This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service “which will definitely not train AI on your email”. Sure Mozilla, whatever you say.
Rant aside, here’s my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn’t actually hold your emails. This means your emails remain completely in your control, but you don’t have to worry about not being able to send emails to other people as long as your storage backend is alive.
I don’t know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don’t like that. I want my email to live on my servers alone.
Do you think this is possible? Does any company already do this?
Thanks
I feel like most commenters here haven’t understood what you’re proposing.
I’ve thought about doing this, I’ve seen other commenters say they’re doing it. It’s not a terrible idea. I haven’t done it myself because … it’s just not a priority and I’m not sure it ever will be. Anyway …
If you’re willing to set up and self host your own email stack like mail-in-a-box or whatever, then configuring a separate outbound SMTP server is fairly trivial in comparisson.
If you already had your own stack set up to be self hosted you would ordinarily be using the SMTP server there-with to send emails.
Firstly configure your client to use whatever other SMTP server you have access to. I think it’s possible to use mailgun or one of those API transactional senders. You could get a cheap plan with mxroute or any other email host and just use the SMTP server.
Suppose your client is Thunderbird and you set up your account like smtp.mxroute.com for outbound and imap.myserver.com for email storage. When you send an email tbird transmits it through mxroute and then stores it on your imap server at myserver.com in your sent folder.
The potentially complex part is configuring spf & DKIM records on your domain.
SPF
I’m not sure if I’ll be able to explain this clearly but… suppose a recipient’s spam service receives an email purportedly from marauding_giberish@myserver.com but transmitted by smtp.mxroute.com. That spam service will look up the DNS records for myserver.com and inspect the records for the spf record. This record pretty much lists which servers are authorised to transmit email from addresses ending in myserver.com. So with a more typical set up an spf record might be:
“v=spf1 include:myserver.com -all”
This would indicate that only the smtp server at myserver.com can transmit email from your domain.
You would edit that to include the mxroute smtp server like this:
“v=spf1 include:mxroute.com include:myserver.com -all”
This way, recipients can confirm that the owner of myserver.com domain has formally designated mxroute as an authorised recipient.
DKIM
Your SMTP server will have a public & private key pair which it uses to sign outbound messages. Recipients can use the public key to confirm the signature and thereby confirm that the message has not been altered in flight.
Whatever SMTP server you use will tell you the public key and instruct you to add that to the DNS records of your custom domain.
That’s the one that looks like this:
“v=DKIM1; k=rsa; p=MIIBIj [ … it’s a long key … ] op3Nbzgv35kzrPQme+uhtVcJP”
Once this is in place recipients of your emails can query the DNS for myserver.com and find this public key, and use it to confirm that the signature on the email they received is authentic.
Amazing comment. Saved. Thank you so much.
Indeed, I have thought about hosting my own email, but the problem of dealing with IP blacklists made it seem not worth it.
Thank you so much for the explanation on DKIM and SPF. It makes sense to me now, indeed I didn’t really have a clue about either of these before I read your comment. Thank you for breaking it down.
I use sendgrid as my outgoing smtp relay to avoid ip reputation issues you mention. You still have to configure your dns settings for spf and dkim pointing at their servers instead of yours. Their free tier is 10x the email I’ll ever send so it doesn’t cost anything. There are a few companies in this space with free tiers. It works, but it isnt Gmail level deliverability. I still get spam binned occasionally.
The previous commenter mentioned mxroute and I got sendgrid from your comment. I will look at these products, is there any other provider that you recommend?