(had to dug my comment from under a flagged parent)
I self-hosted for well over 20 years, I did not throw the towel and I do not plan to. Self-hosting is a sign of pride. Neither my government nor my Prime Minister nor even my Ministry of Interior or Foreign Ministry can host their own email.
Last time I checked, only State Security self-hosted.
I was probably lucky, but I rarely had delivery problems. The last one was a couple years ago with Microsoft swallowing my emails and it was due to the combination of a fairly old exim and a TLS certificate verification quirk at *.protection.outlook.com. I found a fix in the form of a configuration option somewhere on SO.
In all fairness, there is very little maintenance involved, and whenever I have to do maintenance work, I take the opportunity to learn something new. Like this year, I decided to finally replace my aging Debian jessie setup by Arch Linux, and I rewrote all cron jobs as systemd timers.
I must admit that when I send a really important email, I check the mail server log if it went off without errors, but this does not bother me as checking logs manually once in a while is a good thing anyway.
Lastly, a piece of advice: treat self-hosting like a hobby and learn to enjoy it.
Oh and the very last thing: the person who designed Exim configuration for Debian deserves a special place in hell for all the hours wasted. If you set up Exim on Debian, just figure out how to use the upstream exim config and adapt it to your needs.
My first email usage was at University, pre-WWW. After that I briefly used some ISP email service, but that was on a time of very limited storage and POP only accounts, so I started hosting my own email even before having an always-on internet connection, using a relay and dynamic DNS to receive email when online. Now a days, I use a small VPS to route and receive email, but final destination and storage is on my home server. Over the years, I had, like others here, to ask Outlook and other providers to unblock my IP or domain, but it has been rare.
I really don’t want to live in a world where only two or three companies run email for the entire world, and this is my little act of resistance.
outlook.com keeps sending me dmarc reports with failed dkim... while every single other provider gives pass to all domains. at this point I don't even care anymore.
It’s amazing how today we have social networks bending backwards to be able to call themselves “open” and “decentralised” when we already have all the tools we need to be truly independent.
I think when we’re building something with “good UX” the major point of “does this remove agency from users” is somehow missing from the picture. When everything runs on some kind of system, it’s not extraordinary to expect people to know how it works and maybe be able to do it themselves.
Otherwise, fast forward a decade of simplifications, and we can’t even install an app without someone on the other side of the world approving the “transaction”.
> treat self-hosting like a hobby and learn to enjoy it.
This is why I have stepped away from a lot of my self hosting. I have turned my attention/time elsewhere. Apparently though the time/money balance is shifting a bit again, so it may be worth it to go back.
My biggest hesitance to self hosting email specifically is dealing with spam. What does that look like these days and do you have any pointers to share?
> My biggest hesitance to self hosting email specifically is dealing with spam. What does that look like these days and do you have any pointers to share?
Postfix can easily be configured to reject incoming emails from senders without a reverse DNS mapping for their IP address, which makes it reject a lot of spam.
For spammers with reverse mapping greylisting still works fine, they almost never retry.
Certain commercial spammers (hello China :-0) use software which can be filtered with a just one rule matching their sending software, which is "nice" enough to display its name in their mail headers.
And last but not least spamassassin / rspamd work fine to filter whatever comes through.
In the end I get less than 10 spam emails per week. And these go into a separate mailbox filtered by good old procmail, based on spamassassin's ratings. I check the spam inbox maybe once a week for false positives and more often than not the box is empty.
I use a combination of DNSBL and SpamAssassin. Nowadays Rspamd is supposed to be better than SpamAssassin, but SpamAssassin has served me well enough so far, and I haven't gotten around to trying out Rspamd. When a spam email gets past SpamAssassin, I copy it to a special folder, which gets processed by a cron job to train SpamAssassin on it (sa-learn).
