When to self-host email/is it as secure as other email?

Good morning –

After facing yet another email address change due to yet more issues at the most recent email service, I’m considering just going with self-hosted email to avoid repeatedly letting all my family and friends and needed contacts know about yet another address change. However, hosting email myself is well over my head technologically, so I’d have to use a service geared for that, and that seems like it can get into cost-prohibitive territory. I’ve seen email hosting services that charge $300USD a year, and that’s a lot for someone in my financial position, for simply hosting email.

I do already have an email account hosted by my website’s webhost. But I’m not sure how robust it is (or how sizable the storage, etc.), as it’s always just been a perk of having the website hosted anyway. I could port that to a self-hosted service, but read on to see why that may not be best.

With each new email service used, I’m having increasing issues with my email going into recipients’ spam folders, and if I just go with my current webhosted email address, reay [at] reayjespersen.com, I’m concerned the chances of getting relegated to spam will only increase due to what’s an admittedly weird combination of letters that may trigger spam filters.

And of course “reayjespersen” doesn’t suit the evergreen advice for an easily remembered or spelled URL anyway. I’ve had a lifetime of (understandable) misspellings of both of those names, so if I’m using that as a primary email account, there’s simply as a fact going to be more misspellings by more people having to make more corrections for emails they’re trying to send to me. And that doesn’t even get into me trying to spell all that out over the phone to people. Rife with potential mishearings. Ask me how I know.

Muddying the waters even further, when I pitched all this on Mastodon, someone chimed in saying he’d long hosted his own email but that he had another email address anyway for things like banking. He admitted he wasn’t totally sure how secure his self-hosting service was compared to a standalone email service, so he figured it’s better to be safe than sorry if/when his hosting service is hit by a bad actor. Which makes me wonder, if safest practice is to use a secondary address anyway for more sensitive matters, why am I bothering to self-host at all, rather than just making my primary address the (potentially) more secure option and using that as the default address for anything and everything?

Is there any insight on any issues mentioned above? The TL;DR summary:

• Is there anything a real person can do about avoiding email going into spam folders?
• Are more easily remembered/recognized real words less likely to go into spam folders (compared to reay.jespersen [at] protonmail.com , or reay [at] tuta.com or reay [at] posteo.com, all of which have sporadically gone into recipients’ spam folders)?
• Are third-party “self-hosted” services as secure as more common email services? Do you kinda get what you pay for, or is there a usual range for hosting costs that are all equally secure?
• Would/do you use your (third party) self-hosted email address for sensitive matters like banking, or do you have a more solid-seeming hosting option for that?
• Objectively and/or practically, would it behoove me for any/all of the above to look at getting a more easily remembered/typed URL and port my current home site over to that, then use that email address as my primary address indefinitely, to avoid repeatedly letting my entire contact list know about yet another email address change as yet another email service has disappointed me in some fundamental way? Or is that needlessly fussy for something with a more elegant option I haven’t considered yet?

Anything you can suggest or opine on would be much appreciated.

If you change email providers often, then yes, I would recommend getting a custom domain to use for addresses, and/or perhaps an aliasing service as well, so that if you change between Proton/Tuta/self-hosted then you don’t need to update any addresses for your accounts or contacts, and only need to update the DNS or alias mailbox.

I agree with PaleCrow, just use a custom domain and shift to a provider you like. Email self-hosting is hard since you become responsible for security, backup, uptime, etc. I would not use a third party self hosting since email is the root of identity a lot of times, and google and other large email providers have broader liability than some random individual I pay to self host.

I would advise getting an easy to remember domain and keeping you emails in something like email@ reayjp. com (reayjp. com is available, I checked ). I recommend Cloudflare Registrar | Domain Registration & Renewal | Cloudflare or https://porkbun.com for buying a domain. It is a very easy process to migrate email providers once you have a domain.

Thanks for the quick and helpful reply.

To clarify, a custom domain is just a URL of my choosing, yes? So your suggesting getting a custom domain is confirming I should perhaps get something easier to remember and type as a domain, then use that as a primary account, if… aliased through a common email service of my choosing?

The aliasing is pretty new to me. I did it a bit through SimpleLogin when I was with Protonmail, but that was all done through Proton, not channelling a different site through Proton. Are you saying it would be possible to create a domain somewhere, then use something like Posteo to basially pipe the email of that URL through?

Posteo does offer aliasing, but like Proton, it seems to be variations of Posteo domains. I’m wondering if I’m missing a key part of this process.

Thanks very much.

So yeah, this seems to be saying that I can choose a domain and then choose to, for instance, push emails to that domain (i.e. emails sent to me) through a third party email service like Posteo. Am I right on that score? And aliasing comes into play here somehow?

And with now looking at creating a new domain to call home, another question not related to the email issue: Is there some method to speed up swapping internal links within a website so that all the links existing in my previous blog posts are swapped to now refer to those posts at the new site? Or will doing this and porting over my existing blog posts simply break all links, and that’s kind of the downside of all this?

E.g. Let’s say on my existing site, Post 3 makes a reference to Post 1. That’s link is currently going to link to be, like, reayjespersen.com/post1. If I switch to a new domain entirely and just port that content over, it’s now going to link to the old site instead of the new one, whereas it should properly now refer to reayjp.com/post1

Is there a method, or maybe even service, that would re-… not sure what the term is… “re-map”(?) all of those links to make them internally corrected to the link to pages within the new URL? Or do I just take that “every previously used internal link is now broken” hit as the cost of changing domains, dust myself off, and carry on?

