If You're Learning About It From Slate, Running Your Own Email Server Is A Horrendously Bad Idea
from the don't-do-this dept
So, Slate has a weird article by Nat Meysenburg suggesting that everyday people should run their own email servers. He admits up front that he doesn’t think Hillary Clinton should have run her own email server, but for lots of other people he declares it to be “a good idea.”
For years, I?ve been trying to convince people that there is value in having an email server in your closet. But few seemed to really get it, so I often found myself wishing for a high-profile example to illustrate why it is a good idea. That wish has, in a way, come true: The casual news consumer has had the pleasure of hearing about a ?private email server? quite a lot over the past year.
Except, beyond that, he’s basically wrong. Yes, if you’re really technologically savvy and want to do it, you can absolutely run your own email server. Though, honestly, it’s probably going to be kind of a pain, because you’ll need to constantly be patching it and protecting it, and even then it will probably be significantly less secure than if you use an online provider. Meysenberg is right on only one point, barely, and it’s that if you run your own email server, and the government wants to get access to it, at least you’ll know about it:
When your emails reside on a cloud provider?s server, the owners of that server are ultimately who decide when to let the government, or any other party, access those emails. In the case of your work?s server, those choices are made by your employer. In the case of Gmail (or any other cloud provider), this choice is typically made by the company?s legal team, based on its evaluation of the government?s demands. Most of the big companies, including Google, do have a policy of notifying users about demands before they hand over the requested data, which would give you an opportunity to assert your rights in court. However, there are many cases in which the government?s demand will be accompanied by a gag order forbidding the company from providing that notice.
And, thus, he notes:
Having a private server in your home side steps these uncertainties. At home you as a private individual have the ability determine who has access to your email inbox?just like you have a right to determine who has access to that box of old love letters from high school. By owning the server, all requests for data have to go through you (and/or your lawyers), and any confiscation of the physical hard drives on which your emails are stored requires a search warrant for your home. And unlike with email stored in the cloud, it will always be obvious if and when the police seize your email server.
But, of course, none of that stops the government from getting your server if they want it… it’s just that in this one case you’ll know about it.
And for what tradeoff? Well, there are some pretty big ones. If you’re not particularly skilled and experienced with online security issues, your personal email server is almost certainly significantly less secure than the big companies that have strong security teams and are constantly making it stronger and on the lookout for attacks. If you’re that good, you’re not learning about the issue of hosting your own email server for the first time in… Slate.
The article insists that it’s a myth that running your own server is a security nightmare, but I’ve yet to see an online security expert who agrees with that even remotely. Even the comments to the Slate piece are filled with IT folks screaming about what a bad idea this is.
In the end, this seems to be an issue of tradeoffs and skills. If you’re quite skilled with online security and you think the government might want secret access to your email, then maybe in some limited cases, it might make more sense for you to run your own server — though, even then you’re exposing yourself to being hacked by the government too, because, you know, they do that kind of thing also in some cases. Otherwise, you’re almost certainly opening yourself up to a home IT nightmare and a lot more trouble than it’s worth for significantly less security.
In short, even if you’re not Hillary Clinton, running your own email server is a bad idea. And if you’re just now getting the idea from Slate… then it’s a really bad idea.
Filed Under: email, email server, privacy, security, warrants
Comments on “If You're Learning About It From Slate, Running Your Own Email Server Is A Horrendously Bad Idea”
Even the comments to the Slate piece are filled with IT folks screaming about what a bad idea this is.
Well, only one way to respond to that: Shut down the comments and claim that they’re doing so because they care so much about their readers that they want to dump them elsewhere.
Re: Re:
Those IT guys are making the claim because they are fighting for relevance in a diminishing market for their skills. These IT guys are grasping. Everyone should be running their own email server. It’s that simple.
Reminds me of Windows UAC.
If you have to ask how to turn it off, you should leave it on.
If you don’t know 100% how to run a home server, any home server, you have more learning to do before you power one up.
