I’ve heard a lot of people say it, but it feels like FUD - it really isn’t as hard as people say. I host my own mailserver (well, I use a VPS, so the provider does the hardware and the networking, but I do the mailserver). And I don’t have a degree in Computer Science (well, I do have a PhD in Bioengineering that involved software-adjacent research, and did a few undergraduate CS papers - but none of that covered anything relevant to mail, so is not relevant here).
Delivering from commercial rather than residential IP space probably helps - and try to get an IP address that hasn’t been previously used by a spammer. If you set up DMARC with DKIM and SPF (lots of abbreviations, but look them up if you want to set up a mail server), you will be deliverable (at low email volumes) to the majority of places already. Microsoft is the one exception, but just send a bit of email to them that isn’t spam (can be to one of your own accounts), and if need be fill in their form to complain you are being blocked incorrectly, and you will get deliverability at low volumes.
All of that is enough for normal personal or business emails at normal volumes to be deliverable pretty much anywhere you like, and it doesn’t take long to get there. If you want to send legitimate bulk newsletters and the like, it is a bit harder (basically, you have to warm up the IP and not grow too fast), but also not impossible - but understandable businesses doing that want to pay for someone else to have done that for them, and that is where advice not to run your own server comes from. But for the average person who doesn’t run mailing lists, getting deliverability is not that hard. And the more people who run their own servers, the harder it is for those who would make email a walled garden to get their way on it - so it is for the greater good.
The bigger challenge with running your own server is actually not other’s anti-abuse measures, it’s that you have to have your own anti-abuse measures if you don’t want a mountain of spam and your logs filled with people trying to brute force you. It isn’t that hard, but a few tips: 1) install packages for your mailserver from your distro, and update early, update often, 2) use keys rather than passwords for protocols (like ssh) where you can, and use long secure passwords where you have to (e.g. for IMAP and submission logins), 3) read the docs for your mail server to make sure you aren’t set up to be an open mail relay please! Check authentication is required with a secure password or you will get blocked by everyone as a spam source, 4) use something like fail2ban to block brute forcers before they fill up your logs, 5) consider SpamAssassin and postgrey (or some other greylisting solution) to cut back on spam, 6) there is a tiny handful of ASNs on the Internet that allow spammers and don’t take any meaningful action against them. You can do a daily download from https://archive.routeviews.org/oix-route-views/oix-full-snapshot-latest.dat.bz2 and bzgrep it with a command like bzgrep -e " (213035|400377|399471|210654|46573|211252|62904) i"$TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq to get a list of IP ranges that are more likely to be spam than anything else (obviously, never use one of those providers since they are widely blocked). Script blocking traffic from them with iptables, and your spam volume will fall greatly. 7) if a spam does get through, check the headers and report it to the ISP it came from - you will be helping to shut down spam for everyone, making it easier to run small mail servers.
I run my own mail server for US$5/month (on VPS compute resource shared with other things, not just for mail), it is mostly automated (and can be redeployed with Ansible if need be), I rarely need to touch it aside from checking upgrades are working etc…, and I haven’t had a deliverability problem in ages, and I now get pretty minimal spam (and the spam that does get through is reliably filtered by Thunderbird’s spam filters at the client).
So please don’t let the naysayers deter you from self-hosting your mail, it’s really not that hard, especially compared to the constant stress that providers like Google might lock you out of your account for vague “security” reasons, shadowban you, sell information from your emails for marketing, decide to cancel the service, or whatever other abusive thing they dream up next.
Thanks for the reply and the technical details. And great to hear that hosting your own mail is still possible for us mere mortals. That’s the world I want to live in!
I’ve heard a lot of people say it, but it feels like FUD - it really isn’t as hard as people say. I host my own mailserver (well, I use a VPS, so the provider does the hardware and the networking, but I do the mailserver). And I don’t have a degree in Computer Science (well, I do have a PhD in Bioengineering that involved software-adjacent research, and did a few undergraduate CS papers - but none of that covered anything relevant to mail, so is not relevant here).
Delivering from commercial rather than residential IP space probably helps - and try to get an IP address that hasn’t been previously used by a spammer. If you set up DMARC with DKIM and SPF (lots of abbreviations, but look them up if you want to set up a mail server), you will be deliverable (at low email volumes) to the majority of places already. Microsoft is the one exception, but just send a bit of email to them that isn’t spam (can be to one of your own accounts), and if need be fill in their form to complain you are being blocked incorrectly, and you will get deliverability at low volumes.
All of that is enough for normal personal or business emails at normal volumes to be deliverable pretty much anywhere you like, and it doesn’t take long to get there. If you want to send legitimate bulk newsletters and the like, it is a bit harder (basically, you have to warm up the IP and not grow too fast), but also not impossible - but understandable businesses doing that want to pay for someone else to have done that for them, and that is where advice not to run your own server comes from. But for the average person who doesn’t run mailing lists, getting deliverability is not that hard. And the more people who run their own servers, the harder it is for those who would make email a walled garden to get their way on it - so it is for the greater good.
The bigger challenge with running your own server is actually not other’s anti-abuse measures, it’s that you have to have your own anti-abuse measures if you don’t want a mountain of spam and your logs filled with people trying to brute force you. It isn’t that hard, but a few tips: 1) install packages for your mailserver from your distro, and update early, update often, 2) use keys rather than passwords for protocols (like ssh) where you can, and use long secure passwords where you have to (e.g. for IMAP and submission logins), 3) read the docs for your mail server to make sure you aren’t set up to be an open mail relay please! Check authentication is required with a secure password or you will get blocked by everyone as a spam source, 4) use something like fail2ban to block brute forcers before they fill up your logs, 5) consider SpamAssassin and postgrey (or some other greylisting solution) to cut back on spam, 6) there is a tiny handful of ASNs on the Internet that allow spammers and don’t take any meaningful action against them. You can do a daily download from https://archive.routeviews.org/oix-route-views/oix-full-snapshot-latest.dat.bz2 and bzgrep it with a command like
bzgrep -e " (213035|400377|399471|210654|46573|211252|62904) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq
to get a list of IP ranges that are more likely to be spam than anything else (obviously, never use one of those providers since they are widely blocked). Script blocking traffic from them with iptables, and your spam volume will fall greatly. 7) if a spam does get through, check the headers and report it to the ISP it came from - you will be helping to shut down spam for everyone, making it easier to run small mail servers.I run my own mail server for US$5/month (on VPS compute resource shared with other things, not just for mail), it is mostly automated (and can be redeployed with Ansible if need be), I rarely need to touch it aside from checking upgrades are working etc…, and I haven’t had a deliverability problem in ages, and I now get pretty minimal spam (and the spam that does get through is reliably filtered by Thunderbird’s spam filters at the client).
So please don’t let the naysayers deter you from self-hosting your mail, it’s really not that hard, especially compared to the constant stress that providers like Google might lock you out of your account for vague “security” reasons, shadowban you, sell information from your emails for marketing, decide to cancel the service, or whatever other abusive thing they dream up next.
Thanks for the reply and the technical details. And great to hear that hosting your own mail is still possible for us mere mortals. That’s the world I want to live in!