by cutting off free users they just opened themselves to getting undercut by a smaller company that can offer fewer, cheaper, targeted options.
I just wanted an email for my domain and that's not worth 50 bucks a year. I'll just set up my own email system at this point, call it a learning experience and never be exposed to the rest of whatever was in Google Apps.
I used to run my own one-user email system. The hosting alone cost $240 a year. And I had to spend a lot of time configuring exim4 (and spamassassin and clam-av), figuring out which email indexer to use, setting up offlineimap, running cron jobs to archive mailing lists, coercing a friend to run a secondary MX for me, etc., etc. I didn't enjoy it all. And no matter what I did to reduce spam, about 10 messages a day always made it through.
(And, when I was first doing this, someone trying to hire me for a job couldn't email me, because their hosting provider was once friendly to spammers and my aggressive blacklisting rejected their TCP connections. Oops.)
Running an email server is hard and very few people regret paying an expert to do it for them.
(As many HN readers know, I work for Google. But I'm not telling you that you should or should not use Google's product here, only that running an email server is not trivial.)
All you need is a forwarding service to forward the incoming mail to your gmail account, as regular personal gmail can handle sending out email with a different from address.
No exim4, no spamassassin, no clam-av, no figuring out which indexer to use, or any of that. Just a forward on the incoming mail.
I think most people would consider that cheating... You're hardly running your own email server, and still using Google.
I actually miss running my own email domain, the privacy of it, not the actual administration. I stopped when I had gotten so crazy with aliases and disposable addresses that the spam overwhelmed me. Wasn't worth the time to 'do it right,' and I gave up my privacy for the simplicity of GMail.
I would love to leave GMail and take my privacy back, but I haven't found an acceptable alternative yet.
"cheating"? people are claiming that you now need to configure your own smtp server with delivery, spam filtering etc. that's simply not true. most web hosting comes with an smtp server; you likely need web hosting anyway and pointing the smtp server at google is trivial.
i fail to see how making good use of available resources is "cheating". the idea isn't to win some geek hair-shirt contest; it is to get email delivered to your domain.
Seconding this; Gandi works well for me as a registrar, DNS provider, and email provider.
There are many email providers you can use with your own domain. For example, rackspace is $2 a user a month. https://www.rackspace.com/apps/email_hosting/rackspace_email... I'm not sure why people are jumping from "Google won't do this for free for me anymore" to "I must do it myself".
You can take the middle ground; make your own complete mailserver, and have a forwarding GMail or similar account to act as a proxy receiver for forum registration and that sort of thing- services that are much more likely to get your address into the hands of spammers.
It's pretty easy actually but when authorizing GMail to add a new sender address it usually mails a verification code to that address. Which, in this case would come back into the same Gmail inbox.
So if you have a X@Y.Z forwarding to A@gmail.com, then the verification code would be sent by gmail to X@Y.Z, which in turn, due to your forward settings, would redirect all mail to A@gmail.com.
The difference is that when sending mail from your Gmail.com inbox as opposed to the Google apps inbox for X@Y.Z is that when you send a mail via gmail (even if you fake the sender), the signed-by field will contain "gmail.com". On the other hand, Google apps for domains will set the signed-by field value to "Y.Z" (which would be your domain name).
As far as I know, this is the only difference. In Gmail, you can even set the default sender-address as your custom domain address so you don't need to set it everytime you reply to/compose new emails. And, unless you think/feel that signed-by: domain.name is cool, you're not really missing anything.
Using a mail address different from your default Gmail (or Google Apps for Business Mail) address unfortunately does not work for some recipients. It seems that at least some versions of Microsoft Exchange/Outlook always show your default address and not the different mail address you actually used.
For anyone considering it, some MS clients (and a few others) show something like :
myemail@gmail.com on behalf of Rob Aley [me@mydomain.co.uk]
It maybe looks a little unprofessional, but as long as your gmail account isn't something like offensivewords@gmail.com or cutesexyman32@gmail.com, its not too bad.
It is not too bad IMHO if you only use a slightly different domain for the same purpose but with completely different domains, it looks odd. And there is always the problem that some mail clients use your default Gmail address to reply and not the one you actually used.
I used to run my own one-user email system. The hosting alone cost $240 a year.
Why? I have two VPSs with the main and backup SMTP servers and with continuous replications of emails between them and I pay less than half. Not to mention they double as web servers, IRC bouncers, etc.
And no matter what I did to reduce spam, about 10 messages a day always made it through.
I probably never get the same traffic as you do, but to me the best decision I made was enabling catch-all and using different addresses for each service out there.
In my case, spammers only send to three types of addresses:
- Random (jumble of numbers and letters@mydomain): very easy to block with a couple of programming lines.
- Fake but plausible (support@, bob@): just blacklist them once.
