In the early 2000s it was the height of geek fashion to run your own e-mail server—then along came Gmail with two gigabytes of free storage and excellent spam filtering. Now even most people with their own domain names use e-mail provided by Google, Microsoft or their Internet Service Provider (ISP). You may even be using Gmail or Hotmail without knowing it: over the last few years many universities and other organizations have outsourced their e-mail to these services.
The recent revelations about PRISM and other communications surveillance programs ought to make people consider alternatives to commercial e-mail services. Running your own server, as I've been doing since 2003, requires some willingness to dig into technical details but costs nothing in functionality. I can access my e-mail from anywhere in the world using ordinary desktop software, smart phones or Web browsers, and the spam filtering is just as effective. Because latter-day developments like Twitter or Facebook require users adapt to their software, some people have forgotten e-mail is an open standard that dates to the dawn of the Internet. The price of being your own system administrator is an occasional day of technical pain while updating the host machine or the server software.
Is it worth your trouble? I think so, but only you can decide. To help, I’ve spelled out the disadvantages, advantages and what you’ll need to start hosting your own e-mail.
You own your own e-mail. You will never have to beg and plead with an automated reply system located at a call center in India to try to get your e-mail back because your account got accidentally deleted. You will also have greater control over spam and malware filtering.
Although someone targeting you for surveillance can still access your Internet traffic, if they want access to your entire archive of e-mail they cannot gain it secretly via a private arrangement with a large company. Someone who wants your data will have to come to you directly.
In addition, you can turn on encryption between servers when sending e-mail, preventing prospective spies from logging the details of what you send. That means additional protection for your traffic data-that is, records of the recipients, dates and times of your messages. You will also be free from automated analysis by companies like Google, who process your data in order to display relevant ads when you use their sites. Incoming e-mail comes directly to your server, and will not be seen or logged by your ISP (though the sender's ISP may track it). You are also protected against random interface design changes.
There is something extraordinarily empowering about firing up e-mail software, connecting to your own server and retrieving your messages. Being in charge of a fundamental part of your communications life can restore your view of the Internet as a modern marvel.
A consequence of spam has been increasing centralization, so when your small, unknown mail server tries to deliver e-mail to a remote host, that host may suspect your server is part of a botnet sending spam and mark or discard your e-mail accordingly. There is a way around this: most mail servers can be set to deliver e-mail directly to the receiving servers or hand it off to your ISP's rather larger and better-known server for onward delivery. Choosing the latter option means your ISP (and any prying eyes it authorizes) can monitor your outgoing e-mail, but the message will arrive at its destination nonetheless.
Running your own server will not protect you from all surveillance. As Richard Clayton, a researcher at the University of Cambridge’s Computer Laboratory, notes, if someone has a warrant that targets you for surveillance, they will tap your Internet connection and listen to everything going up and down that link, including e-mail.
You also risk disruption in case of power or broadband outages, server crashes and the like. My last outage occurred because my ADSL modem failed to log back in correctly after a network outage in January 2012. You must get the server's configuration right so you don't accidentally set up a facility spammers can use, something they will fall upon with loud cries of delight.
If you send an e-mail to a contact who uses a major service like Gmail, that message won’t be any better protected than if you used the service yourself. Plus, many domains outsource their e-mail to these services.
And there's no getting around that occasional day of technical pain—unless you can find a geek friend who already runs a server and will give you an e-mail address.
What you need to get started
If you decide that running your own e-mail server is worth the trouble, here is what you’ll need:
—A domain name, which you may already have if you have a Web site. You need a registrar that allows you to edit the domain name system (DNS) record so you can specify where your server is. My registrar, PairNIC, provides basic instructions.
—An ISP whose terms and conditions permits you to run servers.
—A broadband connection with a permanent ("static") Internet (IP) address. This may mean upgrading to a business connection.
—A dedicated computer to host the server. This doesn't need to be anything elaborate, but you want to reduce the opportunities for the machine to crash, pick up malware or become compromised. My server is hosted on a five-year-old laptop running Windows 7 sitting in my hallway.
—Mail server software. I use CommuniGate, which is available for many operating system platforms and is free for up to five e-mail accounts. Wikipedia maintains a list of dozens of free and proprietary server options; I have friends who run Microsoft Exchange and Zimbra. Make sure whatever you choose runs on your machine's operating system, that you can understand its installation and configuration instructions, and that you will be able to integrate spam filtering and antivirus software.
—Spam filtering software. Your server may have a paid, proprietary option, but underneath almost all of them rely on the free open-source software SpamAssassin. If you choose to do so, installing this yourself will be the most difficult part of the venture. For CommuniGate, the job is easier because Daniel M. Zimmerman, a computer science professor at the University of Washington Tacoma, has written a Windows installation package called CGPSA with excellent instructions. Later versions of SpamAssassin update their own rules, so once it's installed it's largely self-maintaining.
—Malware filtering software. Buy, install, update.
—A backup plan. You are your own cloud provider now. Back up your server and e-mail archives regularly. Options include copying your data to DVD, USB thumb drive or another machine which you then store off-site, or making a deal with a friend in a different location to host live backups for one another. If you encrypt the backup files before uploading, you could consider storing the archive in the cloud.
—A failure plan. What if your server goes down or your broadband goes out when no one's available to fix it? Your DNS record can forward your e-mail to a specified server—or you may decide you can live with brief outages or circulate a backup address.