Overall the mail server is very low maintenance. I had to add SPF and DMARC a couple years ago (DKIM isn't necessary) and integrate TLS with letsencrypt (just a few lines in a config file), and sometimes a Debian upgrade requires reviewing the configuration (several years apart as well). There's really not that much to do.
I’m not sure that there is any pre made product for this, but I’ve been playing around with LLMs to identify spam, or just generally sorting emails for you. And even the self hosted models seem to be pretty good at classifying emails even without external information like spam blacklists or IP reputation.
rspamd is my go to solution. Out of the box you get a lot of protection. I use Exim as my MTA but I suggest you use Postfix if you are starting from scratch, only because you will find a lot more write ups on it.
The biggest issue is getting an IP address which is not in the banned lists. IP reputation is key along with SPF and do not send spam!
In the UK a "business" static IP address is sometimes/usually/probably/might be OK. If you are unfortunate then it is already in the lists and you can check that out at point of sign up.
You might look into IPv6 too. I managed to do the Hurricane Electric IPv6 email thing on my home connection for a laugh. That was a few years ago. It seems I need to do something more to get to Guru status.
I've been lucky never to get very much spam to my self-hosted domain, but it went to zero once I implemented geo-IP blocking for a few obvious countries and has stayed that way ever since.
I have been self-hosting for about 25 years.
I remember the protection.outlook.com issue.
Once there was an issue with a bank that tried to do encryption, but used an expired certificate. But once I told them what the problem was, and that it was a problem for paying customers, they actually fixed it.
Being able to check the server log can be very useful. E.g. to tell someone that their mail was delivered to a served using their domain name, with that IP-address at that time.
Email for me is a critical service, and the reasons I stopped self hosting after about 15 years is:
1. Because I couldn't ensure consistent backup and restore with regular monitoring,
2. no disaster recovery plan and in doing so it'd be more expensive than going through another email provider,
3. not always on top of security (my friend that I colo'd with also ran an email server and his system was struck with ransomware (with no backup [except a copy of email via thick client] or DR); I seemed to get away unscathed because I was using FreeBSD which generally less of a target).
I agree that it is little maintenance, but once you're off the happy path, it can be a huge pain in the arse and devastating.
email has easily one of the best responses to failure modes ever and its ancient!
Most smtp daemons will put outbound emails in a queue and run the queue. If the other end is unavailable then it will generally retry on a schedule with some sort of increasing period and then give up after a week or so.
You can easily define multiple inbound relays via your MX records which predate SRV and generic TXT and are supported everywhere.
I've run a lot of other people's email, including my own vanity domains for decades. It really isn't rocket science.
Google and MS and Co really don't screw you around if you follow the rules and that largely involves only SPF being compulsory and the rest (DKIM n that) are nice to have. If you do send spam then you will be crucified and rightly so.
Email is not a critical (its important) service because of course you have several other means of communication starting off with the SIP n RTP server you also run ... 8)
This is exactly why I only trust myself to do it. I almost lost my gmail account a couple of times in the past, and every time it was quite stressful. Since then, I use gmail as a backup email provider, than is, pretty much never.
Due to the way mail servers work, you have a couple of days to sort out your troubles before you will start missing emails. At worst, you can always buy Google for Work or some other SaaS and point your MX servers there.
Backup is always a hard problem, but I got to live with Hetzer Clould backing up my VMs, Hetzher Backup boxes as restic backup targets and a tiny Celeron server in the laundry closet for local backups.
I'm thinking of self-hosting email sending for my applications. Does anyone know if, with DMARC/DKIM, email reputation moved from the IP to the domain? If I can make sure only my server can send mail from my domain, shouldn't the sending IP then be irrelevant?
Same here. Dont wanna piss on your party but I don't see any particular pride. Prime minister or any minister to that matter are pretty pathetic positions in my books, but that's totally different conversation.
No delivery problems if you set up everything correctly. It's not luck, just the same reason why well maintained car runs smoother than something that's seen last maintenance 100,000 miles ago.
