It's stories like these that reinforce my own justification for running my own email server.
I would recommend you run your own email server - it's both fun (you get to set it up yourself, add any features you want), and rewarding (you don't have to worry about the "rug being swept from under your feet"). The only caveat is time - time for SMTP servers around the world to know that your mail server's IP is not sending spam - and filling out some forms to unblock the server's IP address.
Since moving in 2014, I have had no hassles at all, and I continue to tweak things to my liking.
In a past life I ran email services for a small business, and then a medium business, it was a full time job, just keeping us out of the spam blacklists, keeping things patched up, ecosystem changes (e.g. new DNS records every few years, new security requirements, etc) and filtering incoming spam/malware/philishing attempts.
If people want to setup email for educational reasons, go ahead, but running one over a longer period isn't wise and frankly many wouldn't put enough time and effort into it to do it well. It is absolutely not set and forget, you'll need to baby it daily indefinitely.
When people ask me what I recommend? I tell them outsource email to a major provider and use your limited time/effort elsewhere. Better rate of return by far.
I disagree with the full time job. When you run it for yourself and your family it is not that much work (if you have to support lots of people, different story). Particularly if you don't have to deal with the hardware (VM). To me the biggest objection is cost, and technical complexity to set up.
For managing spam, I found that the best solution when you own your own domain is to give a different alias to anyone who wants your email and keep a record of the mapping (I had to create a little website that does that for me). If you start receiving spam, then just delete that alias (this is why the "+" alias feature in gmail not really useful, plus it leaks the underlying email). I use Smartermail, which runs on windows, and allows you to reply to an email from the alias it was sent to. This is a low maintenance, zero spam solution.
For patching, windows patches itself. You need to update smatermail manually though, so it takes about 10 minutes every month or so. I automated the renewal of certificates with letsencrypt.
The only thing that has been a source of worry and requires to keep an eye on is failed login attempts (I scripted it but it is worth monitoring). Once I had created a test email account with a weak password, and some spambot got access to it by bruteforcing passwords in smtp. Then it started sending tens of thousands of spam emails from that account, which got me on gmail's blacklist for a month, even if the whole event lasted less than one hour (smatermail notified me of the suspected spam activity).
If you want to send emails, don't run it from home. Most mail server will increase the spam level of an email coming from a dynamic ip or where the reverse dns doesn't match the name of the server.
If you just want to receive emails, then it depends how long is your downtime. Smtp requires that the sending server makes several attempts if the first failed, so if you are only off for a few minutes to a few hours, you will get your emails, just delayed. If full day downtime then this is not a viable solution.
If you need to send emails, then you kind of have to host your server in a datacentre. A cheap VM should probably be a good solution for a first attempt. You will still get downtime occasionally (update OS, update mail software, problem with your hosting provider). A cheap solution is to set up a failover server at home since it is only to receive emails while the primary server is down, with a lax retry policy (up to a few days).
A lot of IP ranges from cheap VM (and bare metal) providers are included in many blacklists since those ranges were (predictably?) abused by spammers in the past. Some companies are fighting this by denying outgoing traffic to port 25 until you fill a support ticket now, but whatever is in the blacklists will (probably) stay in the blacklists. Even buying your own IPv4 range does not guarantee it was not used by spammers in the past, and you will have to fight the blacklists owners to have it removed...
If you want to be sure your mail gets to someone else, things are going to be more complicated than setting up an SMTP+IMAP server combo, and after dealing with it in the past for work I'm happily outsourcing the pain to fastmail nowadays. :)
Blacklist owners are fairly reasonable. You do need to have an IP dedicated enough that your Reverse DNS can be set to your domain, and then pretty much all blacklists will honor a request to delist it or whitelist it. I've dealt with a couple of them at work.
You don't need to avoid it. Email was designed in the age of unreliable connections. It can withstand downtime just fine.
Almost every mail server retries for a few days, so you'll get your message, just late. Those few mail systems that don't retry have issues with greylisting - and unless you're fond of stories about Nigerian princes in distress, you're going to use that as the first anti-spam measure anyway.
It can only withstand so much downtime though. What if you don't have access to your server for a week? Heck, even a couple days can screw things up. So much email is time-sensitive. From transit delay notifications to message notifications and bank alerts... to actual humans that matter in your life trying to get something from you by tomorrow thinking you'll get their emails as usual. Maybe it's just me but I just don't see how "oh it's chill if my emails get randomly delayed for a day or two" would fly in today's world. Intentionally going off the grid after you've prepared for it is one thing, but having your email randomly go out without any warning in a potentially awfully inopportune time is quite something else...