Re: UAC
That’s not a hard and fast rule. When UAC was first introduced, everyone had to ask how to turn it off.
And I too turned it off for a few limited times. When setting up my family’s computers, I’d have to perform dozens of administrator actions, and each one caused one to three UAC prompts. Ever had to create a new folder in Program Files? That caused 2 that I remember – one to create the folder, and then one to rename it :-/ Even just looking at your own environment variables required administrator permissions. So I would enable the hidden administrator (which isn’t bothered by the UAC), set it up, then disable the administrator and reboot.
Eventually MS moved the UAC boundaries to make it much less onerous, and I haven’t needed to do that for a while now.
Also
I’ve found in Canada a lot of ISP’s are blocking port 25 unless you have a commercial account and fixed IP. Many email providers ( *cough* Google *cough* ) will refuse to accept email from an IP with no inverse IP DNS entry, or if the IP is indicated by the ISP as being a non-fixed address (i.e. DHCP home service) block. And… some email servers want an SPF record for your domain… which also needs MX records in DNS…
All in all – this is definitely not a job for someone who does not know computers. you don’t just download a program and start running it. You would have to be extra paranoid to see value in this.
Re: Also
If you don’t know what those terms mean you might not want to set up your own home server.
Re: Also
Port 25 is blocked but you can ask most to turn it on and most will. When you use encryption there are other ports. It also isn’t that expensive to ask for a static IP. Your DNS TXT record can be set up to verify you are a valid source. If everyone had their own email server we would not need Google’s gmail service, so it wouldn’t matter.
Once it is set up you spend nearly no energy/time maintaining it other than to do your normal patches that you’d do anyway as part of your computer’s update.
I would not recommend Microsoft technologies. Linux technologies I couldn’t recommend enough.
Re: Also
Most ISPs block inbound SMTP port 25. The workaround would be use a third-party relay service to receive emails on an alternative port (e.g. port 26). Some of providers are Dynu, dnsdynamic. You can use outbound SMTP relay service to send out emails as well. They only send and receive emails for you and do not keep a copy of your emails, so it is more private to some extent.
just no
Hell to the no. At my previous job, we switched from hosted e-mail to GAFE (Google Apps for Education) after a few years there. It was the happiest day of my 10-year IT career. The amount of time I spend on “Where’d my mystery e-mail go?”, blacklists, patching, spam management, etc, was tedious and frustrating. Goodbye, spamhaus. It is VERY easy to screw up managing an e-mail server. Open relay, anyone?
Something to look into if you aren't already.
http://www.foxnews.com/politics/2016/06/09/obama-administration-backs-plan-to-relinquish-internet-control.html
That’s only one of a few links I’ve found recently about this issue.
Re: Something to look into if you aren't already.
Off-topic… but we’ve written about this a few times. This was the most recent.
https://www.techdirt.com/articles/20160610/07561834679/yes-getting-us-government-out-managing-internet-domain-governance-is-good-thing.shtml
PGP/GPG
Email is profoundly difficult to secure. Some say it is inherently impossible to secure… your best bet, if you want to spend a little time and energy into learning an application, is to learn how to properly use PGP/GPG.
I’d wager its easier to learn PGP/GPG than it is to learn to maintain an email server. And when done right, PGP/GPG has greater potential for maintaining privacy than trying to run your own server.
Re: PGP/GPG
I’d wager its easier to learn PGP/GPG than it is to learn to maintain an email server. And when done right, PGP/GPG has greater potential for maintaining privacy than trying to run your own server.
No need to wager on that. I think it’s easily proven that learning PGP/GPG is SIGNIFICANTLY easier than setting up a home server — especially these days as newer tools have made email encryption easier.
If you want your own mail server on your own domain, you absolutely don’t want to host it at home. It’s a technical nightmare due to port 25 blocking and dynamic-IP-address issues. For your average person, their best bet’s to find a knowledgeable local geek who’ll take some money every month to maintain a server for them at a hosting company (if the geek’s already got their own server running, it’s very little work to add another domain to it).