Yes. Posteo (or whichever service you use) should have some reference on what to do, but to sum it up, you basically have two steps (using Posteo as an example): 1) set the MX record with your registrar, which tells any server sending an email to send it to Posteo’s mail server. 2) Tell Posteo that you’re the one with the domain, and that any emails they receive for your domain go to your account.

You could use your domain with an aliasing service instead of a standard email provider. The setup would be mostly the same, you just also have one non-alias email address that the aliases forward to.

Depends on what you used to make the posts with the links in the first place.

A big issue with custom domain is privacy. The email is tied to your real identity.

It may also more likely be a flagged for spamming.

I will try to answer one by one.

Yes, that is exactly right. You will own a domain abc./com and you will subscribe to an email provider like XYZ, and then XYZ will route emails to your domain abc./com. If you wish to change the provider, you can move from XYZ to DEF without changing abc./com domain email.

Yes, I use it on my blog. If you use a CMS (like wordpress using this) it is trivial to do. Otherwise chatgpt or claude can write a simple migration script very easily.

But if you already have the reayjespersen./com site, why not use that itself for email? Is it for easy to type url? There is another way if you are able to retain both domains (original and easy to type) by just redirecting the easy to type one to the original and not changing anything else.

You just need a CMS, that’s it. Trust me, it is so much easier to work with links, content, etc. if you have a CMS. But to be clear, you can simply buy a shorter domain and redirect it to the original blog without changing anything else. So I am not entirely sure why you would want to shift to a new domain.

Your new setup can be : emails to newdomain./com and anyone who visits newdomain./com website will be redirected to olddomain./com website. It will add costs of two domains, but no pain of migration will be felt.

Since you seemed unfamiliar with how custom domains and email can be setup, I have taken the liberty of linking the guide to setup custom domain email with porkbun: How to Create a Custom Email Domain Using Porkbun.com on Mastermind.com - Mastermind Knowledge Base

The process is similar for other domain providers and email providers.

P.S.: I am unaffiliated with porkbun or cloudflare, I just think they provide very set and forget services that are easy to use.

This is true, but if they are already using an email like firstname.lastname@gmail./com , then I do not think there is any privacy issue with using email@FirstNameLastName./com

Just saying, u shouldn’t buy ur domain from cloudflare. If u do, it will be stuck to cloudflare’s authorative dns nameservers and be unable to be changed. If u buy the domain from other places like namecheap, u are of course free to change its nameservers to cloudflare’s, but u can always change back to smth else if u change ur mind. Buying the domain from cloudflare locks u to their nameservers.

Thanks for adding this! Forgot about this since I just use cloudflare a lot. This is also something to consider @Reay .

Registering a domain does not in general require submitting an ID, at least for common top-level domains such as com, net, org. Nothing prevents you from providing a fake name and address, and most registrars offer to hide the WHOIS information, sometimes for an extra fee. Now there is the issue of how you pay for the domain name, and where the DNS records point to. If you are self-hosting (and by that I mean on your own hardware from home or some other location), your IP will be exposed. Only you can judge if that is better or worse than Google, Apple, or Microsoft reading your emails.

According to Internet folklore, self hosting email is hard or impossible, but this is mostly FUD. You do need a fixed IP (ideally non-residential) with unfiltered ports, a suitably aged domain, and compliance with DKIM if you expect to send email to the big providers however.

But if you already have the reayjespersen./com site, why not use that itself for email? Is it for easy to type url? There is another way if you are able to retain both domains (original and easy to type) by just redirecting the easy to type one to the original and not changing anything else.

This had been suggested to me, but I wasn’t totally getting it. But I think I got it now: So I retain my (named, more complicated spelling) website, but get another one that’s easier to type/remember.
Then have that site redirect visitors to my existing, named website.
But, meanwhile, have an email address at the (newer, easier to spell) website, which I can then direct to be handled by – in this case – Posteo?
So in effect I’d basically own the secondary URL entirely to redirect visitors to my current URL, and to be an email base of operations (but effectively a relay bouncing it to a chosen email service)?
Is that right?

If so, that’s definitely an interesting combination of solutions.

I also agree on setting up a custom domain for your email. I did it myself a while back and I can’t believe I didn’t do this like 10 years ago.

Cheap domains on Namecheap.com are nominal. A .com domain right now is only $6, and make the hosting cost the only real consideration. Setting up the domain with hosting takes minutes, but you want a legit vendor doing this so you get SPF, DKIM, and DMARC scripts that legitimize your emails. That’s what you’re paying for, plus someone else dealing with spam, which self-hosting won’t do for you.

$300 a year for email hosting seems crazy high. Mailbox.org’s more modest options for 1 user are $4 a month with docs. Proton requires an Unlimited plan for custom domains, which is $10 a month - but you get a VPN and docs included, so if you’re paying for a VPN (and aren’t a heavy torrent user, IIRC, Proton doesn’t love that), that’s a cost you can consolidate. Tuta will let you add a custom domain to a free account for EUR 1 a month. So you can get this all set up for under $50 a year. Maybe even under $30 a year. You can’t get a burger and a beer for under $30.

In the grand scheme of things, paying for email hosting means you are not the product. It’s worth it and makes life measurably better.