Suggestions for a more privacy conscious email provider

Eric Kuhnke eric.kuhnke at
Tue Dec 5 16:49:25 CST 2017

In my experience with creating new mail servers that use IP addresses
belonging to dedicated hosting/colocation/VPS companies.

This is *after* all of the obvious setup things like having a real static
IP, A records, PTR records, SPF and DKIM set up proprely, are taken care of
so that a public facing smtpd can exchange mail with the world.

a) The closer the company is to the lower price end of the market, the more
likely the IP space is to be in a bunch of RBL or have "poor" reputation
from major mail destinations like gmail and office365. People buy $5/mo VPS
for testing stuff and accidentally run open relays, get a whole /24 black
listed, and so forth.

b) IP space that has been previously used by higher-end dedicated server
customers (people who are paying $400/mo for a beefy machine vs. a $35/mo
Intel Atom) is proportionally less likely to be in RBLs, is more likely to
have abuse contacts at the ISP who will work with RBL operators to get it
removed if necessary, and so forth.

c) The "best" IP space to run a mail server from is a block that has never
had any sort of dedicated server/colo/VPS customers in it whatsoever, and
has not had a bunch of random people running smtp daemons in it at some
point in the previous 10-15 yers.

On Mon, Dec 4, 2017 at 3:00 PM, Grant Taylor via NANOG <nanog at>

> On 12/04/2017 03:47 PM, Brad Knowles wrote:
>> The concept is sound, but attempting to use your $5 VPS as your outbound
>> mail relay is only going to end in pain and tears -- your VPS cannot have
>> or build a good enough reputation to get reliable delivery to the big mail
>> providers.  You need to use an outbound mail relay that already has a good
>> reputation, and that works hard to continue to maintain that reputation.
> My experience shows otherwise.
> I've been using a VPS as my primary mail server for > 2 years and have
> only been black listed once.  Even that was a 12 hour automated listing
> because I sent one message to an address I had not used in 7 years, which
> had since been converted into a spam trap.
> I've also known others that use VPSs for this exact thing with
> considerable success.
> As for handling your inbound mail, use something like imapsync and then
>> effectively treat your IMAP provider as a POP3 provider instead, and
>> download/delete the messages from their system as soon as they have been
>> copied to your local system.
> Why?  Having a different provider handle inbound will require them
> supporting your domain(s).  Why not handle inbound email directly?
> The bad guys could tap into the stream of mail that flows through that
>> system, but they wouldn't be able to get into your archive of old mail
>> without breaking into the box sitting in your house.
> S/MIME / PGP  }:-)
> --
> Grant. . . .
> unix || die

More information about the NANOG mailing list