Re: Re:
Most people that I know that run there own email servers usually don’t run it at home. Usually they are colocated at a DataCenter with reliable power, internet, and static public IPs with valid reverse DNS. But like the article, and even Mike says, if you want to run your own email server, well you should probably be a geek. Setting up everything securely with TLS/SSL, SPF, DKIM, DMARC, et al can be a bit troublesome even for knowledgeable people. Hence, I’ve received many requests from consultants to setup DKIM on Exchange servers. Proper setup of filtering can also be cumbersome but there’s a lot of free info out there, so not impossible.
Re: Re: Re:
Usually they are colocated at a DataCenter with reliable power, internet, and static public IPs with valid reverse DNS.
Now you’re talking about some real money though, so you’d better be getting significant benefit.
Re: Re: Re: Re:
Not really. On Linode you set up 2 servers, one for primary MX plus POP3/IMAP4 and one as a backup MX, for about $35/month. If you want to trim back to bare minimum you can get it down as low as $10/month (single instance of their smallest server, no backup MX and no data backup). For me the benefit’s being able to enforce my own policies on mail handling (“Spamhaus Zen list entry = reject and hang up, no exceptions” in particular kills 99% of the spam).
Re: Re: Re:2 Re:
On Linode…
I think AC was talking about putting your own server in a data center, not using a virtualized cloud server.
Re: Re: Re:
Along with the benefits o access for law enforcement, and concentrated data streams for them to tap.
What I want to know, is why is it so difficult to get a static IP in many of the so called democratic countries, as the lack of such is a majpr reason that true distributed systems for social networking are difficult to get adopted.
It wouldn’t the governments not wanting people to be able to communicate without being monitored would it?.
Re: Re: Re: Re:
What I want to know, is why is it so difficult to get a static IP in many of the so called democratic countries, as the lack of such is a majpr reason that true distributed systems for social networking are difficult to get adopted.
I would guess because of the scarcity of v4 IP addresses. It might become much easier to get a static v6 address, but inertia might cause ISPs to continue to deny or charge for the capability. Or, it could be as simple as it’s something they can charge for, so they do. After all, there’s little or no competition.
Nat Meysenburg doesn’t know dick about sendmail. And that is because sendmail is a bitch.
Re: Re:
Don’t use sendmail. Ever again. Since about 1998.
I don't think so...
Nope. I think the NSA probably has the tools available to get at any private email server a non-ubergeek would set up. They just need to use the magic phrase “terrorism investigation” and the FISA court will secretly grant them the right to hack the server. You will never know (until they knock on your door…)
I’m saddened by the fact no commenter, including the security experts on Twitter (actual ones and impostors with pop star profile pics alike), have nothing to say other than “Don’t do this, trust the experts at the megacorp”.
This is avoiding a much bigger conversation about an existential issue of the internet today: Is it “safe” at all to operate any device on it for anybody? Shouldn’t you leave operating your computer and your smartphone and your DVR to the experts, too, if the same security concerns apply? (Spoiler alert: The answer is yes). What about individual pieces of software? Your browser? Your instant messenger? Your spreadsheet? (Still yes).
Is the future of the internet for consumers just giant managed services packages? Do we eventually outlaw free software over security concerns? Do we get rid of the internet as a network of independently managed autonomous systems altogether and replace it something that is much more easily managed and regulated?
Hyperbole? Leap? Imagine for a moment that in the real world, a bunch of small nation states housed a population of mostly criminals that send out robots all over the world to automatically break into your house to steal your wallet. And if they can’t find a wallet, they put up advertising posters on every wall of your home and hide cameras in every corner instead. Or imagine living in the old west, if you aren’t into absurd speculative fiction. It couldn’t be allowed to go on, could it?