> What if you don't have access to your server for a week?
Then you've chosen a bad service provider(s) to host/colocate/peer with.
Actually, you should notice this situation pretty much immediately you're online - because most likely your IMAP server would be down - and every single email client I've used had started to display warnings.
If you have more complex setup with separate MTA so your IMAPd may be online while your STMP service's unreachable, then you should set up monitoring system and deliver alerts either using local delivery or any out-of-band mechanisms (like SMS).
Also, you can set up a backup MX. Or two. Or more. Email has failover/HA since forever.
I highly recommend FastMail for a paid email provider. Their support staff is quick to respond, and it’s nice to be a customer instead of a product (i.e. pay for the service instead of getting it for free with ads)
I second this. I ran my own mail server for a couple of years (a good educational experience), but after a while I figured it was far less hassle to pay someone else to deal with it.
FastMail have been an excellent email provider, and support has always been responsive and useful.
FastMail is amazing; there were a few hiccups early on with the native iOS productivity apps but its been smooth sailing for years now.
If you can, definitely try to run your own mail server for the experience but start of gradually, e.g. relay outbound email through an smtp service, and slowly add the different layers such as spam analysis, filtering, etc.
There are /so/ many layers to email these days that if you try to do it all at once you'll spend way too much time on just keeping the wheels from turning.
What? I have been managing my own mail server and domain for 10+ years now, and apart from a few days spent reading up on DKIM, DMARC, SPF, etc., it has been mostly set and forget.
I did the same for many years. Until I noticed that some people just never got my emails. Mostly people with business emails - I'd send something job related, and never hear back, just assuming they weren't interested. It took me a while to figure out that some email providers (outlook.com is one example) will just outright block small email hosts, despite following all the best practices like DKIM, DMARC, SPF. It's a lost cause trying to host your own email. I've been on fastmail for the last year or so with my custom domain, and it all seems to work great.
It's ironic that outlook.com blocked you when it itself is too costly to block in that you can't tell whether the message is important from a contact at say a Fortune 500 or another Nigerian scam.
Like you I ran my own stuff but possibly unlike I didn't encounter issues with recipients other than yahoo. I ran it from home from 2001 until last month and paid extra for a /29 static block from the phone company.
Only problem I had, and still have in the short term, is that one server's IP C block has been flagged by one spam service. And even though my server's IP gets a clean bill of health from all other SPAM services, outlook.com refuses to accept mail from that server. I had them white list the IP but it reverted shortly after that.
The ISP (strato) refuses to do anything about it, and not sure if there is anything they can do, so all I can do is vote with my feet.
Otherwise, running a personal mail server is hardly any effort at all. Use Webmin for admin.
> i say this is the exact reason running your own mail server in 2018 is problematic.
It's a reason why allowing these fairly core services to be provided by a shrinking group of organisations is equally problematic.
Maybe one day Google will decide that they get too much spam from outlook.com (or vice versa) and cut them off too. What are you going to do about it, set up your own mail server? Vote with your feet to another provider? Start a company doing the same? Good luck with that.
It's not the only mail server I have running but it is the only one that has this problem. So bye bye strato.
>.. it's the only one you know about.
In the case of outlook.com, there's a delivery failure message. My yardstick is gmail.com. If the mail is getting to gmail accounts then I'm confident that it's as good as it is going to get.
I have run email servers for myself and businesses. Every single headache I have had was related to some user having a shit password or malware on there PC and then spammers send spam from their address.
My personal email server has been hassle free. I use https://mailinabox.email/ which you just run the setup script and tell it your domain name and everything is set up correctly. It sends me an email every now and then saying it needs updating and thats all.
How do I set up mail in a box on a sub domain? Example.com is on outlook which I cannot disrupt but I’d like to set up and programmatically access all the emails coming to anything at dev.example.com
Preferably just query what emails do I have coming in for local name at dev dot example dot com
Deliverability is not a problem because I don’t intend to send any mail. Just need a sinkhole I can query. How difficult is this?
I haven't done it but I see no reason why it would be hard. You just tell it the domain to use which should be able to include the subdomain. One thing is that usually you point the domain's nameserver at the mailinabox server and it sets up all the right records for you. If you can do that on a subdomain then it's super easy. If not you just have to manually set all the records. Mailinabox shows you everything to set if you do it this way though.