- Leaked (from websites and such): same as above, nuke it. Only happened to me once.
All in all, I never had to set up SpamAssassin or deal with dropped emails because of untrusted sources. Blocking by destination is much cleaner.
Not to mention that you have to pay to be 'recognised' so that your emails aren't autobounced by some enterprises. I have a friend that runs his own domain email for himself and friends and it's surprising to hear just how complex it can be just to get mail accepted. I can't recall if it was a whitelist or a certificate or what, but I do remember at one stage he was happy because he found a way around having to pay a five-figure sum to some internet authority to stop some hosts bouncing his domain (the workaround only cost a couple of hundred instead).
I've never had any problems with mail delivery and I've never paid anyone a dime. I even violated one of rfc-ignorant's rules (a fake tertiary MX record) and still didn't get blacklisted :)
There are no internet authorities that control mail delivery, either, BTW. Many sites use heuristics to control mail acceptance, however, including third-party whitelists and blacklists. It can suck if you get on a blacklist, but experienced mail administrators only use whitelists and blacklists as one of many metrics regarding mail spamminess. Indicators of good mail like "most of the words in this message are non-spam words" often provide an order of magnitude more ham points than blacklists contribute spam points, so important messages will probably not be dropped even if you're on a blacklist. Of course, many sites have less clever schemes because there is a lot of spam and not a lot of sysadmin time to waste tweaking spam filtering rules.
SSL'd SMTP is a non-standard extension that nobody uses. (In fact, the port assignment for it was revoked in 1999!) TLS on port 25 is how you do secure email (mostly so you can advertise AUTH PLAIN safely.)
I think there are probably some MTAs that will STARTTLS for normal SMTP connections, but again, I've never heard of anyone using SSL/TLS as a spam-filtering criterion. (I might look through my old logs to see if anyone other than me ever issued STARTTLS on my mail server. But I'm guessing the number was near zero.)
I've been running a mailserver on my domestic DSL line for almost ten years now. Apart from my private domains it also hosted some domains for organizations, with mailing lists.
Last year I moved and my IP address changed (ISP didn't). I expected to lose the "reputation" the previous one had built up. But I did not have any problems whatsoever. I do hear rumors like yours every now and again but I have a hard time believing them.
I think that large email providers, the likes of Gmail/Hotmail, actually look at the email addresses / domains / servers that their clients send email to. Then they assign trust to those tokens.
If you're a large provider, you can do many things with the data you get from your own customer's behaviour. How about looking at accounts that have been in use for some time, seen regular web interface action, and send email to other @hotmail/gmail accounts that actually get read and not flagged spam? If those accounts send mail to my mailserver, then my mail server / domain must have something good going for it. Well that's what I would do if I were running a huge setup anyway...
As for incoming spam: I'm using various postfix tricks, greylisting, and dspam. I have no problems. I should write a howto ;-)
Cannot agree more, I have had similar experiences, my friends used to call me and say, "hey I still didn't get your email".
Finally I decided to use a reliable email provider .
my choice was Google Apps .
The smallest instance running 24/7 is $175.20 for 365 days. Add in S3 storage for 25G of data, and that adds $28.50.
This does not include incoming bandwidth, bandwidth used by your IMAP or webmail client, or DNS lookups that you'll do for every message received. (Also, spam filtering is CPU-intensive, so if you get a lot of email, a Micro instance may not be big enough.)
This doesn't include a secondary MX, either. (I like the DynDNS secondary MX service, personally, which is ~$30 a year IIRC.)
>I'll just set up my own email system at this point, call it a learning experience and never be exposed to the rest of whatever was in Google Apps.
And?
Free users threatening to leave are hilarious (even better when they campaign against ad targeting and AdBlock everything). Google's decision pretty clearly signals that users like you aren't worth it to the company any more than Google Apps are worth $50 to you. Don't do business. That's the point of a market.
I wouldn't pay for it either - I'm grateful that my Google Apps are grandfathered, but nobody is entitled to GMail, Facebook, Twitter, etc. It's a voluntary transaction between two entities and, in this case, you and Google Apps aren't a good fit.
I use Google Apps because I want to use GMail, but with my own domain. That's it.
I'm not an enterprise. I don't need more support than regular GMail users. I don't have special needs, like managing what services are allowed. I just don't want a @gmail.com address.
I see people here defending this move, but think of how services like Google+ make mandatory an email address that's managed by Google. That email address will now have to be a @gmail.com address for regular users. Now think of how you can register with any email address on Facebook or Twitter, an email address which becomes your online ID.
By using your own domain with your own email address, if the email provider interrupts the service for you, you can always change your MX records and recover all the accounts that rely on that address. That's not something you can do with a @gmail.com or a @yahoo.com or a @hotmail.com address. If Google cuts off your access for some reason (like in case they find out you're under 18 or some bullshit) or if they delete your account by accident (hey, shit happens), then at the very least your online identity is not lost.