I am afraid that if the answer to the actual security problems of the internet is nothing but a laconic, “leave it to the experts and centralize”, you can pretty much start a countdown timer on the whole thing. I’m usually not much for the whole entrepreneurial innovator spirit thing, but I’d feel much better if at least a few folks piped up with good technical solutions for the challenge at hand instead. Or at the very least, if folks demanded those solutions, instead of going “hurr durr, just get gmail, idiot”.
Re: there is a solution to the cloud
I fully agree, but why are we in this sad state of security, one where it takes an expert to run any software at home?
It’s because our operating systems are designed like that!
Take 1980/90’s Unix for example. It was a multi user system where the users where professors and students. They needed a system where they could do whatever they wanted except destroying other people’s data. Unix offered exactly that. (And nothing more).
All current operting systems are still based upon that same basic architecture. And this architecture requires the end user to be responsible for their own data. The user must decide before running a program if it will be beneficial or harmful, the operating system won’t second guess the user.
This is the very reason that every click could lead to malware. And how is a user going to decide if a piece of javascript that is going to be downloaded is beneficial or harmfull before downloading? (That’s a mission impossible).
The solution:
There are other architectures for operating systems. These run every process in a sandbox. And programmers would break up monolithic process into separate services so, for example, a malicious jpeg image cannot infect the browser, it just leads to a broken image on the screen.
This German company is getting quite far into putting it into production.
http://genode.org.
Re: Don't try this at home...
If you’re going to try something at home, an email server would appear to be the worst place to start.
Better to start with running your own home router using OpenWRT or equivalent. Running your own router software will give you the opportunity to monitor what the rest of “your” devices are telling the world.
Then set up your own Tor hidden service so you can more safely access your own home stuff while traveling.
Devil's Advocate
To play devil’s advocate –
PRISM parses all of gmail for keyword or metadata “selectors”. Worrying about the government looking at your stuff is not limited to the government targeting you to begin with. Running your own email server is a huge benefit against government intrusion (unless you’re already suspected for a crime big enough that the FBI’s after you, in which case ¯_(ツ)_/¯ ).
Now, SECURITY wise, god no. You’ll be popped within the first few hours a 0-day for whatever email server software you’re using is publicized.
Or if you are worried about it, get protonmail and either live with the 500 mb limit, or fork up 7$ a month for bigger inbox and some custom domain support. Every mail between users is automatically PGP secured with keys only you own and all email from another non-protonmail user is encrypted with your public key upon arrival to their servers. Even if someone got through the legal system (which is hard in switzerland), it is unreadable without your cooperation.
The service is still under development, but is already really nice. Check it out: http://www.protonmail.com
There are so many points in here, that shouldn’t stand uncontested, I’ll pick two here:
The main reason I want my own e-mail server is simply that I do not want an ad network to read my e-mails and do who knows what with the collected data down the road. Plus I like to own my data, not some company. And even if I would trust a company I might not trust the next owners down the road. Yes, I can encrypt all my e-mail, but then I would need to convince everybody sending me e-mails to do the same, which isn’t going to happen anytime soon. So, we’re back at square one: I would have to trust a company. Never going to happen. Companies aren’t there to make the world a better place for me, they’re there to generate revenue.
Apart from that: running your own MX can be tricky. But naming updates as the problem is the wrong issue, since Linux distributions make the updates trivial (just make sure you’re subscribed to the security announcement channel and run your distributions update tool afterwards; if you want to be more proactive – never a bad idea – you can also subscribe to other security related channels and often know in advance about attacks and possible mitigations). Far worse is usually the configuration of an SMTP server, which many people get wrong and thus create an open relay. But hey, there are distributions specifically tailored to the “my own home server” case, which make all this very easy.
Re: Re:
okay (not being snarky, being sincere), then YOU write us a how-to guide on how to do our own email server that incorporates the safeguards you think will make life more bestest (sic) AND be a better alternative than (semi) trusting Big Data…
Re: Re: Re:
Re: Re:
But hey, there are distributions specifically tailored to the “my own home server” case, which make all this very easy.
