Hi,
The last google product that is use is gmail, and while searching for a solid alternative, many threads mentionned self hosting, which has been on my mind for a little while but here is what’s stopping me so far: 1/ it sounds like a single point vulnerability 2/ I lack the skills.
As for #2, I’ve been down the privacy rabbithole for a couple years now, I know there are a lot of resources out there and I’m not afraid to learn, I just don’t know where to start.
But I don’t see the point in learning if in the end, I just build a server that could die in a domestic accident, resulting in me loosing a lot of important data.
Any help or advice is greatly appreciated,


You’re right, and there’s two reasons I don’t host email or password vault.
I don’t host email because it’s out of scope and a ton of work for no real gain. Email is incredibly insecure by design. You can’t make it secure. Internalize that. Once you need to talk to someone else’s email server (to, you know, exchange mail) you throw all your security work on your server out the fucking window.
There used to be a bsd that advertised no exploits in the default install since <some year in the 90s>. They changed that recently I think, but it was a funny joke to everyone in the know because the default install had no services enabled. It’s pretty goddamned easy to have a secure default install when you don’t turn anything on!
The point of that digression is to show that for the security component of privacy, the best way to rest easy is to just not do certain things. You can’t cultivate a secure child left alone at home. The state of being is insecure.
Well, what if you’re willing to accept insecurity to be away from the prying eyes of Google! Okay, from a technical perspective setting up and configuring an email server in a way that will not immediately get flagged as spam and trigger blacklisting is a much higher bar than just downloading some docker image and pushing the go button. The stakes are higher too because failure to recognize and investigate failures results in mail simply being silently undelivered by other mailers.
So it’s more complex, heavily scrutinized and when you screw it up you silently lose the function of the server from a side you have no control over.
What should you do for email, then? Just use some other service. Let them handle dmarc etc. how will you know they aren’t scanning your emails? You won’t. You can’t. You can’t even know that the other party has a secure and private setup. When that starts to bug you, look into pgp.
I don’t host a password manager because of the same reason you brought up, it’s a single point of failure, what happens in a disaster?
Well just recently I was in a disaster. There wasn’t any power to run my home server, my offsite was unpowered and swept out the door into a ditch by flooding and there wasn’t any internet to reach my cloud backups.
Because I use a service for password management I was able to securely use all kinds of communication from public access and disaster response computers and store the credentials and secrets given to me in the process of beginning recovery (and oh boy were there a lot of em).
From my perspective a trustworthy service is miles better than hosting for credential management.
That is good advice, and I do trust reliable services over my poor skills. I understand self hosting emails is out of reach, but I think I’ll still give self hosting a try for smaller things.