Freeloading is not the issue for me. I am already a paying Google customer in other ways (I buy stuff from Google Play, I pay for Google Drive storage, etc...) and I would happily pay them $50 per year anyway. The bigger issue is that using any Google service requires a Google email account, with Google Apps being a mild remedy for that.
How can I encourage people to use Google's services now? Not mentioning that 2 businesses are now paying customers of Google Apps, because of my freeloading and my recommendations for it.
Also, WTF is it with Google and raising prices? Companies are usually cutting prices down, while they are raising them. This also makes it an issue of trust - usually when I subscribe to services, I expect prices to go down, not up, otherwise I cannot trust it. My trust in Google is eroding right now.
What next? Make Chrome and Android proprietary with a yearly subscription for users? Lots of pesky freeloaders out there.
Just because you have to have a GMail account to log in to Google services doesn't mean you have to use it as your primary email address.
Plain-old GMail is no different (from a UX perspective) from being the sole user on a Google Apps account, so admins haven't really lost anything in terms of being able to evaluate Google Apps. There's nothing particularly interesting in the free version's admin panel.
If that's all you want, go to nearlyfreespeech, set up your domain there, and tell it to forward emails to your gmail account. Your gmail account then can send email under that name. I did it for quite a while.
It works, but Outlook (or at least some versions) will always show your emails as being from something like "address-you-forward-to@gmail.com (via you@your-real-domain.com)" which is annoying.
What you're missing here is that the free google apps was a way for admins to get their hands into the GA ecosystem. Google already offers the product for free, just so long as you use an @gmail.com address.
From my own experience I can tell you that running your own mail server is a massive PITA. There's a good chance that even if you jump through all the required hoops to improve trust for your domain you will still have trouble delivering mail to certain addresses (Hotmail is notoriously hard to get white-listed for).
Then there's spam... don't even get me started on spam filtering. For me personally $50/year is a bargain considering that running, maintaining, patching a mail server is time consuming and has no real upside.
As a learning experience it's fine, but in practice delivering mail (reliably) sucks hard.
If it's just deliverability that's an issue, you can use the regular Gmail SMTP server for outgoing mail, without Google Apps. You just have to add the address you're sending from as an alternate address in Gmail.
>Then there's spam... don't even get me started on spam filtering.
You could sign up for Google Apps, point your domain MX to Google and forward all your SPAM free mail to your private server from the Google Apps console.
No kidding, I've seen so many companies that had their mail systems in premises setup a 1 user Google Apps account ($50/year) to do what I just mentioned above. They got rid of most of their SPAM and saved tons $ on wasted bandwidth.
That's $50/year for each user. Easy to stomach if it's only yourself, but add even a partner (not to mention a small team with a bootstrapped product) and it starts to make less sense financially.
Sorry, but even for a team of 6 people if you can't muster $300/yr (breaking down to $25/mo or $4/user-mo) you aren't bootstrapping. You're being inefficient, and perhaps even reckless with your endeavor. (Unless you're building a competitor).
Sometimes it's about the pennies. But other times, especially early, it won't be these types chunks of money that kill you. I used to go on CL and do user-studies for $50 a pop and resell the gift cards for cash or amazon credit. So it's hard for me to believe that what you are building can't spare an hour of work to fund baseline communication systems that are pretty well supported.
Better pay those $300 and have your people and you 100% focus on your product, creating it, marketing it and selling it. Than dealing with spam rules or downtime servers.
That is why heroku exists right? Otherwise only linode or ec2 could make business. Now if you have free time (you shouldn't) then, it is a whole different story. I agree with you.
Most people pay more than $50 (or even $100 or $200) a year for far less useful services than a managed collaboration suite with full support.
To put it in perspective, Netflix costs ~$108 a year. People have no issues spending $4 a day on a latte, but just 13 lattes costs more than a year of Google Apps. A single latte or a big mac meal at mcdonalds costs more than an entire month of google apps for you.
I always hate these comparisons because they have no basis in reality. Food, drugs, and sex are basic human drives. You can't compare them to something as ephemeral as email.
The mobile phone is a better comparison, but you're dealing in abstract concepts now, not the simple neurochemicals your brain has spent millions of years evolving to crave. Plus, email is probably one of the least satisfying forms of communication.
This. I've been looking for a good email solution for personal+freelance work with decent privacy, security, and reliability. I don't need 24/7 support. I am absolutely willing to pay for it. But pricing per mailbox with Google apps adds up really quickly even with just 4-5 boxes. I'd like to be able to make separate mailboxes for my partner and to separate several different classes of email (personal, business, limited access, catch all, etc) for security purposes. These things don't need extra support or space, I can't stomach an extra $50/year for what amounts to aliases with passwords.