> keeping us out of the spam blacklists, keeping things patched up, ecosystem changes (e.g. new DNS records every few years, new security requirements, etc) and filtering incoming spam/malware/philishing attempts
It is so easy to forget how much noise and junk gets passed around via email when I've had Google doing it for me for all these years...
Does a service (api?) exist where I can run my own email server but all email is forwarded to this service and it returns a Boolean for "is spam", then my local email server files it into a spam folder automatically. This way I always keep full control and can exclude forwarding emails from my contacts list.
rspamd is as good as it gets, you can run it locally, you need to train the filters "of course", but you can do it incrementally - as mail pours in you put spam into the spam folder [0], and rspamd (via rmilter via postfix) puts a X-Spam-Flag header into the mail, so sieve (part of dovecot) sorts if out [1].
of course, there are a bunch of cloud/hosted/SaaS versions, usually they front-proxy your email servers via MX records [2]
I have spend a handful of days over a decade and a half researching or experimenting with my family mail server config. Given that experience can be useful professionally, even if only to understand the services you are purchasing it seems like time well spent for an individual/family to me.
It depends what your focus is within the industry and how much you like to be hands on. If you are an auto mechanic you might service your own vehicle. If you sell vehicles or drive them professionally then perhaps not. It isn't like any single approach is right or any particular role is preferred.
I am an enterprise programmer by day and I've been running mail servers for 20 years both for hobbies and for private use. I rarely spend more than an evening per year, mostly to keep up with new developments in that space. A few years ago I deployed DMARC. Last year I registered in postmaster tools at Google, Yahooo, Yandex and a few others. This is it.
> It is absolutely not set and forget, you'll need to baby it daily indefinitely.
That sounds like you were doing something very fundamentally very wrong.
I definitely don't need to touch my mail server daily, nor any of the mail servers I manage for others. It's just doing its job, security updates get installed automatically, and every few years I need to do a debian upgrade, and possibly deploy some new security/anti-spam features. In between those upgrades, it's running unattended for many months with absolutely no problems. On average, I touch my mail server maybe once a year.
I can second this, but it’s a full 8 hour day once per year when some spamassassin or amavis config breaks in an update... not to mention the normal sysadmin stuff of backups, verifying backups, logging, monitoring, et c. It’s a big project to run a mailserver. (Source: been doing so for 21 years.)
Well, you also need backups with a "cloud" solution, so that's no difference.
As for monitoring: If you only run it for yourself or a small org, really, you can do just fine without monitoring. If the mail access side breaks, you'll notice, if the inbound side breaks, you'll probably also notice soon enough. But then, setting up a minimal monit that tells you when storage runs low or the MX is down really isn't that difficult either.
So, no, it's not a big project. It's as much of a big project as owning a car, probably less so, if you consider the amount of effort/time required (assuming you have an IT background, obviously).
"It’s quite likely that other, unauthorized folks, are touching your mail system more frequently than you with such a lax attitude."
This is complete nonsense. I cannot imagine that there is anything particularly magical that requires something other than regular security updates on any server.
Manual intervention is borne of changing requirements or broken things.
Why should an email server for a handful of users require a lot of manual intervention?
Could you explain where that magical unauthorized access to my systems should be coming from?
Really, you sound more like someone who has read some FUD marketing material than someone who knows how to write an exploit or has any other serious IT security expertise. I am pretty sure I never had any unauthorized access to my mail server in the last ~ 20 years that I've been doing this. Obviously, my system isn't immnune from exploitation, but neither are Protonmail's, and you are massively exaggerating the risk.
While I agree with setting up an email server not being a trivial endeavor, I managed to learn a lot and complete setup within a few hours by following one of the many available tutorials ([1], [2]) and the ongoing maintenance has been minimal.
I took the plunge about 4 years ago after being uncomfortable with the possibility of losing my main Gmail account. Ultimately, I decided that if I didn't own my email address, I was at the mercy of Gmail if anything went wrong. I came to the conclusion that losing my main email account would be more painful and time consuming than running my own server. At the time, I considered an alternative of owning my own domain and doing mail forwarding to Gmail or using a smaller email hosting provider, but decided there was value in learning more about how email worked.
It’s ok running your mail server until yahoo black list you and there is no recourse for 6 months other than all email to yahoo will be deferred permanently.
Unfortunately I know lots of people on yahoo (still) and no amount of brow beating appears to be changing that.
Paying for FastMail did the job for me in the end. It’s the least shit solution I’ve encountered so far. Note I didn’t use the word best.
