this post was submitted on 10 Sep 2023
61 points (93.0% liked)

Privacy

31921 readers
737 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

And what do you actually use? I know the answer is probably self-hosting but maybe there are other solutions for a decent privacy.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago

No you’re right, I shouldn’t discourage, just wanted to warn it’s not the same as most other self hosting projects, where often you just need to spin up a docker container.

Yeah, this is very fair! I just wanted to also provide the other perspective. Self hosting e-mail is very doable, and I think there are some things like mailcow / mail-in-a-box that make setting up the software on the server a lot easier (I haven't used these, but I've heard good things)... But you're probably still going to have to double check your rDNS and make sure to add the appropriate DNS entries... And you might not even realize that you have to do that, and then you're like "why the hell can't I send e-mail to anybody", and it's not the easiest thing to debug (especially if you haven't set up DMARC entries for getting reports from other mail servers). Plus... If you get the DNS entries wrong it can be a pain to wait for the TTL to expire to make changes. The setup definitely isn't without its headaches and hassles, but it's not impossible and once it's good to go you probably won't have to change anything.

FWIW hasn’t DNSSEC/DANE been added to the prerequisites these days or is that still optional?

This is currently optional afaik. I believe you can use this to establish that your e-mail server accepts TLS so other mail servers can know not to downgrade to an unencrypted connection. Admittedly, I'm not super up to date on this, and I'm slightly confused about the differences between MTA-STS and DANE. Also fwiw, I think both of these solutions mainly impact receiving mail, and shouldn't make much of a difference if any for you sending mail to the big providers.