bobbricoleur1d ago
As someone in infosec, how do you handle your personal email?

I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise

Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?

#infosec #email #privacy #selfhosted #encryption
Show threadmrfoostang1d ago
@[email protected] @[email protected] I ran a #WildDuck server for a while. I had to use an smtp relay to send because non-ISP source servers tend to score higher on spam filters even with DKIM, SPF and DMARC in place, so it became a game of diminishing returns.

When I got tired of that I just went to Proton like a normie.
Show threadbobbricoleur

@mrfoostang @relay
Ha, the deliverability game is real. I got almost lucky with a clean datacenter IP — no relay needed so far, but I know it can change overnight if the IP range gets flagged.

That's the thing with self-hosting email — technically it works great, but you're always one spam report away from trouble.

Proton is solid though. My only gripe is the lock-in — try exporting 10 years of emails from it.

Did WildDuck give you any specific headaches beyond deliverability?

Apr 4 at 5:20pmWeb
Show threadmrfoostang1d ago
@[email protected] @[email protected] @mrfoostang Agree about the IP reputation issue. These days it goes even farther than that, such as checking the ASN the IP comes from and if it’s not a residential IP it gets scored higher as spam (generally). The mailing list services are constantly fighting that battle because they have no choice but to use non-ISP senders.

For wild duck, it was pretty easy to get running. The docs are good. The challenge was finding a client that can handle encrypted email. I ended up using Canary Mail which is ios, I am not sure if there’s a Android version.

Canary Mail in the App Store says “AI email” now, so I’m not sure what horrible sins have been committed on it during the intervening time since I used it.

Basically, I had a proton mail setup at that point. Encrypted at rest with the key on my device rather than the server.

If it wasn’t for the deliverability issue I’d probably still be running it.

Godspeed!
Show threadmrfoostang1d ago
Also, I used- at different times - both ForwardMX and ForwardEmail as my smtp relay.