Mh yeah, not all, but a couple of the most obvious ones would be:
- Secure environment (up-to-date OS, packages, security-hardened config, strict firewall, fail2ban etc.)
- Filter incoming and outgoing mail with rspamd, ClamAV, olefy, DNSBLs or similar tools
- Use SPF, DKIM signatures, DMARC reporting, DANE/TLSA records, MTA-STS policy and monitor reports regularly to ensure correct implementation. Also configure rDNS.
- Fully deploy DNSSEC to own domain and run a resolver that strictly checks it on your server (otherwise DANE checks do not make sense anyway)
- Run some light monitoring of server itself, DNS entries etc. from external to ensure everything is running stable
- Make it obvious for operators of other networks how to contact you in case of abuse etc., even if you would never send any spam
But I also know even in this small basic list there are already some controversial items included, ultimately it makes sense to run your own stuff when you become so opinionated on the tech behind it that you really want to do it yourself I guess.
For an email server, a core issue is IP reputation. IP blocks from ASes used for residential internet access usually are not what you want. You also don’t really want your IP address to be changing ever, which might happen with residential internet access. Also it’s quite unlikely you can configure rDNS correctly for your server. And lastly, chances are other email servers don’t accept email from a residential IP address anyway, even if you’re doing everything by the book.
Whether your ISP cares or not, that completely depends. They probably wouldn’t guarantee a good uptime for a residential internet connection, though. But you might not care, especially for email which is quite robust anyway. The overall chance of ever having an incident where incoming emails are lost is probably a bit higher on a residential connection vs. a professional data center, though.
Security-wise, that’s completely up to you. There are people running crazy elaborate homelabs. You certainly have more room for screwing something up, but it’s not inherently more insecure I guess. Physical security might be worse than a data center, though, because your house assumably has worse access control, is not as fire-proof etc. but off-site backups are a good idea anyway regardless of where you’re hosting.
So to sum up my opinion (again), I would only consider hosting at home:
- with an external IP of the server not from my ISP but instead some other upstream (for example you could rent a cheap VPS to act as a router and then tunnel from your home to there)
- if I had even more time and motivation, and hosting an email server at Linode already consumes a lot of both as far as I’m concerned.
I must admit I have never really looked at stuff like https://mailcow.email or other similar projects, though. Diving into every config file / every little knob that can be turned on my own probably takes me more time than if I’d use some pre-configured solution. But then again, I’d probably also be fine with letting mailbox.org or someone else do all the work for me anyway. Ultimately this of course depends on your motivation. If all you really want is just host an email server for yourself, then the only solution to that issue is doing it despite whatever pro/contry arguments there are.