I used to do this. What finally killed it wasn't reputation, it was the fact that I needed 100% uptime or risk losing messages, getting my address blacklisted, etc. Email is supposed to be resilient to down time (retries, trying each MX record, etc.) but I found that large mail providers tend to just bounce and walk away.
Worse, GitHub (back in 2016 and 2018) would mark a recipient as "unavailable" after a single bounce, refusing to send any more notifications to that address. They since improved the situation and their support was actually very helpful and responsive here, but it's pretty clear that modern SMTP senders have an expectation that recipients will be "always online" that didn't exist when the protocol was invented.
I have a feature (called greylisting) whereby my server intentionally rejects the first mail it receives from a domain.
I have never had anyone claim that their mail has not been delivered to me, and I get a lot of mail.
Retry is built in to the spec, and if you’re really worried you can put a second “receive” SMTP server on the internet with a lower priority, and have it backhaul with LMTP.
———
Email was designed in a time where hosts were not perpetually connected to each other.
> Q: If your server(s) is/are offline for a few hours, why would you "lose messages"?
They said...
>> Email is supposed to be resilient to down time (retries, trying each MX record, etc.) but I found that large mail providers tend to just bounce and walk away.
I take that to mean that if your server isn't availble to receive the mail at the time it is first offered, it won't be retried later. That wasn't the case (for most mail) when I gave up on self hosting 10 years ago, but it's plausible.
This is fearmongering. My mails always got resent after some hours or a day. It's absolutely NOT possible to tell if the problem is on your side, senders side or somewhere in between why a mail is not delivered once and no standard server config would simply toss it.
Host your own mail. I get 99% deliverability with 0 repuation since i do dkim and spf correct.
Don't be distracted by the "complexity" - if you config right it's totally doable.
>I get 99% deliverability with 0 repuation since i do dkim and spf correct.
Your anecdote of success doesn't matter to the others that correctly configured DKIM/SPF and still don't get their emails delivered to Gmail/Outlook/Yahoo/etc. E.g. : https://news.ycombinator.com/item?id=32715437
One of the reasons for hard-to-diagnose sending failures is that Gmail/Outlook have "extra invisible rules" that override correct DKIM/SPF settings because spammers and phishers also have correct DKIM/SPF. So they use extra heuristics such as "ip reputation" etc.
And even after one gets it working, e.g. "submit some form" to Microsoft and wait a few days to get things unblocked... the deliverability may break again because of another "invisible heuristic".
EDIT to reply: >No, that's because your relay overwrites part of the header which makes dkim strict break. Change to relaxed or don't modify the header on your relay.
Delivery reliability can still break without using a relay.
In fact, this unreliability of 100% self-hosting at home is why some self-hosters split it into a hybrid setup and add an external relay for outgoing SMTP and only keep self-hosting for receiving email.
Here is my advice to anyone wanting to test out self-hosting email. Start by using your self-hosted email to sign-up for accounts. You don't have to use the email address for your personal correspondence
Use Mail-in-a-box to get started [1]. You can literally set it up in a couple of hours by following the instructions and everything should just work.
After a few years, you can think about switching your personal correspondence to your new email.
I can recommend Stalwart [1] which is a complete mail service contained in a single binary, that doesn't really have any external dependencies, and is really easy to install and update.
I've looked (and tried) a few other projects in the past, but Stalwart was the easiest to setup, and I haven't had any issues with it so far.
It’s also what Thunderbird is using to build their paid email hosting. Seems like a very ambitious project mostly done by a single person – impressive!
Wow! I was just about to comment how email is the one thing where I wish something that didn't follow the unix philosophy existed. Exactly due to this, it is easy to set up a mail server but it is hard to think of all the things around it: spam, fishing, dmarc, dkim, spf, etc.
This looks really nice, especially also for saas projects.