“Very easy” is a relative term. Easy for someone comfortable with installing and configuring Linux server software? Sure. Easy for the average Slate reader? No way.
Re: Re:
email why not , cloud AND server?
Now Im no computer guy, but why not have a combination of the both. Firstly a local computer program which holds copies all the emails sent and received from the server, but locally on your home PC ( like in the good old days) , but which then also sends and receives copies to your cloud(internet) email provider – like gmail.
like I said, not an IT guy, but would this be an difficult thing to do?
Re: email why not , cloud AND server?
That’s been done, AL, if I’m not mistaken: It’s called Outlook.
Re: Re: email why not , cloud AND server?
IMAP
Doesn’t all this boil down to point to point encryption?
That’s what it’s for in the first place. To prevent people in the middle from reading your mail, no matter who they are.
Very low wattage
The issue is preserving privacy versus a form convenience. The best way to preserve privacy is to have more control of your infrastructure thus your own email server. But most people, including most geeks, do not have the skills or time to properly run a personal email server. Thus for most using an email provider is the better option.
Overlooked in this issue is the fact that plain text emails are just look a snail mail postcard; anyone can read it while in transit. Having your own email server does not stop this.
Re: Very low wattage
Exactly… In transit PRISM hoovers up everything on the wire including all email and can probably put those in the NSA’s “email server”.
DIY for Dummies
Can’t wait for next month’s Good Housekeeping article “Avoid inconvenient recalls by building your automobile yourself.”
Re: DIY for Dummies
Naaa, I think it’ll be “Build your own IPV6 internet for your friends and family to use.”.
Re: Re: DIY for Dummies
Funny enough, IPv6 kind of comes with this implicit promise/possibility of re-decentralizing basic services on the internet. As time goes on, I keep wondering more and more if that might be a reason why deployment to end-users is stalled so hard by so many actors.
I've run several
When I had business service to my house (static IP), I had a home mail server. My first one was running OpenVMS, so it was a very unusual target for the vast majority of target vectors. I’ve written my own custom milters to help with security and spam, which has been entertaining.
Of course, being a home server, it’s not trying to handle thousands of email addresses or clients, nor ever having to deal with State communications, FOIA requests, or classified documents.
For tech types
If you’re moderately technical enough, you can use mailinabox.email. It doesn’t cost that much for a domain and a VPS instance to run one. It has security, frequent updates, and lets encrypt integration. It’s open source.
It’s not for everyone, though. And it’s not intended to be.
I’ll agree that if you are learning about it from slate you shouldn’t be running your own mail server but if you know what you are doing I think it’s way better to run your own mail server.
They’ll have to pry my mail server out of my cold dead fingers.
Re: Re:
I’ll agree that if you are learning about it from slate you shouldn’t be running your own mail server but if you know what you are doing I think it’s way better to run your own mail server.
Way better why?
It's not that hard.
Setting up a mail server on Mac OSX is not that hard. Server.app largely does the work for you, although it is a bit quirky. Even on Ubuntu Linux, a basic set-up just involves a sequence of sudo apt-get and maybe tweaking a couple configuration files. Postfix is way easier than sendmail. Would I recommend this for everyone? No. But for a home enthusiast, it should be no big deal. One thing to worry about is that if we let the consolidation of mail continue, it will become harder for independent mail servers to be set up as the big mail providers will conform less to standards and will be less flexible in where they allow mail to be received from. The issue already comes up with how competing large vendors like Google and Comcast handle PTR records slightly differently making it hard for a small vendor to keep them all happy. In terms of security, lots of diverse, small targets moderately well-secured is probably better for the world than a couple big target slightly better secured: (a) big target is more interesting to attack and might not involve much more effort, (b) the amount of data that is lost when a big target is compromised is way more damaging.
