I’ve hosted mine for decades. Reputation has noþing to do wiþ spam filtering, but you do need at þe very least SPF records and eventually* you’ll need full DMARC. Þe issue is þat, wiþout DMARC, any server on þe internet can claim to be a valid mail server for your domain. DMARC lets you restrict it to your own servers.

Self hosting email isn’t hard; properly securing and protecting it is more work. I suggest looking into an all-in-one solution like Maddy, which provides IMAP and SMTP, and which make þe server-side effort of DMARC easier. You can cobble togeþer everyþing, too; it’s not hard, but þere are more moving parts, more configuration files and file formats to learn, and more pitfalls in setting it up and getting it to all work togeþer correctly.

• Like, soon. Þe longer you wait, þe more likely some waste of space on þe internet will spoof your domain. Get it set up and working first, þen do DMARC þe next day. Or do it all in one go, it’s just a bigger bite to take all at once, and it isn’t strictly necessary: you can do it in steps, as long as you don’t delay DMARC by too much.

I host my mail server on a VPS.

I suggest making sure you get DMARC / DKIM / SPF working, and having an anti-spam strategy (greylisting helps, but there are a few ASNs that just exist to send spam). Also make sure your IP is not on any public spam list.

The next problem you might face is that Microsoft and especially Google like to make it hard for anyone not using their services. With Microsoft, you fill in a form and jump through some hoops and they’ll start accepting your email enough to land it in spam. Unless you are regularly sending to Microsoft, it is hard to keep them accepting mail, but just sending to a free Hotmail address (owned and occasionally marked as read and deleted by you!) on cron is enough to keep occasional mail deliverable as long as none of your mail ever gets marked as spam. Google can be more of a pain to small email servers in terms of not landing in spam, but I think occasional reports of not spam will help you.

In terms of keeping down spam:

• postgrey or similar for greylisting keeps out the least serious spammers.
• The notorious spammers / bulletproof hosting is best blocked by ASN since they regularly shift IP addresses. Try a script like this on daily cron (assuming you jump to the custom BAD_AS table from your INPUT iptables rule) - please don’t run it too often since routeviews is a free public service and you should be respectful of them:

#!/bin/bash -e

TEMPDIR=$(mktemp -d)
trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snapshot-latest.dat.bz2 -Lo "$TEMPDIR/snapshot.bz2"
bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true
iptables -D INPUT -j BAD_AS || true
iptables -A INPUT -j BAD_AS
iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do
    iptables -A BAD_AS -s $ROUTE -j DROP;
done

• Despite Google being so hostile to very infrequent emails from IPs that have years of never sending spam, just because they are small, Gmail and Firebase are one of the most significant spam sources. I find client-side filtering works best for things like that which get through your other defences.
• Another spam source is Docusign. These types of companies tend to shut down individual scammer / spammer accounts, but then allow them back in for the same scam with another account.

Note that of the spam that gets through if you have the basic defences, it’s probably a similar level to big corporate hosted mail, so don’t let this deter you (I just hate spammers).

I THINK im aware of the technicalities

Not to promote the service (they’ve stopped accepting new users anyway) but here’s a overview of what you’d have to take on. He’a a professional who runs his thing as a hobby.

Well, i guess a lot of them are merely nice-to-have’s.

Depending on how you define “self-hosting”, I may qualify at that.

I’ve hosted my email on a remote VPS myself. I have not hosted the machine in my apartment.

I used postfix + dovecot + mysql stack, I have to admit it was the hardest thing I’ve ever configured and I’ve hosted a lot of services in my life.

In the end I ended up switching to the free service that came with the domain became no matter what I did and how compliant I was to dkim and SMARC and tkip (I’m probably butchering the name here, it’s been a long time) outlook accounts kept sending my emails to spam, everything else worked fine, even gmail, but DAMN Microsoft and how much I hate that company managed to fuck over me one final time even after years after I switch to Linux. I tried everything even the form to remove my email from spam.

Tl;Dr hosted email on a vps but couldn’t get past outlook spam filters

Any one got a good read up for getting into mail hosting?

I host my own mail, imap and authorative dns servers for my domains for more than 25 years now. I like it and seldom had any problems. I have two root servers in two different countries for that. Costs around 2x50€/month, but the load from said services is minimal. The servers also host gitlab, nextcloud and other services, most of them only available via vpn (eg. No public ssh). Every service runs encapsulated in it’s own vm with strict firewall rules and their own internal network. This makes migrating to another server relatively smooth.

I would recommend if you know what you’re doing and have fun doing it. Keeping services up to date takes sometimes a little time, mostly when there is a distribution update with configuration changes.

I do not know what “Experienced enough in homelabbing” means, but running mail and dns is not homelabbing. It comes with responsibilities. Running an open relay hurts other people. You also need two mail servers each with a static public ip adress from a different ip range and you must be able to add their public signing keys to your domains dns record.

I’d say if your willing to invest time and money because you like the technology and have fun doing it: absolutely go for it, if you think it’s a fire and forget weekend project then save your time…

I self host mine and it works. It is quite hard to set up at first but once you have configured it correctly it is satisfying.

I heard the wisdom once that you should self host everything except for email. I’m sure there are great tools to make it manageable but the effort/gain is just very high.

Just find a email provider that let’s you connect your own domain, use wildcards, etc.

Of course email is pretty central to most digital identities, as most accounts can be reset through email. So if you absolutely want to be sure you control your identity you must self host email (but you also must own the authoritative DNS for that domain so you must register directly with the TLD and not through a registrar …)

If my understanding is correct, reputation building would be nigh impossible for a self-hosted server.

My personal experience: I run my own email server out of my home, and it’s been fine. I do occasionally get caught in spam filters, but it’s easily less than 1%. I have a few friends who do the same, and they also say that it works fine for them.

The vast majority of people that I’ve seen who say it is impossible, are sending spam. They swear all day long that people really do want to read their marketing emails, but

That being said: If you run it in the cloud, be prepared to spend time building up a reputation. Most cloud providers have a terrible reputation, and it’ll take time to get through that.

I was about to setup my own server, but then I just got a cheap email hosting plan with a German Webhoster. No struggle with Server, spam, or whatever. Just works fine for me. I think I could use it as a relay for a own server though.

What about purely receiving emails? Receiving them isn’t anywhere near as bad as sending. My friend uses his own server/domain for his “spam mail”/dgaf accounts. He can use whatever address he wants and it goes into a catch all bucket. It makes it easy to track when your email is sold/leaked, but none of the finickyness of like plus tags in gmail

If you have a relay or SEG it’s not to hard. Dealing with spam can be a problem.

Availability can be an issue, and creating an HA email server starts to get pricy.

There’s a reason email administration can be a full time job.

I’ve seen SMTP servers self hosted alongside WordPress just for sending invite emails. There’s definitely some openssl keygen and DNS magic that needs to happen. Then it took almost a month before email sending really worked. There was a while where it would show up in spam for most recipients while gmail would flat out ignore it.

If you’re not scared of the openssl/DNS magic and are willing to let it sit for months before actually migrating then yes.

Not if you want your emails to be reliably delivered. Even if you set up all of the right things and follow all of the rules, you will probably always be fighting to stay out of the spam folder.

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html