I've been running MIAB for a few years now with generally good success as an outgoing sender using a rented cloud machine and a "clean" reputation IP. I've had to email the Microsoft postmaster on one occasion when my emails weren't reaching Outlook users, but they were surprisingly helpful and it's been working fine for years now. It's a good learning exercise in setting up stuff like DKIM/SPF/DMARC.
That said - receiving account sign-up emails is the absolute biggest pain in the backside with Mailinabox! The greylisting anti-spam feature relies on bouncing unknown senders and waiting for a retry. The trouble is, many legit sites just don't bother retrying. So email verification for new accounts and 2FA-type stuff often takes ages to come through, if at all. MIAB stubbornly has no easy, mail user-facing way to temporarily disable spam filtering and it's a real PITA at times.
Modern email providers, especially ones offered by ISPs often have the same problems that people criticize self-hosted providers for. Even Google has problems. For example, I regularly order via companies that use Shopify. Now, all of the shopify emails are going straight to spam in Gmail, despite constantly marking them as not spam. (These even pass dmarc/spf/dkim etc, so who knows what's going on here.)
Email delivery and receiving is not hard, but it's inevitably going to be imperfect, no matter the provider you use. There are so many bad actors out there, it's surprising that it works as well as it does.
> These even pass dmarc/spf/dkim etc, so who knows what's going on here.
Those have nothing to do with being spam, right? Spam is about content, those are about authenticity. Anybody can send authentic trash, or unauthenticated gold.
> For example, I regularly order via companies that use Shopify. Now, all of the shopify emails are going straight to spam in Gmail, despite constantly marking them as not spam. (These even pass dmarc/spf/dkim etc, so who knows what's going on here.)
There's a pretty good chance this is because Shopify is sending a lot of email users mark as spam, or is using the same mail server as someone who does. Then you marking them as not spam gives them a better score but the sender's reputation is still so bad that it can't break the threshold to stay out of the spam folder.
I have self hosted my email for about twenty years; fr about ten or fifteen I just forwarded everything to Gmail but had to revert to local ( started with local mail in emacs, but switched to imapd to solve the airplane ticket in the airport issue) because so much important stuff was marked as spam. Like in the middle of a conversation between me and on other person their reply to my email (which I always bcc:ed ack to myself) would disappear. Self hosted is much better. It took few iteration to get spf etc working.
That behaviour is the whole problem. If you use a self hosted or small time email provider you're much less likely to have email blocked or filtered by aggressive anti-not-gmail filters.
Hilarious Gmail addresses send tonnes of spam so filtering by provider doesn't do much there days anyway. But Google insists to continue
Bizarrely, I also find Gmail's spam algo is actually oversensitive to marketing emails from companies these days, which I never thought was something I would complain about. But like you said its super annoying when I actually want the emails.
Seems like we had the opposite problem 10ish years ago. But now the pendulum has swung a bit too far in the other direction.
Ultimately most of the spam I get these days is actually from individuals doing low volume cold outreach from personal email addresses...not companies sending bulk. The new gmail unsubscribe feature works great for marketing emails but is worthless against cold email spam -- which somehow rarely ever lands in spam.
Once hosting email for yourself, you may want to add new project-specific domains, or host email for friends and family. The database user accounts actually make it easier to add and remove users after the system is up and running.
This Purplehat guide provides a step by step procedure that's allowed many people and orgs to bring self-hosted email online...
I think the following is a better guide for someone looking for a complete setup that includes an IMAP server and that can be used with regular email clients like Thunderbird:
I set up my own server more or less following the above guide, but eschewed the database in favor of plain text files. I wanted to keep things simple since I am the only user, but the above guide should scale to big enterprise setups.
I also use this guide, but I switched it to PostgreSQL instead. The recent upgrade to Trixie brought a new Dovecot with breaking changes to its configuration. That was a bit of a pain to resolve, but everything is working fine now.
