three mailboxes: one for important or time-sensitive correspondence; another for bulk or higher-volume content that I need to review but isn’t urgent; and one for reporting related to my servers and hosting. The addresses of these mailboxes are hidden behind aliases, and the latter are the only destinations used publicly. By doing so, I can reassign an alias from one inbox to another without disclosing the underlying destination or asking others to contact me at a new address. Aliases allow me to create purpose-specific addresses that I can discard, guarding against one becoming a spam target (though at this point, I’ve configured things aggressively enough to alleviate this concern). I can also consolidate aliases when I decide I’ve created too many, without risking emails becoming undeliverable.

Owning my data

Beyond effectively managing incoming email, I also desired greater ownership of my email. I don’t inherently distrust providers like Gmail and Outlook.com, but I also recognize that using those services is subject to their Terms of Service, and those companies’ willingness to offer such services. If the terms change or a provider shuts down, one can’t move that email address to a competitor. One might be able to save a copy of the messages received at a given provider, but even that isn’t guaranteed.

By hosting email myself, I’m subject only to the Terms of Service of my hosting providers (I have backups, don’t worry). Since I own the domain names I use for email, my addresses are independent of any particular company or service, and completely under my control (ethitter.com is registered until 2021 to be safe). In a few years, I could decide that there’s a better approach to managing my email, and switching to that solution wouldn’t require new email addresses, just a change of “venue.”

Letting my email address “grow up”

Vanity was partly involved here, though not entirely. While I do strongly feel that email addresses from shared services lack professionalism, that’s only relevant to a small portion of the emails I send and receive.

Beyond the improved perception of an email address that doesn’t use a free provider, using one’s own domain lessens the extent to which a message is assumed to be spam. As reputable as Gmail and Outlook.com may be, email addresses from providers that use shared domains are always considered a source of spam; spam filters make this assumption before adjusting their perception based on the actual content of the message.

Improved security

Building on my desire for greater control, moving to a solution whose configuration I dictate allows me to secure my email beyond what a hosted service offers. In this context, I don’t mean email security as it pertains to accessing an email account, but rather how it relates to sending and receiving messages.

With full control over the mailserver, I’ve chosen to reject more spam emails outright, rather than let those arrive in a junk folder. Similarly, I have far greater control over content filtering for things like viruses and forged messages. Also, I can require encrypted delivery for all messages sent to or from my server, blocking senders who choose to transmit messages insecurely. In fact, mail sent between Automattic’s servers and mine must be delivered via TLS.

Highlighting how I did it

The specifics of how I set up my mailservers (primary and backups) require a separate post due to length alone, but my overriding consideration throughout the process was that I only use open-source software. As I was partly motivated by the desire to “own” my data, ensuring that I used open-source software freed me from any licensing requirements and other software costs. Support for open-source projects is also generally quite abundant, which I benefitted from greatly; tutorials were readily available for every component of what became my mailserver, and finding information about errors and other problems was rarely a challenge.

Briefly, the following lists the software projects that together comprise mail.ethitter.com:

  • Postfix – SMTP server
  • Dovecot – IMAP server
  • Amavis – message filtering, including SPF and DKIM signing, plus integration with spam and virus scanning
  • Spamassassin – spam filtering
  • ClamAV – antivirus
  • Postfixadmin – manages all domains and address associated with the server, plus vacation auto-responders
  • ManageSieve – inbox-specific message filtering, equivalent to Gmail’s Filters
  • RainLoop – webmail client
  • Tomcat Solr – search integration with Dovecot

In a few weeks, I’ll post about how each component works together, and will provide the relevant tutorials that I followed. Most of the setup was relatively straightforward, with a few notable exceptions.