The case for running your own email server (or not)

Email is the one piece of digital infrastructure that almost every organization has outsourced without much thought. The reasons are totally understandable. Email is a completely undifferentiated workload, very few people leave the office in the afternoon and think about how fast and reliable their email was today.

Gmail and Outlook dominate the market to an extraordinary degree. Even organisations that have thought carefully about their data sovereignty often draw the line at email, thinking there is just too much work and too much risk.

This notority is partially deserved. Running your own mail server is hard, harder than any other self-hosted service. But the case for it is also more substantial than the consensus suggests, and for some organisations it's the right choice.

Here's an honest attempt to lay out the trade-offs.

What you actually control when you self-host email

When you run your own mail server, you control:

• Who can read your email. No provider has access to your messages unless you grant it. This is not a theoretical concern: major email providers have historically scanned email content for advertising purposes, and are subject to legal process that can compel disclosure.
• Your data retention. You decide how long email is kept and what happens to it.
• Your spam filtering. You choose the tools and the thresholds, rather than having decisions made by a black box.
• Your infrastructure. Your email survives any provider's pricing changes, terms-of-service updates, or account suspension
  decisions.

You also control all the things that can go wrong — which is the other side of the equation.

The real challenges

Deliverability is hard. This is the big one. Getting other mail servers to accept your email and not send it straight to spam requires careful configuration: SPF, DKIM, DMARC, proper reverse DNS, and an IP address with a good reputation. A freshly configured mail server sending from a new IP will struggle to deliver reliably to Gmail and Outlook inboxes. This is solvable, but it takes time and attention.

Security is a serious ongoing commitment. Your mail server will be attacked, constantly. Port 25 is one of the most probed ports on the internet. Keeping the server updated, properly configured, and monitored is work that doesn't stop.

Spam filtering requires maintenance. Commercial email providers have enormous datasets for training spam filters. You won't have those. SpamAssassin and rspamd are capable tools, but they need tuning, and you'll spend more time managing false positives and negatives than you would with a commercial provider.

Backup and redundancy. Email is infrastructure people depend on. If your server goes down, email may bounce or queue. You need a backup MX, reliable hosting, and a tested recovery plan.

The bus factor. If one person is responsible for the mail server and they're unavailable, everyone's email stops working. This is a genuine organisational risk.

When it makes sense

Self-hosted email makes most sense when:

The data you're sending and receiving is genuinely sensitive. If your email contains legal correspondence, medical information or financial records you might want to self host. This kind of information is critical, making the argument for keeping it away from third-party providers.

You have technical capacity. Running a mail server well requires Linux administration skills, networking knowledge, and the willingness to stay current with security patches and best practices. If you have those skills in-house, the overhead is manageable.

You can tolerate some deliverability friction initially. New mail servers take time to build a reputation. If you can plan a migration carefully, running both systems in parallel and gradually shifting volume, the deliverability challenges are manageable.

You're already running other infrastructure. If you have a VPS or server for other purposes, adding a mail server is less of a leap than setting one up from scratch.

When it doesn't

Self-hosting email is probably not the right choice if:

• You don't have in-house technical capacity and can't afford to contract it out regularly
• Email downtime would be severely disruptive to your operations
• You're sending significant volumes of transactional email, in which case the use of a dedicated transactional email server is needed anyway.
• You're a very small organisation where the ongoing overhead isn't proportionate to the benefit

For these situations, a European hosted email provider such as Migadu, Posteo or ProtonMail for Business is a much better choice than Google or Microsoft. See our overview of self-hosted Google Workspace alternatives for a fuller comparison. You lose some control compared to self-hosting, but you keep your data within a jurisdiction with strong privacy protections, under a provider whose business model doesn't depend on monetising your content.

The software landscape

If you do decide to self-host, the main options are:

Postfix+ Dovecot is the traditional combination. This stack is battle-tested, well-documented, and found on a huge proportion of self-hosted mail servers. The configuration is complex but the documentation is extensive.

Stalwart Mail Server is a newer option written in Rust, with JMAP support and a modern architecture. Promising for new deployments.

Mail-in-a-Box and iRedMail are pre-packaged stacks that handle the configuration complexity for you. Good for getting started but less flexible for specific requirements.

The honest conclusion

Self-hosted email is the highest expression of digital sovereignty, and also the highest-effort option. For organisations with the technical capacity and genuine need for communications confidentiality, it's worth it. For most small organisations, a European-hosted email provider is a better balance of sovereignty and manageability.

Whatever you choose, the move away from Gmail and Outlook is worth making. The question is just how far along the self-reliance spectrum it makes sense to go.

If you're working through this decision, we're happy to talk it through without any commitment.