Self Plug-in: We are currently beta testing Hyvor Relay [0], a self-hosted alternative for sending emails. We are focusing more on observability (monitoring DKIM/SPF, periodically querying DNSBLs) and DNS automation.
A simple docker compose up can get a reasonably working setup [1]
I have a writeup in german about self-hosting current and with debian trixie on https://krei.se/Doc
If you do it yourself and do it correct it's a pleasure. I have automatic updates with automatic reboot, tailored systemd to make sure all is well and status reports per mail - total bliss, easy 2-3 years, with trixie now even 5 until you have to touch it again.
It's mature software.
Host yourself! The peace of mind and control is totally worth it.
Readit News
I self-hosted for well over 20 years, I did not throw the towel and I do not plan to. Self-hosting is a sign of pride. Neither my government nor my Prime Minister nor even my Ministry of Interior or Foreign Ministry can host their own email.
Last time I checked, only State Security self-hosted.
I was probably lucky, but I rarely had delivery problems. The last one was a couple years ago with Microsoft swallowing my emails and it was due to the combination of a fairly old exim and a TLS certificate verification quirk at *.protection.outlook.com. I found a fix in the form of a configuration option somewhere on SO.
In all fairness, there is very little maintenance involved, and whenever I have to do maintenance work, I take the opportunity to learn something new. Like this year, I decided to finally replace my aging Debian jessie setup by Arch Linux, and I rewrote all cron jobs as systemd timers.
I must admit that when I send a really important email, I check the mail server log if it went off without errors, but this does not bother me as checking logs manually once in a while is a good thing anyway.
Lastly, a piece of advice: treat self-hosting like a hobby and learn to enjoy it.
Oh and the very last thing: the person who designed Exim configuration for Debian deserves a special place in hell for all the hours wasted. If you set up Exim on Debian, just figure out how to use the upstream exim config and adapt it to your needs.
Man, I wish I had 1% of the motivation I had 20 years ago to do something like this, before all the full time job, wife and child.
I really don’t want to live in a world where only two or three companies run email for the entire world, and this is my little act of resistance.
why Microsoft is so crappy?
I think when we’re building something with “good UX” the major point of “does this remove agency from users” is somehow missing from the picture. When everything runs on some kind of system, it’s not extraordinary to expect people to know how it works and maybe be able to do it themselves.
Otherwise, fast forward a decade of simplifications, and we can’t even install an app without someone on the other side of the world approving the “transaction”.
This is why I have stepped away from a lot of my self hosting. I have turned my attention/time elsewhere. Apparently though the time/money balance is shifting a bit again, so it may be worth it to go back.
My biggest hesitance to self hosting email specifically is dealing with spam. What does that look like these days and do you have any pointers to share?
Postfix can easily be configured to reject incoming emails from senders without a reverse DNS mapping for their IP address, which makes it reject a lot of spam.
For spammers with reverse mapping greylisting still works fine, they almost never retry.
Certain commercial spammers (hello China :-0) use software which can be filtered with a just one rule matching their sending software, which is "nice" enough to display its name in their mail headers.
And last but not least spamassassin / rspamd work fine to filter whatever comes through.
In the end I get less than 10 spam emails per week. And these go into a separate mailbox filtered by good old procmail, based on spamassassin's ratings. I check the spam inbox maybe once a week for false positives and more often than not the box is empty.
Overall the mail server is very low maintenance. I had to add SPF and DMARC a couple years ago (DKIM isn't necessary) and integrate TLS with letsencrypt (just a few lines in a config file), and sometimes a Debian upgrade requires reviewing the configuration (several years apart as well). There's really not that much to do.
The biggest issue is getting an IP address which is not in the banned lists. IP reputation is key along with SPF and do not send spam!
In the UK a "business" static IP address is sometimes/usually/probably/might be OK. If you are unfortunate then it is already in the lists and you can check that out at point of sign up.
You might look into IPv6 too. I managed to do the Hurricane Electric IPv6 email thing on my home connection for a laugh. That was a few years ago. It seems I need to do something more to get to Guru status.
