Best Practices Should I Build My Own Mail Server? By Ken Simpson | 3 minute read With Edward Snowden’s revelations about government snooping into our private email, some technically-minded folks have considered setting up their own mail server in the hopes of staying clear of prying eyes. Is building your own mail server a good idea? Probably not. And here’s why. Setting up a secure email server takes a great deal of expertise and effort. You need to master a variety of protocols, from DKIM and SPF, to TLS. You also need to build a capable spam filtering system to protect yourself from email-borne offers and malware, and you need to contend with the nightmare of outbound delivery and IP blacklisting. When you’ve done all this, you also need to make sure the server is constantly kept up to date with the latest security patches, lest a global network of well funded state-level hackers gain access to your box to snoop – which is precisely what you’re trying to avoid. Your desktop environment And even if you do succeed in building a secure mail server to hold your precious email, what about your desktop environment? State-level hackers spend even more time trying to exploit your desktop than your server, and if you’re using a mainstream operating system and browser, you are most definitely at risk of having that environment compromised if the attacker is sufficiently motivated (and if you’re considering building your own mail server, chances are your email may be of interest to a government hacker). Our thoughts? No, the better way to secure your privacy is most definitely not to build your own server. The best way to secure your email is to secure your desktop environment and to use a reliable, well secured platform like Google Apps (Gmail), Microsoft Office365, or any other of the hundreds of well built and managed hosted email services. The desktop environment is where the risk is, and fortunately this risk is easily mitigated if you’re willing to spend just a little effort setting up a USB key with a live Linux distribution. Tails, the “The Amnesic Incognito Live System,” is a Linux distribution designed for installation on a bootable USB key, which ships pre-loaded with a bunch of great privacy tools including Tor Browser and GnuPG. When you boot into Tails, your regular operating system isn’t even part of the picture, and Tails won’t remember anything you look at on the Internet unless you specifically ask it to. To gain real email privacy, set up a USB key with Tails on it and boot in to Tails whenever you need to use email. Then create a PGP key for use with GnuPG, and use GnuPG to encrypt all the email you send using a regular Gmail, Office365, or other hosted email account. This arrangement has been used by Edward Snowden and the journalists receiving his leaks, so it doesn’t stretch the imagination to assume it might work for you too. With Tails securing your desktop, and a service provider securing the server infrastructure, you’ll have a reliable way to privately communicate with your contacts, free of snooping by even very motivated adversaries like the NSA. And as an added bonus, you’ll probably enjoy pretty good spam filtering at the same time, and freedom from IP blacklisting issues.