Selfhosted

45448 readers

255 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

On email privacy: can I store my own email and relay them through an email provider? (lemmy.dbzer0.com)

submitted 1 day ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service "which will definitely not train AI on your email". Sure Mozilla, whatever you say.

Rant aside, here's my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn't actually hold your emails. This means your emails remain completely in your control, but you don't have to worry about not being able to send emails to other people as long as your storage backend is alive.

I don't know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don't like that. I want my email to live on my servers alone.

Do you think this is possible? Does any company already do this?

Thanks

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 12 points 1 day ago (1 children)

Communication between the email servers is normally encrypted with TLS. The email files themselves are rarely encrypted. Most providers that do encryption of email are using local server managed encryption, so the email providers would still be able to access it.

For proper end to end protection you would want to setup PGP between you and your recipients, and encrypt the email before its sent.

[–] [email protected] 0 points 1 day ago (3 children)

But like in 2025 there is still no mechanism to do true end to end without manually setting up pgp? Meaning when i browse using https i do not need to think or anything. It happens automagically. But with emails, where do i even start with pgp when i use gmail via email client like thunderbird

[–] [email protected] 4 points 15 hours ago

Https give you encryption in transit. The files you view will be accesible to the host.

Same idea with email.

[–] [email protected] 5 points 1 day ago

No.

Use S/MIME or PGP and directly encrypt emails to your recipient. This is the only E2E encryption available to email.

The best metaphor for email I've found is that you're writing your message on a postcard and handing it to your neighbor closest to the destination, who hands it to her neighbor, and so on, until it gets there. There are usually fewer hops, but also your email is broken into packets which could go through god knows how many routers, each of which can read your email.

E2E requires setting up a private key; RFC 821 provided no such mechanism. Your only option is out-of-band negotiation, like PGP.

There is a good proposal out there that sets mail headed announcing that you accept encrypted emails, and includes information about your ID, which clients could parse and verify against public key servers; it hadn't really gained a lot of traction, as it causes issues for data harvesters but also at the end user side. Like, how is notmuch and mairix supposed to handle these? They'd need permanent access to your private key to decrypt and index the emails, and then now your index is unencrypted.

There's been a fair amount of debate about this, and it's a lot of work that would need coordinating between teams of volunteers... it hasn't made much progress because of the complexity, but it's a nice solution.

[–] [email protected] 7 points 1 day ago (1 children)

Yeah, in 2025 doing encrypted email is a painful process. Every option is a hack on top of a 43 year old protocol.

Here is a howto from Mozilla on pgp with Thunderbird. It isn’t a pleasant process.

https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq

[–] [email protected] 1 points 13 hours ago

Luckely we're not relying on emails for security relevant and or private information, right?