Being able to check the server log can be very useful. E.g. to tell someone that their mail was delivered to a served using their domain name, with that IP-address at that time.
1. Because I couldn't ensure consistent backup and restore with regular monitoring,
2. no disaster recovery plan and in doing so it'd be more expensive than going through another email provider,
3. not always on top of security (my friend that I colo'd with also ran an email server and his system was struck with ransomware (with no backup [except a copy of email via thick client] or DR); I seemed to get away unscathed because I was using FreeBSD which generally less of a target).
I agree that it is little maintenance, but once you're off the happy path, it can be a huge pain in the arse and devastating.
email has easily one of the best responses to failure modes ever and its ancient!
Most smtp daemons will put outbound emails in a queue and run the queue. If the other end is unavailable then it will generally retry on a schedule with some sort of increasing period and then give up after a week or so.
You can easily define multiple inbound relays via your MX records which predate SRV and generic TXT and are supported everywhere.
I've run a lot of other people's email, including my own vanity domains for decades. It really isn't rocket science.
Google and MS and Co really don't screw you around if you follow the rules and that largely involves only SPF being compulsory and the rest (DKIM n that) are nice to have. If you do send spam then you will be crucified and rightly so.
Email is not a critical (its important) service because of course you have several other means of communication starting off with the SIP n RTP server you also run ... 8)
This is exactly why I only trust myself to do it. I almost lost my gmail account a couple of times in the past, and every time it was quite stressful. Since then, I use gmail as a backup email provider, than is, pretty much never.
Due to the way mail servers work, you have a couple of days to sort out your troubles before you will start missing emails. At worst, you can always buy Google for Work or some other SaaS and point your MX servers there.
Backup is always a hard problem, but I got to live with Hetzer Clould backing up my VMs, Hetzher Backup boxes as restic backup targets and a tiny Celeron server in the laundry closet for local backups.
No delivery problems if you set up everything correctly. It's not luck, just the same reason why well maintained car runs smoother than something that's seen last maintenance 100,000 miles ago.
Worse, GitHub (back in 2016 and 2018) would mark a recipient as "unavailable" after a single bounce, refusing to send any more notifications to that address. They since improved the situation and their support was actually very helpful and responsive here, but it's pretty clear that modern SMTP senders have an expectation that recipients will be "always online" that didn't exist when the protocol was invented.
I have never had anyone claim that their mail has not been delivered to me, and I get a lot of mail.
Retry is built in to the spec, and if you’re really worried you can put a second “receive” SMTP server on the internet with a lower priority, and have it backhaul with LMTP.
———
Email was designed in a time where hosts were not perpetually connected to each other.
I have Postfix logs showing things like "this address is receiving a high rate of email" which are later accepted.
Q: If your server(s) is/are offline for a few hours, why would you "lose messages"?
I've just checked my own email server -> "up 219 days"
Honestly, compared with the stuff we do all day, this is not hard...
They said...
>> Email is supposed to be resilient to down time (retries, trying each MX record, etc.) but I found that large mail providers tend to just bounce and walk away.
I take that to mean that if your server isn't availble to receive the mail at the time it is first offered, it won't be retried later. That wasn't the case (for most mail) when I gave up on self hosting 10 years ago, but it's plausible.
Host your own mail. I get 99% deliverability with 0 repuation since i do dkim and spf correct.
Don't be distracted by the "complexity" - if you config right it's totally doable.
Gives you actual private caldav too btw
Your anecdote of success doesn't matter to the others that correctly configured DKIM/SPF and still don't get their emails delivered to Gmail/Outlook/Yahoo/etc. E.g. : https://news.ycombinator.com/item?id=32715437
One of the reasons for hard-to-diagnose sending failures is that Gmail/Outlook have "extra invisible rules" that override correct DKIM/SPF settings because spammers and phishers also have correct DKIM/SPF. So they use extra heuristics such as "ip reputation" etc.