>>>In a past life I ran email services for a small business, and then a medium business it was a full time job, just keeping us out of the spam blacklists
Running it onPrem using the ISP the is connected to office I bet... That is a common problem with small businesses as they do not properly setup the ISP service and many SPAM lists automatically add the dynamically assigned IP ranges of most ISP has these are not setup to allow hosted services across them so by default no one expect to see a email server on that type of connection. Thus it is blocked.
Outside of that companies like MailRoute can help with routing to email traffic, and provide some level of HA for your email services.
>> ecosystem changes (e.g. new DNS records every few years, new security requirements, etc)
SPF, DKIM, DMARC are not really new, nor have they changed much in years. Thought most people still fail at getting it right. I am dealing with an issue with my bank right now where one Division is not talking to another division but they all use the same main domain for sending email so of course SPF record does not have ALL of the mail servers listed ... sigh...
There are many 3rd parties out there providing these types of services, I would use them. MX Gaurd Dog is probably one of more reasonably priced services but there are all kinds of other from Mimecast to Proofpoint, and many many others
>>I tell them outsource email to a major provider and use your limited time/effort elsewhere. Better rate of return by far.
I am not opposed to that persay. I also advice my clients if they are going to do that, at minimum they need a email archiving solution that is NOT with that same provider so they do not have all of their critical communications locked up in a single point of failure. For better or worse many companies live and die by email and if Email data is lost that can be DEVASTATING to a company. Having it all locked into a service you do not control is a high risk business ending decision IMO
Is there not just an open-source pre-trained spam-filtering model (using whatever is the state of the art for these—guessing classical Bayesian filtering on word-tokens is no longer at all what Gmail is doing)? It’d be a nice complement to the open RBLs, no?
There is also the benefit of the spam filter service being "live updated," e.g. if a new type of spam message comes up it will get flagged since lots of users.
Ask an architect if it's difficult to build a house, and he'll scare you with tales of complexity. But that doesn't mean you can't build a shed yourself.
It can't be completely automated, but it isn't as difficult or time-consuming as people paint it to be (especially sysadmins!). I've been doing it for nearly 18 years now, maintenance takes perhaps 30 minutes every 2 months or so. There is more to do every 8 years or so, as Linux distributions go out of date, and your providers sometimes go out of business.
I have my suspicions as to all the FUD regarding running your own E-mail server. Secure personal E-mail distributed on many independent servers with automatic in-transit encryption is not in everyone's interest.
I believe most of the spam comes from your email address being leaked by a company or website. Not sure how what your TLD is has anything to do with it.
I feel like this particular issue happens most often when one uses a catchall, as spammers like to try common usernames and this setup will allow all of them to be received.
In those cases, I found that it helps to use an obscure subdomain that doesn't have a website attached to it (e.g. mailus.example.com).
Having to manage yet another public server is a stress on its own. Having to worry about server backups, security, DKIM, SPF, DMARC, avoid being blacklisted, etc made it even worse. Despite all of this I couldn't shake off the feeling that my mails went directly to the recipient's spam folder.
I'm not interested in maintaining mail servers. I can certainly do it, but my spare time is scarce.
Nowadays, I periodically sync all mailboxes to my laptop, so that they enter the backup chain I already have. If GSuite goes down or Google disables my account, I'll upload my backups to Fastmail, point the MX records there and go on with my life.
I find this setup way easier to understand and maintain than a mail server.
For many people, including me, it indeed isn't. That is the reason, after trying for months to run my own mail server, I gave up and settled on mailbox.org and slowly will move all my email to my email-id@my-own-domain including bank mails which is hosted by mailbox.
To be honest my biggest hesitation has been settling on a domain name :)
I have ".in" (my country) and ".net" of my first name (9 chars) and and ".im" of my nick name (first 4 chars of my first name) I have not been able to decide on which one to move to. May sound silly but I would like to know if there are studies on email address length and TLD choices.
I have catch-alls set up across several domains I own, they all go into one inbox and replies etc. are sent from the same email the original was addressed to, automatically.
I usually use one domain for casual use (like games, Twitch, anonymous services), one for semi-professional stuff (with my real name), and one for actual business.
Not really but if I can avoid it I would like to settle for just one primary domain that I would share everyone and ask them that my gmail addresses should be removed from their contacts for good. I would like to use it everywhere and get done with it for once and all. Otherwise I'll just keep waiting for that perfect domain (or first-name.com that a lawyer is squatting on since last 7-8 years).
