Home About Projects Blog Subscribe Login
Infrastructure Apr 15, 2026 7 min read

Why I Still Run My Own Email Server (And Why You Probably Shouldn't)

Gmail is free, reliable, and scales forever. Running your own mail server is expensive, fragile, and a magnet for spam. I still do it anyway. Here's the cost-benefit analysis that almost never makes sense—and the one scenario where it does.

Email Is the Most Important Legacy System We Still Pretend Is Simple

People love to romanticize self-hosting. I understand why. There is something deeply satisfying about owning a piece of infrastructure end to end, especially when the rest of the industry keeps outsourcing judgment to platforms. But email is where the romance usually collides with physics.

I still run my own email infrastructure in places where control matters enough to justify the pain. I say that as someone who has spent more than two decades inside security, networks, routing, and the ugly corners of internet operations. And even with that background, I would not recommend it to most companies, most founders, or most technically ambitious teams.

Email looks simple from the outside. You send a message, it arrives, maybe it gets filtered for spam, maybe it lands in Promotions and annoys everyone. Under the surface, it is one of the most adversarial, politically messy, reputation-driven systems on the internet. The hard part is not sending mail. The hard part is convincing the rest of the world to trust that your mail deserves to arrive.

That is why the build-versus-buy conversation around email is usually misunderstood. The real question is not, can you run a mail server? Of course you can. The real question is whether you want to become an operator of trust, reputation, deliverability, abuse handling, DNS hygiene, key rotation, bounce management, and permanent low-grade paranoia.

Most teams do not. Most teams should not.

The Myth: Email Is Just Another Workload

Engineering teams often evaluate email the same way they evaluate databases, CI pipelines, or internal tools. They think in terms of uptime, storage, redundancy, and cost per month. Those factors matter, but they are not the game. Email is not just infrastructure. It is diplomacy.

If you run Postgres badly, your application breaks for your users. If you run email badly, your messages silently disappear into the suspicion engine of every major provider on earth. That is a different category of failure. It is harder to detect, harder to explain, and far more corrosive because the system rarely gives you a clean error.

Your invoice emails might arrive for three months and then stop because your sending pattern changed. Your domain may be technically correct, but one misconfigured reverse DNS record or one compromised account can poison your reputation. You can have perfect uptime and still have an effectively broken mail operation.

This is why email punishes engineering arrogance. It is one of those domains where competence is table stakes and humility is a survival trait.

Why the Economics Usually Favor Outsourcing

From a pure business perspective, hosted email is one of the best bargains in modern infrastructure. For a trivial monthly cost, you get global deliverability engineering, abuse prevention, massive anti-spam pipelines, reputation management, mailbox UX, mobile clients, archival features, and teams whose only job is to keep mail accepted by everyone else.

That is an absurd amount of operational leverage.

When founders tell me they want to run their own email because they value independence, I ask a blunt question: independence from what, exactly? If the answer is cost, the math usually collapses fast. You are not replacing a subscription with a VM. You are replacing a specialized service with permanent operational overhead.

The visible costs are easy to list:

The invisible costs are worse:

In practice, hosted email wins because it compresses an ugly category of work into a predictable operating expense. That is almost always the rational decision.

Why I Still Do It Anyway

So why keep doing it at all?

Because there is one scenario where self-hosting email still makes strategic sense: when control is not a preference, but a requirement. Not aesthetic control. Not hobbyist control. Strategic control.

If email is tightly coupled to your security posture, your identity architecture, your compliance assumptions, or your philosophy of infrastructure sovereignty, then outsourcing can become a different kind of risk. You may decide that giving up convenience is worth gaining direct control over routing, logging, retention, filtering policy, data locality, and failure domains.

That does not mean you run everything yourself by default. It means you make a conscious trade: more burden, more ownership, more operational sharp edges, but fewer hidden dependencies and fewer black-box decisions from vendors who optimize for the median customer.

I am generally skeptical of complexity added for ideology alone. But I am equally skeptical of dependency added because everyone else normalized it. If communications are mission-critical, if legal exposure is real, if policy control matters, or if trust boundaries must be explicit and inspectable, then owning mail infrastructure can be a legitimate decision.

The key is honesty. You are not saving yourself from complexity. You are choosing which complexity you would rather own.

The Security Argument Is Real, But Easy to Overstate

Self-hosting advocates often frame the issue as privacy versus surveillance, or sovereignty versus platform capture. There is truth there, but the argument gets sloppy fast.

Running your own email server does not magically make you more secure. In many cases it does the opposite. Large providers have better anomaly detection, better phishing defenses, better account recovery workflows, and more mature abuse pipelines than most companies can build internally.

If your threat model is common opportunistic abuse, you are usually safer on a good hosted platform than on your own hastily maintained mail stack.

Where self-hosting can improve security is in policy precision. You can define stricter trust boundaries. You can integrate identity and network controls in a way that matches your environment. You can keep logs where you want them. You can minimize vendor exposure. You can inspect every moving part instead of inheriting a compliance PDF and hoping it maps to reality.

But that benefit only materializes if your team is actually capable of operating the system well. Security is not improved by ownership alone. Ownership without discipline is just unsecured ambition.

The Deliverability Tax Nobody Budgets For

If there is one reason I talk people out of self-hosted mail more than any other, it is deliverability. Everyone underestimates it. Everyone.

Modern email is governed by reputation systems that are partly technical, partly heuristic, and partly opaque by design. You do not get a simple scorecard. You get a constantly shifting trust relationship with large providers who are fighting abuse at internet scale.

That means tiny mistakes compound:

None of these are dramatic in isolation. Together, they create the kind of soft failure that destroys confidence. The CEO says, “Did they get my email?” The sales team says, “Why did the campaign underperform?” The finance team says, “Why are payment reminders bouncing?” Suddenly you are debugging trust rather than software.

That is the real tax. Not setup. Not maintenance. Trust operations.

The Only Good Reason to Run It Yourself

Here is my practical rule.

You should run your own email only if all three of these are true:

If even one of those is missing, buy the service.

This is not a purity test. It is just pattern recognition. Over the years I have watched technically sophisticated teams convince themselves that self-hosting was a mark of seriousness. Usually it was just a distraction wearing an infrastructure costume.

The strongest operators are not the ones who own the most systems. They are the ones who are brutally clear about which systems deserve ownership.

Boring Advice, Hard-Earned

My advice to most founders is simple: use a top-tier hosted email provider for human communication, and use a specialized transactional provider for application mail. Keep the architecture boring. Invest your attention where differentiation lives.

If you still choose to self-host, do it with sober eyes. Treat it like a security-sensitive production platform, because that is exactly what it is. Design for compromised accounts, reputation degradation, DNS mistakes, queue backlogs, and operator fatigue. Build observability into delivery paths. Rehearse failure. Assume silent breakage is your default enemy.

Most importantly, do not self-host to feel independent. Self-host only when you have a specific control objective that is worth the burden.

That is the part people miss. Real sovereignty is not owning everything. It is knowing exactly what must be owned, what can be delegated safely, and where the hidden dependencies actually are.

Email still matters because identity still matters, trust still matters, and communication still matters. But in 2026, running your own email server is less a badge of technical skill than a declaration of strategic intent.

For most companies, that declaration is unnecessary.

For a few, it is worth every painful minute.

Follow the journey

Subscribe to Lynk for daily insights on AI strategy, cybersecurity, and building in the age of AI.

Subscribe →