And even after one gets it working, e.g. "submit some form" to Microsoft and wait a few days to get things unblocked... the deliverability may break again because of another "invisible heuristic".
EDIT to reply: >No, that's because your relay overwrites part of the header which makes dkim strict break. Change to relaxed or don't modify the header on your relay.
Delivery reliability can still break without using a relay.
In fact, this unreliability of 100% self-hosting at home is why some self-hosters split it into a hybrid setup and add an external relay for outgoing SMTP and only keep self-hosting for receiving email.
The fact is, big email providers have all the leverage and you will have to play their game ($$$) in order for your email to work everywhere.
It happened to me and that made me realize it's not worth the hassle. Good luck
Use Mail-in-a-box to get started [1]. You can literally set it up in a couple of hours by following the instructions and everything should just work.
After a few years, you can think about switching your personal correspondence to your new email.
[1] https://mailinabox.email./
I've looked (and tried) a few other projects in the past, but Stalwart was the easiest to setup, and I haven't had any issues with it so far.
[1] https://github.com/stalwartlabs/stalwart
This looks really nice, especially also for saas projects.
They all look about the same from a newb's perspective.
That said - receiving account sign-up emails is the absolute biggest pain in the backside with Mailinabox! The greylisting anti-spam feature relies on bouncing unknown senders and waiting for a retry. The trouble is, many legit sites just don't bother retrying. So email verification for new accounts and 2FA-type stuff often takes ages to come through, if at all. MIAB stubbornly has no easy, mail user-facing way to temporarily disable spam filtering and it's a real PITA at times.
I see that the only way to disable greylisting is to configure the underlying tool [1]. But it also means that SPAM will increase a lot.
[1] https://discourse.mailinabox.email/t/how-to-turn-off-edit-gr...
Email delivery and receiving is not hard, but it's inevitably going to be imperfect, no matter the provider you use. There are so many bad actors out there, it's surprising that it works as well as it does.
Those have nothing to do with being spam, right? Spam is about content, those are about authenticity. Anybody can send authentic trash, or unauthenticated gold.
There's a pretty good chance this is because Shopify is sending a lot of email users mark as spam, or is using the same mail server as someone who does. Then you marking them as not spam gives them a better score but the sender's reputation is still so bad that it can't break the threshold to stay out of the spam folder.
Hilarious Gmail addresses send tonnes of spam so filtering by provider doesn't do much there days anyway. But Google insists to continue
Seems like we had the opposite problem 10ish years ago. But now the pendulum has swung a bit too far in the other direction.
Ultimately most of the spam I get these days is actually from individuals doing low volume cold outreach from personal email addresses...not companies sending bulk. The new gmail unsubscribe feature works great for marketing emails but is worthless against cold email spam -- which somehow rarely ever lands in spam.
This is a great guide that's been used and updated for many years:
https://www.purplehat.org/?page_id=1450
Once hosting email for yourself, you may want to add new project-specific domains, or host email for friends and family. The database user accounts actually make it easier to add and remove users after the system is up and running.
This Purplehat guide provides a step by step procedure that's allowed many people and orgs to bring self-hosted email online...
https://workaround.org/ispmail-bookworm/
I set up my own server more or less following the above guide, but eschewed the database in favor of plain text files. I wanted to keep things simple since I am the only user, but the above guide should scale to big enterprise setups.
A simple docker compose up can get a reasonably working setup [1]
[0]https://github.com/hyvor/relay [1]https://relay.hyvor.com/hosting/deploy-easy
If you do it yourself and do it correct it's a pleasure. I have automatic updates with automatic reboot, tailored systemd to make sure all is well and status reports per mail - total bliss, easy 2-3 years, with trixie now even 5 until you have to touch it again.
It's mature software.
Host yourself! The peace of mind and control is totally worth it.