On 2020-04-28, Pierre-Philipp Braun <pbr...@nethence.com> wrote: >> mail. Since I don't trust Google or pretty much any "free" provider at >> this point, that means doing it myself. Some steps (registering a >> domain, ordering business-class service or a static IP, etc) are >> self-evident. But after that, there's a lot I really need to learn > > Running your own inbound and outbound SMTP service on the public network is > not as easy today as it was 10+ years ago. You need to play with SPF, > eventually DKIM and DMARC (and the many false-positives you get bounced back > caused by mailing-lists subject and signatures), leverage DNSRBL (real time > blacklists), ideally enforce STARTTLS and accept the fact that nobody cares > about certificate validation on that front. Not mentioning having to deal > with Gmail and Microsoft's very agressive blacklists (up to the point where > it seems to be whitelists or at least reputation-based).
I'd say inbound is easier than 10 years ago, the software is better, and many of the people that don't know what they're doing that would have used to try to run it with trash software have just outsourced now. Outbound "it depends" but it's not usually too bad unless your mail server is on a dirty network range. (That restriction rules out many cheap colo places though). > Same goes for DNS. If you want to host your own, it's a whole new game now > with DNSSEC. Outside of certain network infrastructure (RIRs and DNS software vendors) and TLDs offering incentives (.se and .nl, maybe others) DNSSEC is still very rare. Do a lookup of a couple of dozen randomly chosen general purpose domains - I think you'll be lucky to find more than 1 or 2 signed.