I’ve been running Exchange since 2000 and there have been many times I have asked myself why I put myself through it. The time, expense, and worrying. It’s not something you can set and forget.
as if it fucking matters
most people cannot truly afford lawyers to begin with
the thought that by having an email server in your home you’ll magically also have access to a lawyer to stop the government from snooping is absurd
Horrendous article
I’m mostly pro-Techdirt. On this I am completely against what Mike is claiming. I run my own email server. Most businesses run their own email servers. Most people don’t run their own email server because back when email was being fleshed out few had internet 24/7 and computers were expensive. These days virtually everyone has 24/7 email and computers are cheap and more than powerful enough. On top of that you can get free certificates from letsencrypt. Besides Mike is talking hypothetical while I am (as well as the guy he refers to in his post) practice. I don’t find the drawbacks that Mike lists and I can guarantee you that the government isn’t going to target me nor will they get in legally without a warrant, and then they won’t get in with a warrant or subpoena without me knowing and fighting at least the latter.
Mike is wrong about patching and maintaining the server. In the beginning people used to run their servers with dial up access. That meant that they would dial up in the middle of the night connect and collect their email. Same with news servers. As far as maintenance of the server goes patches are just that and they are no more difficult to do than it would be for someone running Linux as their desktop computer, or someone working on a raspberry pi project. Doing patches is as simple as doing updates that you would normally do to keep a Linux workstation updated. Also, there are Linux distributions for everything you can imagine so it isn’t beyond conceiving that a distribution image couldn’t be created for an email server where the installer prompts for the necessary credentials providing instructions to make the process simple to setup.
There are a few guides that are very good at covering all the bases. In the end when completed you have a solid secure server capable of eliminating spam and malware.
If you stick with the status quo you are likely to get caught up in the mass breaches and your privacy cannot be guaranteed. When you do it yourself you are a much smaller target and you have control over who can access your server.
I am someone that’s been in the industry for over 30 years and it troubles me to no end that everyone doesn’t maintain their own email servers. In the time that I have maintained my own email server I have had zero incidents and little to no need for maintenance, except for updates and patches that come as part of my daily routine.
Re: Horrendous article
I meant to say 24/7 internet (rather than 24/7 email).
Re: Horrendous article
I am someone that’s been in the industry for over 30 years…
Therefore you are not who Mike is talking about. Picture someone who doesn’t know the difference between the internet and a web browser trying to set up and maintain their own email server. It’s ludicrous. As an IT professional, it’s very easy to lose perspective on the skill and knowledge gap between people like you and people who can barely manage to operate their smartphones. My brother in law asked me to set up Pandora on his Kindle tablet (the only reason he has it at all is because it’s a gift) because he had no clue how to do it. And you want this person to set up an email server? He wouldn’t even know what the word “server” means.
Re: Re: Horrendous article
Mike isn’t talking to/about who you are talking about. Here’s why. Everyone can run their own email server after paying to have someone properly securely set it up.
My point is that everyone should have their own email server. Some people don’t set up their own stereo system. They pay someone more experienced. The same goes for email servers. After an email server is properly set up it takes little maintenance.
Frankly, Mike doesn’t know who he’s talking to/about. He’s just wrong.
Re: Re: Re: Horrendous article
Everyone can run their own email server after paying to have someone properly securely set it up.
To even get to that point, you have to understand what an email server is, the fact that it’s possible to have one in one’s home, that one can pay someone to set it up, and why one might want to. You’re still massively overestimating the technical savvy of a whole lot of people.
After an email server is properly set up it takes little maintenance.
And who is going to do that little maintenance? The guy who wouldn’t even know how to install antivirus on Windows? He’s going to keep a Linux installation up to date?
Besides that, there are reasons not to do it. For example, if you’re away from home and any of the following fail, you can’t get your email:
– the power at your house (even if it comes back on you have to make sure everything is set up to reboot when power is restored)
– your home internet connection
– the router
– the cable/DSL modem if any
– the server itself or any critical components therein
Use a good third party provider and there’s backup for all that stuff.
As someone who actually has their own email server
It’s definitely not something your average person can do, let alone actually securing it