Privacy and security implications of selfhosting your emails

Introduction

Every time you see someone in search of a way to gain privacy mooving their emails from google to somewhere else and asking where they should moove there is two kind of responses. First, there is the peoples that will give privacy respecting email services like ProtonMail, TutaNota, Skiff... Then, there is the peoples that will just say that you cannot trust these services and that the only good way is to selfhost your mail server. I will try to explain why I think this second category is wrong in most if not all situations.

Security implication of selfhosting your email

The security implications of selfhosting your email server are already reminded under every reddit post of someone talking about it so i will not go too far into that but here are the main arguments.

The first point is that it is not easy to do, even with the new all in packages like mailinabox you still need some understanding of what you are doing. Then, even if this works, if you forget some basic configuration of your domain or to update your server you risk being the source of some spam emails and having to restart everything from nothing having to get a new ip and domain.

The second is that if you are using said packages and not installing everything by yourself it is hard to maintain. You need to check your domain reputation, your ip reputation, that everything is up to date and well configured…

There is also no E2E encryption by default, so if you want to encrypt your emails you also need to use PGP with everyone. While it is pretty much the same with “privacy respecting” email services there is still E2E enryption protocols between their users and as more and more peoples are using proton in the community it is easier. These services also have enryption at rest using your PGP key which I haven’t seen offered in any email selfhosting solution.

Privacy implication of selfhosting your email

The point that is always made agaisnt services like proton is that "they gave an ip to authorities". The thing is you can't selfhost your email server at home (most isp block the ports needed) and it add some security concerns. You will need to host your mail server or at least relay on an hosting provider which mean you are trusting an hosting provider more that these privacy oriented services that are encitivized to do the best they can to keep their reputation.

Maybe you are telling yourself “yes but I can encrypt my disks”. Without even talking about cold boot attacks (because it’s not like you will keep your email server offline) the problem is that every email going in and out of your server is directly connected to your server. It mean that you are unique on the network and can be easelly wiretaped. More than your mail being wiretaped in mean that every connection made to your server would be too, including yourself fetching your mails.

Privacy implication of using a “privacy respecting” email provider

The first one is that you cannot be sure that they do what they say. What if proton was really an honeypot and that the NSA is behind it like it has already been the case with Crypto AG ? What if they are not but a certain offer make them change ? You dont know and will not until it's too late.

The second one is metadata, on the internet every packet needs some informations to go from point a to point b. This is the case for you emails with the header not being hidden when using PGP but also for your IP adress being sent to the server on your access. While proton always had (as far as I can remember) a Transparency page stating that they would give out everything they could (pretty much only IP adresses and recovery informations) to a Swiss Court legal request it maybe was not as clear as people would have liked which make a lot of people loose trust in Proton.

The thing is, every point I made here is also true for selfhosting your own email server if not even more true. Getting your IP adress is easier because you are unique on the network. Getting your email metadata is even easier it just needs an access to your physical server or router.

Conclusion

To conclude, if you are an individual looking for more privacy for your emails there is so much you can do but it will never be perfect. You should always refer to your threat model to see what is better for you but if you don't need an email server for more than sending and recieving a few emails I don't see any benefit to selfhosting your email server.

As always, I am more than happy to discuss my thoughts with anyone. If you have any arguments that I may have missed (which I’m sure there are plenty, as I wrote this in under 15 minutes after reading another Reddit post), I would appreciate hearing them. Thanks for reading :)