Email Servers Are A Pain In My Ass

Pretty much everyone on the internet has an email address. It's needed to sign up for almost every social media platform or website. Heck, some of you get posts like this one in your inbox. And I'm willing to bet that most of you are using a Gmail account to get those emails. Some of you might still use Yahoo, or maybe some of you have a more custom option. Whatever you're using, you likely signed up to a website and got an inbox within minutes. What about a custom domain? You'll probably have some service from your domain provider or webhost that's available to you. Sometimes it's free, sometimes it's an addon.

These make life so much easier.

For reference, I host my own mailserver for this domain. But I also have a subdomain using Mailgun to send out newsletters to members on my site. Setting up Mailgun was super easy, but it's not for daily email stuff. Its sole purpose is for mass delivery of messages to various inboxes. My personal email and my work email, however, use that self-hosted mailserver.

The hard part wasn't getting everything connected. I use what's called Docker Mailserver. It's a quick way to install all that you need to get a quick mailserver up. That part was easy. The hard part was from doing all of these required things to make sure that anything you send doesn't get put into spam or outright rejected. And what makes it hard is getting it right.

Once you have an actual mail server set up (I won't even go over that here), you have some problems. First off, you don't have any SSL or TLS encryption. This makes it easy for people to tamper with your messages. This part is pretty straight-forward, but can be a bit of an issue if you've never dealt with this kind of thing before. Luckily, this isn't my first tango with SSL so that was a breeze for me.

After that, we have some new issues here. We can now make sure our emails are tamper-free, but Gmail is not even accepting our messages. It's just directly throwing them in the trash. Turns out what we need are a lot of DNS records. Three of them to make sure that we can be trusted. Let's start with SPF.

Without an SPF record, Gmail won't even put your emails in spam. It will outright block them from reception. An SPF record tells other servers what kind of emails to accept from your domain. For instance, you could restrict any authentic outgoing mail to a single IP address. Or you can make sure that the outgoing mail matches an MX record. This isn't necessarily hard to set up, but it takes a bit to understand how to get it right for your own needs.

Now Gmail can accept our emails, but they get put in spam no matter what. What now? We need a DKIM record. This is another type of encryption that ensures everything is legit and untampered. Again. Can we use the same record we have? Apparently so, but we need to generate a DKIM key somehow and unless you're lucky and have something that does it for you, good luck finding a way to do that. And if you're key size is too big, some DNS or mail providers won't even accept it. That means you have to make a weaker key to get a working key, and that's always a stupid compromise.

Alright, we have our DKIM record, but Gmail is still spitting us into that fucking spam box. What else can we possibly do? Like, even if we set a DMARC, all that will do is tell people what to do with unauthorized methods of sending mail from our domain.

Reverse DNS.

Now, what the hell does that even mean? Let me go over what DNS does.

When you get a web domain, that domain is pretty much useless until it can be tied to an IP address. This is where DNS comes in. A browser requests an address, like sudospective.net, and this request goes to a DNS server, which provides the records that point to an IP address, like 176.9.62.179. Now that we can find an IP address, we can ask that host for content, like a webpage.

Reverse DNS is just the exact opposite. Browsers find webpages from domains by getting an IP address from what's called an A record, or in the case of IPv6, a AAAA record. But there's also something called a PTR record. This sets a record that points an IP address to a domain name. You can have as many A records to a domain as you want, but you can only have one PTR record for a domain. And getting this PTR record is easy depending on who you ask for it. If you have a VPS, absolutely no issues. That's what they're made for. If you have something like Google Fiber, it might take a good convincing to get that PTR record from them. If you use Comcast, forget it. It'll never happen. But this reverse DNS thing, this PTR record, is apparently so important for keeping Gmail from tossing your emails in the spam bin. Why?

I have no goddamn clue.

Is it just to persuade people from hosting their own mail? Is it to promote their own services instead? Is it to fuck with developers that really have no choice because they haven't had a source of income for 6 months and can't even afford the six dollars a month it takes to get one email from G Suite?

...

Anyway, all this mailserver garbage is just so much in order to get, like, three different inboxes for three different purposes and not have to pay an extra dime to do it. Don't get me wrong, I'm definitely glad these measures are in place. It keeps the spam and phishing out. Otherwise everyone would be spinning quick mail servers to bombard inboxes with malicious crap (mass sending over SMTP is the easiest way to go into a spam box, that's why I also have Mailgun!). But that's also why I'm gonna complain about it. It's so convoluted that I wouldn't be surprised if it got a few people frustrated to the point that they just went, "Fuck it, I'm just sticking with my Gmail account!"

But I digress. All in all, if you have the money, just go with a third-party email service to handle your domain mail. Unless you're virtually penniless, want some street cred, or are extremely bored, it's not worth trying to host your own email.