Why I (Partially) Self-Host My Emails And Don't Use E2E Email Providers

Over the years, I've been managing my emails in a lot of different ways: Gmail and such, 100% self-hosted, and 3rd party hosting with my own domain names (with both standard and "E2E" encrypted emails.) Recently, I started using a 3rd party service to receive and sent emails, and to host my own IMAP server to store them. In this article, I will explain how I came to this solution, why I think that it is good (at least for my use case,) and present multiple advantages and issues of major existing solutions.

The Genesis: Mainstream email providers

Like most people, my first email accounts were with mainstream email providers. The very first one was Yahoo if I remember well. Then I got a bunch of others with different services; all of them were using the provider's domain (i.e. [email protected], ...)

Today, I wouldn't recommend people to do that. Using an email provider and an email owned by it means that the address is never really yours: If the provider decides that it doesn't want to deal with you anymore, it can arbitrarily close your account, and you have no appeal. You will potentially lose all your emails (unless you have proper backups - for that I recommend simply using Thunderbird to keep a local offline copy of your whole mailbox) and have a very bad time because your accounts are linked to this email address that you can't access anymore.

One way to reduce the risk is to get your own domain name and use it to receive emails (e.g. [email protected] rather than [email protected].) This way, even if Google decides that they don't like you, you can redirect your domain to another provider, and keep the same email address. Sure, a domain name is never really yours either, you are just renting it, but if you take care of the renewal properly it is very unlikely that you would lose it.

If do get your own domain name, I wouldn't recommend using Google, Outlook, and such to host your emails though, as they have a history of reading your emails, and referencing the links contained in them in search engines, ... If you decide that you don't care about privacy, they do however work very well.

That escalated quickly: Self-hosting

At some point, I got tech-savvy enough and decided that I wanted to have more control over my emails, so I bought a couple of domain names and set up my own email server. Sure, it took a decent amount of time to manage it, but that was a great learning experience, and I discovered the joys of having a catch-all domain allowing me to easily create an email address per service. After a few years, however, I got tired of the maintenance burden and decided to stop. My takeaway from this time is:

  • If you have your own email server, you will spend a lot of time maintaining it, and it will cost more than using a third-party service
  • Even if you do things correctly, you will have to deal with spam, your emails being arbitrarily rejected by big services, software failing, ...
  • You either have to maintain and pay for multiple servers, or accept that if your server crashes it can cause various degrees of inconvenience
  • By default, this is not necessarily all good for privacy. If you host multiple domains (e.g. one with your name, and one not tied to you,) they will eventually be associated together on domains history search engines
  • You can choose what systems you want to install and personalize them, but most open-source software will have fewer features than what you could have by paying a third-party service
  • You have complete control over your mailbox, and nobody else can theoretically access it. (Well, your hosting provider theoretically could... and the provider of people sending you emails...)

Take it easy: Email hosting service

One time, my email server had a pretty bad crash the night before I was due to leave for a few weeks holidays without a computer, and that was the final straw that made me think "Okay, it's been nice and everything, but let's use a hosting provider."

From there, I found an email hosting service with a good reputation and that I trust to not invade my privacy, and have been using it for years. Compared to maintaining a server, it is less expensive, takes no time, is more reliable, and is more user-friendly (feature-wise.) If I ever need to use a different email provider, it literally takes 5 minutes to edit my DNS entries.

Sure, there is some loss of privacy (although it is now not easily possible to tie my multiple domain names together,) but a big gain of convenience (and this is still way better than Outlook or whatnot.)

E2E Encrypted Service

After some years, I got myself thinking: "My email provider is nice and I have no complaints. But what if they got hacked? I would have years of emails in the wild. Let's try to use a provider storing emails E2E encrypted." I tried one for a bit (ProtonMail,) did some more thinking, and I am not convinced.

My opinion on E2E email providers is:

  • You will lose a lot of features compared to a normal mailbox (for example a working search engine)
  • You will pay a lot more for less (e.g. very limited number of domain names you can link to your account)
  • Most (all?) of them have either no way to import/export emails with IMAP (or at all), or it is unreliable, buggy, and/or inconvenient
  • If the provider sells you some "We're in Switzerland therefore you are fine from any spying," I wouldn't buy it
  • Sure, your emails are encrypted, but when they will only be after your provider receives and processes them. Even then, the subject, sender, and receiver will not be encrypted, which is enough to make a good guess about a lot of things
  • They can however make PGP-encrypted conversation with people using the same service as you easier than taking care of it manually

Especially considering that I usually don't use emails to have conversations or send overly sensitive things, all the inconveniences just don't make sense for my usage in front of the few advantages.

Self-Hosted IMAP Server + Email Hosting Service

After my inconclusive trial of an E2E encrypted email service, I just thought of another solution that I'm currently experimenting with:

  • I use third-party providers to receive and send emails with my domain names
  • I have an IMAP-only server with Dovecot that I use the store and access my emails
  • Every week, I move my emails from the third-party provider to my IMAP server (for some mailboxes that I only use to receive emails, I fetch them automatically with getmail)

The goods points of this solution are that:

  • I can easily access my emails from any of my devices (if that wasn't part of what I wanted, I would just have set up my email client as POP3 and kept everything local on a single device.)
  • The email providers only have a limited number of my emails at a given time, which means that in case of a hack, indiscreet employee, or whatever, I would likely have limited data exposure
  • If there is a mailbox that I don't want to be tied to me, this is very easy to add it to my getmail config and have its content pulled into my mailbox
  • An IMAP Dovecot configuration is easy to maintain and doesn't require an extensive amount of time. Should the server go down, I don't have to rush to fix it as it would have very little impact

Sure, my IMAP server can also get hacked, but Risk = Threat * Vulnerability. It is unlikely that someone will put much effort into hacking a random IMAP server, the attack surface is limited, and I properly update and monitor the server.


Sources and Credits

Cover Photo by Krsto Jevtic