Hacker News new | ask | show | jobs
by spl757 618 days ago
I run my own IT. I host my own email, authoritative DNS, web, etc. I use wireguard for a lot of stuff. I put stuff behind cloudflare. I'm sneaky when I need to be, but mostly I'm just a control freak. I also know way more than the average person about email and email authentication. Or lack thereof.

Every entity gets it's own email address. As others have pointed out, it lets me track who ends up with it. Sometimes I find it surprising, mostly I don't. Sometimes, though, people are up to some shit.

edit to say that those actually creating mailboxes for everything should just use aliases that funnel to a single mailbox. So much easier to maintain than having to have a huge keepass db.

edit 2 employ dmarc if you want to see who is trying really game
1 comments
alexander2002 614 days ago
Hi, Can you guide on how to do a similar setup.I would love if you could possbily share any relveant resources.
link
spl757 612 days ago
postfix as MTA. dovecot for IMAP. opendkim, postfix-policyd-spf-python, and opendkim for authentication a database to store mailbox and alias info. something like mariadb, postgresql, or just sqlite would do.

I wrote my own code to tie it all together, but there are tutorials that show how to do pretty much the same thing if you do some searching.

I have my email stack running on linux in a cheap VPS.

The main problem most people run into is having poor ip and/or domain reputation with the large mailbox providers. (gmail, yahoo, etc.) It takes time and not sending email that looks spammy to build enough reputation to get delivery to the inbox and avoid being sent to the spam folder. You can get an idea of domain/ip rep by signing up for google postmaster tools and entering your domain and ip or block of IPs from which you are sending. If you are lucky when you sign up for a cheap VPS you will get an IP address that does not have a bed ruputation or at least no reputation.

My setup is only for my personal, non-commercial stuff.

You could also use a setup like this with integrated with something like AWS SES in order to mitigate bad IP reputation.

edited to fix a typo

link
alexander2002 610 days ago
Thanks for your detailed reply.This seems daunting but I will look into it.
link