One problem I see with .im is it's from a different country than mine and they can change the rules to allow only residents or so, or they can hike the renewal cost to something really high. Also, I am from India where .in is common so some people might confuse .im for .in. I am inching towards <9 char>.in or <9 char>.net (my first name), but then I am not sure whether I should give up my <4 char>.im (my nick name).
Also, mailbox.org supports up to just two domains in the plan I am paying for.
Genuine question: one reason everyone moved to Gmail is because it was so damn good at spam filtering. What do you use today? Spamassasin out of the box? Or plugins or modifications? Or something else entirely?
Mostly spamassasin, more or less out of the box. Also postscreen (only the pregreet test) [1] to keep out the dumbest kind of spambots. Works really great and not worse than my gmail account. I don't agree that gmail is damn good at spam filtering, it's quite average.
Spamassassin almost cost me my career. A manager at a big company over a team doing my "dream job" emailed me, and Spamassassin threw it straight in to the bit bucket for whatever arbitrary reason it did. Fortunately a recruiter at said company was more persistent and managed to get through to me by phone. That job ended up catapulting me onto a career "hockey stick," and if it weren't for that, I'd likely still be languishing in some sad corner of IBM.
At work we used Ironports for years until Cisco, as usual,started making a mess. Nowadays we use Mailcleaner with a little bit of tweaking in a VM. It's a little worse than IronPort when Ironport was good, but so much better than what Cisco's systems were doing for us when we shut the old system down.
On a side note, I really don't understand why people say it's hard to run a mail server, it really isn't. It can be hard if you go full postfix+spamassasin on plain config files and configure everything without any help. Since 2005, we've been running:
Exchange 2003
Exchange 2010
Exchange 2016
Watchguard smtp Proxies and antispam
External provider's antispam services
Cisco Ironports (first a dual node cluster with some older machines, then Cisco came and forced us to upgrade to some C170 which were slow as hell)
We've run through countless updates on the exchange servers, we have mailboxes with more than 50Gb of content, about 1Tb of database sizes, the biggest problem we had, came when we had a two node DAG in Exchange 2010 and the RPC Client Access Server didn't correctly change when Outlook 2007 was open leaving some clients trying to connect to the server that was rebooting. We've also changed IP addresses a few times, but if you change your SPF records correctly, and pay for a good IP range you won't have any problems. Sure, you can't have your mail server on an IP range flagged as spam, but you also wouldn't buy a 100.000 dollar car and put 50 dollar wheels on it!
In Spain at least, from a good ISP, and buying as a Business. Here you get two segments, mostly. Residential, which will leave you with banned SMTP and public IPs marked as spam everywhere. If you buy as a business, and from a trusted ISP, and tell them your use case, they will give you clean IPs. In our case, we're paying about a thousand euros a month for two optic fiber links with 100mbps up/download and two blocks of 8 public IPs, all of them completely clean.
I've been using SpamArrest for 15+ years. SpamArrest filters out 99% of spam. I have to whitelist all domains or email addresses the first time I correspond. It gives legitimate users an opportunity to get through.
clamav with Google's safebrowsing filter enabled blocks a great deal of junk. It eats RAM, though.
Looking in my logs, it looks like that plus a hard block on zen.spamhaus.org would be enough to remove almost all spam, though I'm not sure what the false positive rate would be like on the latter.
It's hard to keep it updated when you don't regularly use a desktop client and also don't want someone stealing your laptop to get a copy of all your emails.
That kind of encryption is not helpful when the laptop is already on. You need the kind that you can mount/unmount in when you're somewhere safe like at home. I'm also getting tired of these mindless persistent replies making me repeat my points over and over so this will be the last time I'll humor them.
I've been running my own E-mail server since 2001 or so. Contrary to what some people say, it is not a big hassle. Just make sure you set it up using a well-supported distribution (I chose Ubuntu, specifically because it is widely used), follow a good guide for setting up postfix+dovecot+amavis, update it regularly, and you'll be fine.
As for DNS, I'd recommend CloudFlare's free offering.
Overall, I spend minuscule amounts of time on maintenance (a total of 30 minutes per two months, perhaps?), and I have the comfort of being indepenendent.
I think we should all value our freedom and independence more.
> The only caveat is time - time for SMTP servers around the world to know that your mail server's IP is not sending spam - and filling out some forms to unblock the server's IP address.
You can save yourself a lot of hassle by using a mail relay with a good reputation for all outgoing mail. That's what I do: I run my own mail server so I have full control about spam filtering etc, all incoming mail goes directly to my server.
