Hi all, I’m the author of mox and stumbled on this page (and site, good cause). If there are specific questions, I can probably help answer. I’m not here to promote mox or get it on a recommendation list, just to provide some context, help out with questions and discuss.
I consider myself relatively privacy-aware, and I wrote mox because I wanted to keep running my own mail server to stay in control of my data. Existing solutions (including mailcow) are made up of many software components configured to work together (complex/fragile) most of which are aging (e.g. written in C, where small mistakes have big consequences; though indeed the code bases are often of high quality). Mox is a single consistent code base in a modern language (Go) that provides an integrated modern email stack. It is aimed at folks wanting to run their own small-scale mail server.
There’s a good chance mox doesn’t pass all requirements privacyguides has for email services. E.g. mox doesn’t yet itself encrypt data at rest. You could configure a VPS to do that at the disk-level. I intend to add builtin encryption at rest in the future, making it easy to use. Another is 2FA. It would be relatively easy to implement in the web interfaces, but not with SMTP (submission) and IMAP. Most clients can at most do cram-md5 for authentication mechanism (old). I don’t know any clients doing the safer scram-sha-256-plus properly (with mutual verification and TLS channel binding, mox implements it). Interested in hearing what the thoughts are on these topics.