Yeah, that’s kind of what I thought, and if dynamic DNS is a problem then that already rules out self-hosting for me.
Comment on E-Mail with own domain
berber@feddit.org 1 week ago
you are correct in being wary of self-hosting email, i cannot recommend it. you definitely want a static IP (as oppoased to updating DNS entries all the time), a solid spam setup, and multiple failsafes, mesning not just data backup, but also mechanisms for preventing downtime like secondary machines. it really is only worth it if multiple people make use of it and you have multiple dedicated admins, in my opinion.
as others have pointed out, use something like mailbox.org with your own domain, or other providers, or even a webhosting package from netcup or hetzner or similar. these are all solid and you have professional support.
side note: downside is, your data there is more snoopable, less so with something like proton. but that shouldn’t be your biggest worry, since emails always exist not just on your server, but also on the other side of the communication, and you have no guatantees for privacy there. e2ee (like pgp) is what you would need in that case.
Gobbel2000@programming.dev 1 week ago
the_crotch@sh.itjust.works 1 week ago
you would definitely want a static IP (as opposed to updating DNS entries all the time)
Also any IP from a dynamic range is going to make spam filters lose their shit
activistPnk@slrpnk.net 1 week ago
True, but sending from a static IP that is linked to you yields less privacy. I’ve decided: fuck these email recipients who demand I compromise privacy in order to give them the convenience of relying on IP reputation. Sure, google and MS servers refuse email from me, but I prefer that anyway.
the_crotch@sh.itjust.works 1 week ago
I get where you’re coming from but nowadays a dynamic public IP is ‘dynamic’ in that it can change but rarely if ever will unless you switch ISPs or equipment.
activistPnk@slrpnk.net 1 week ago
Indeed, which is more reason to not blindly block dynamic IPs.
activistPnk@slrpnk.net 1 week ago
Can you elaborate? AFAIK, Protonmail only gives e2ee in 2 rare situations:
In all other scenarios (no e2ee), PM traffic and data-at-rest is just as exposed as conventional non-PM.
berber@feddit.org 6 days ago
actually, i was talking out of my ass a little. i am not sure itself how things work, i was under the impression that proton can’t access your clear text mails, once they are stored (of course, they can build backdoors that snoop when receiving mails, but we shall not assume this), similar to how mailbox.org allows you to have all incoming mails be immediately encrypted via your chosen pgp key, effectively having e2ee. i was under the impression proton did this automatically and stuff, i mean why else do you need to use their own apps for everything and to even use basic stuff like imap? but yeah i don’t know their setup exactly.
activistPnk@slrpnk.net 5 days ago
PM’s apps perform the encryption on your own device because it’s your device that runs the apps. That is e2ee, but still only in the two scenarios I mention and even then it’s also vulnerable to targeted attack. PM could ship malcious j/s if it wanted (the likely case being to comply with a court order). It’s better if your own non-j/s FOSS MUA handles the crypto, which is actually easier if you don’t use PM.
If mailbox.org works the way anonaddy works, then that’s not e2ee. The msg payload is seen by the server that does the encryption, in the very least. The sender’s ESP would have already seen the msg.
berber@feddit.org 5 days ago
so in both cases, proton and mailbox, you have “less” snoopability, in the sense that they wouldn’t be able to snoop your stored mail retroactively. i am (in some sense naively) assuming “good” conditions here, such as that they don’t keep copies somewhere.
of course without actual e2ee there is always a way for a provider to snoop any incoming email if they wanted to.