When I send an email my server does the DKIM signing itself and then forwards the message to an external realy (with SMTP Auth). I use https://posteo.de/en for that because it only costs 1 € per month, doesn't require any personal data to create an account and it lets you send emails with any from address (not having from address filtering is important here). Their servers have a good reputation so I have no problems having my mail delivered.
I believe most residential internet services block outgoing connections on port 25, so you would either need to upgrade to a business plan or pay for a cloud server to run your own email server.
Some vps services block 25 as well but it is usually configurable. The monthly cost of a vps is a few coffees and you get much more robust hardware and environmental conditions for your server and much better management tools. I did the home server thing well over a decade ago with a commodity pc sitting on a small ups. The main concern was leaving it running unattended when away from the house for any time. Especially during summer heatwaves. I found it wasn't a sustainable solution if you do any amount of travelling away from home.
Even if they don't block 25, most smtp server will increase the spam level if they receive an email from a dynamic Ip or and Ip which reverse DNS doesn't match the server name.
If you just want to receive emails then it's probably fine.
By that same logic, you might as well just use Fastmail and save yourself the hassle of running your own mailserver altogether - their cheapest plan is $3 a month (or $2.5 a month if you pay for a year at a time).
It's not at all a bad idea. When I had a look at all the pricings it seemed to be price per user. I have a few domains and loads of "users" on my $2.5 server. It's only me using it but I like to have different addresses for different things and it doesn't look like other hosts support this without paying the per user cost.
You can have multiple aliases for the same user. I have about 20-30 email addresses (across multiple domains) from my previous setup all aliased to my main FastMail account.
On top of that, FastMail has a killer feature if you like have different addresses for different things. For example, say your email is name@example.com and somewebsite.com is asking you to provide an email address.
You can just put in somewebsite@name.example.com and FastMail will automatically route that to your mail email as if you had used name+somewebsite@example.com. You don't need to do anything beforehand and can just create these emails on the fly when you encounter a sign-up form.
It simplifies things greatly and if you start getting spam on one, you can just block it.
I run mine on an Ubuntu LTS. About once every 2 weeks the server sends me an email about an update which just requires me to run apt update. I could even automate that if I wanted to.
I would suggest a hybrid: run your own incoming mail server, but use a trusted sender for outgoing mail. Fastmail is pretty good, but there are hundreds.
This doesn't solve any prying eyes business, but it does give you some agency over your e-mail. Meanwhile, your never have to worry about mail being marked spam. It just works.
Does anyone hosting even their immediate family email have a plan for what happens when they're hit by a bus? I've documented how my wife or executor accesses DNS settings and how to access the vendor portals. I can't imagine them, bright as they may be, doing anything more complex than that.
Mind if I ask what software you're using? I'm planning to do this soon, using qmail, just for the ability to have email integration with some personal project sites, and for the learning. I don't foresee discontinuing use of Fastmail for my personal email, but who knows.
If you don't mind windows, I can recommend smatermail. It does everything in a single package (smtp, imap, webmail). There is a free tier. There are also additional paid features, I pay for ActiveSync, mostly for the ease to configure a client to set up everything (contacts, calendar, emails). Plus they have a rest api so you can automate certain things.
Yeah but you don’t need to use all the features (I only use emails, contacts and calendar). Most of the defaults are reasonbable, you just need to harden the security a little bit.
I think running your own server is hard - hard not to wind up on spam lists almost impossible to be removed from. What I do, to keep a local copy of my email, is I run a pi that crons offlineimap twice a day to one disk, then another cron to rsync to another one.
> hard not to wind up on spam lists almost impossible to be removed from
I’ve been running my own infrastructure for years now and know various people that do this also. Not once have I heard about anyone winding up on a blacklist. The only way I could imagine that happening is either a new server inheriting a legacy IP with bad reputation, or possibly running your server inside a home ISP network, which are frequently rejected by MTAs. Is there any other way in your opinion?
There are various groups that run blacklists, which are checked by various spam filters and email providers. If you went up on one of their blacklists, in theory you can fill out a form with them to be taken off. (This has happened to me in the past I think due to being assigned an IP address that was previously used for spam, and I wasn't able to get off the list; I eventually had to get a new IP instead.)
I would recommend you run your own email server - it's both fun (you get to set it up yourself, add any features you want), and rewarding (you don't have to worry about the "rug being swept from under your feet"). The only caveat is time - time for SMTP servers around the world to know that your mail server's IP is not sending spam - and filling out some forms to unblock the server's IP address.
Since moving in 2014, I have had no hassles at all, and I continue to tweak things to my liking.