I feel somewhat dirty saying this, but I'm a fan of Office 365. Exchange support, fantastic customer service, and I feel like if I'm paying money, I'm actually the customer.
NSA's got all my shit anyway, at this point. If I can find an equivalent product that doesn't have the .gov down their throats, I'll jump ship tomorrow. But for now...
The hard part about setting up your own email server is, by far, ensuring deliverability. New/dynamic addresses tend to not be trusted by other mail servers, so that is really the most "dangerous"/time consuming part. So, why not do the following?:
* Set up your home server to accept email. If it goes down for a few hours, hey, pretty much every mail server will retry for a few days, so you're pretty much guaranteed to get all messages.
* Set up your home mail server to use something like Mailgun or Mandrill to actually send messages. I'm using Mailgun and they have a fantastic interface, giving me a checklist of things I need to do to be able to send emails with pretty much guaranteed deliverability (DomainKeys, SPF, etc).
This would both allow you to receive mail on any domain you wanted, keep your email safe from the NSA/whoever (you can make your home server TLS-only) and ensure that you can send email from any domain you own with great deliverability. Plus, it's free (unless you hit Mailgun's 10k mails/month limit, which is pretty unlikely).
This could pretty much be a Docker image, so setting it up would just be a "docker run some/image". I have various domains, and right now using Gmail is a pain in the ass because I can't change my primary domain. I have to keep my Google identity tied to my 10-year-old email address even though I never use it any more.
I'd lose spam filtering and search, but eh, there are good spam filters around.
How does this prevent the NSA from reading your email? Your outbound email will be unencrypted in general. If your inbound server only accepts TLS, then you're going to have a hard time receiving email, right? Or do I wildly misunderstand the state of SMTP encryption?
It seems to me that until DNSSEC becomes widespread, there isn't secure way to mandate TLS. (OK you could come up with some hack using HTTPS, like check https://domain.com/smtpsettings for each domain to determine if TLS is required.)
Of course running your own server does prevent wiretaps being implemented by Google, or retroactive access to your mailbox. But it's hardly "keeping your email safe from the NSA".
STLS for opportunistic encryption will increase the likelihood that your outbound mail is in fact encrypted. Still not a guarantee.
A large number of major email providers support STLS, so the uptake is better than you might think. A lot of smaller shops don't. How that affects you will really depend on what your mail use patterns are.
And you can always use PGP/MIME or S/MIME. That's increasingly prevalent in corporate networks, though starting from near nil it's still pretty near nil.
I do this (but will argue doing it under some free limit misses the point: man up and pay for your use...); in my case I'm using either AuthSMTP or CritSend for my personal manually-sent outgoing mail (I don't remember which; I have accounts with both).
Of course you should pay for this, but, at $0.5 for the first thousand emails after 10k, you'd have to try very hard to pay even a buck. I use them for all my products, though, and pay them gladly.
"New/dynamic addresses tend to not be trusted by other mail servers"
Running my own mail server for over a decade, and never had a deliverability problem. Of course, you shouldn't try to send from a dynamic IP, but what is a "new" address?
I mean SMTP servers with no reputation. I've been running my own server for years, but I never looked much into it, I am led to believe that the server must have good reputation to avoid spam lists, is that not so?
An IP gets on spam lists if spam is sent out from that IP, or, sometimes, another "nearby" address. You can't get a good reputation, you're just on one or more spam lists, or you're not. Doesn't matter how long you've been around.
That's actually a really good idea, especially as reliability will be higher. My connection rarely drops and I have a static IPv6 too so DNS may be far easier to configure.
Edit: An idea to ease transition would be to setup the vacation responder in gmail to remind your contacts about your new address.
Yeah, your mail would be going to your@name.tld and your old address (assuming it's gmail or something?) would use a vacation responder. I'm against forwarding mail as people will continue using my old address. Put your foot down and tell people to use your new address.
Else you'll never be able to close your google account.
+1 for a write up. Last time I tried making a mail server I got it to send mail but it couldn't receive any.
Great, setting this up will be my next post, then (for reference, my site is (http://www.stavros.io/, subscribe to my mailing list to be notified of new posts: http://eepurl.com/BbHo5).
Coincidentally, I wrote about the first half of this setup yesterday:
I think I might hit 10k emails a month if I subscribe for a few more mailing lists, though I guess I could stand to unsub from a few. Otherwise I think that's a pretty decent solution.
NSA's got all my shit anyway, at this point. If I can find an equivalent product that doesn't have the .gov down their throats, I'll jump ship tomorrow. But for now...