Has anyone found a good solution for this? I could host it myself but that is a lot of hassle, free email accounts have ads and rarely let you use your own domain. The best I've found so far is email through a shared hosting provider, but it has limitations of its own (no IPv6, no 2 factor auth, self signed TLS certificates, etc). The cost is similar to a Google Apps account but without the linear price increase per mailbox.
I believe that you can accomplish what you need using domain aliases (which google apps for business makes use of). You can have up to 20 domain aliases that all point to one mailbox: http://support.google.com/a/bin/answer.py?hl=en&answer=1...
Have you considered using aliases in GApps? Different than the catch all, but allows you to setup specific email addresses. I use them for accounts, newsletters, etc and then create filters and labels in my one apps email.
$50 "feels" like a lot because it's been given away free all this time. But our industry has spoiled us. We can hop from one free product to the next free product, but really we just need to determine if that one product is valuable enough to justify paying for it.
In the case of email, it's obviously valuable. While there are other options out there, ultimately you have to determine the cost of researching, testing, setting up, and switching over you and your employees. All this time is spent away from your money making activities.
If you can't afford 0.15 % worth of overhead, using very conservative numbers, you need to rethink your business model. To break out that tired old analogy again - you're spending more than that on coffee for each of them, when you make it yourself and don't even factor in the depreciation of the coffee machine.
It's just as easy to imagine Google getting undercut by a big company. Yahoo, here's your opening.
I always thought of free Google Apps as the company's brilliant play to control the fabric of the business internet. Can you name anything in the digital realm more important to businesses and organizations of all sizes than long-form communication (email) and content and information-driven collaboration?
Sadly for new users and for Google itself, the company's actions reveal a failure to recognize Apps as anything more than a collection of inter-related services ready for more aggressive monetization. Management fails to see the strategic benefit and leverage afforded by controlling the online fabric of every new business that starts operating as a small team. It's the type of short-term and profit-driven thinking that afflicts so many companies as they reach the complacency of scale.
Rackspace email. Equally good experience IMHO, absolutely fantastic support, $12 a year per mailbox. Best purchase of a web service I've ever made. Your email is the skeleton key and core of your online existence, that's far too important to leave to a company that considers support an exercise in statistic management.
Our experience with Rackspace email at $12 per user per year has also been great. Although I suspect our pricing is grandfathered in, looks like they have doubled their price in recent times to $24 per user per year:
For most people, the time and effort of setting up and maintaining an email server is probably worth more than $5 per user per month. For a company of 100 people, that's about 10 person hours every month, without considering the initial cost to buy the hardware. Not to mention the risk of something going horribly wrong and blacking out your email, unless you've co-located the mail server on enterprise grade hardware (which will eat all your savings anyways).
Yes and if I was setting up a company of 100 people I'd be fine with that because I probably have the cash flow to support that.
I was in the middle of setting up a service for a company of one at the moment and having one or two redirected emails isn't worth fifty dollars a year each right now.
So, a real life story: I set up a free GMail account for my site, and directed all the contacts from the site there. I added it to my phone so I'd know when I got messages. I didn't really do much promotion, so I wasn't surprised I didn't see anything for a week. When I logged in from the web, I had gotten three emails from potential customers. Unfortunately, they'd been sitting for a week, and so it didn't make a very good impression when I did reply.
A company of one definitely needs the most reliable communications it can get. Even if you're drowning in leads, it makes you much more credible if you don't have to explain to a client why their email bounced back. A delightful, relevant saying I encountered the other day is 'penny wise, pound foolish'.
I don't understand what point you're trying to get across here. Aren't you just as likely to forget to check a google apps mail as a regular gmail? Or are you describing a bug? Isn't that still equally likely with either option?
Aren't both options crushed in effectiveness by redirecting to your main account, whatever that is?
> A company of one definitely needs the most reliable communications it can get
Is that clear enough for you? Self-hosting is a poor idea because screwing up once costs you real money, probably more than you'd spend on a year of hosting at a small business.
My point is, I made a minor mistake in configuring GMail. That was my own fault. Multiply that amount of configuration by a million, and see if you don't make a mistake. Do ongoing maintenance, and see if you don't make a mistake. Keep everything secure, make sure you're whitelisted by every major provider, and ensure no messages ever bounce one way or another.
My point is, fucking up is bad and easily costs you money. Giving yourself infinitely more ways to fuck up to save $50 a year is stupid. I don't know how I can put it more plainly than that. At this point you're pretty much just trolling.
I have the premium account for 8 people. If we were 100, I may setup an in house exchange or similar. I may have 3 more guys maintaining the email, web and the rest of Internet related hard/soft.
For 8 I prefer $50 per year. Three more guys over 8 is ridiculous.
I'm lucky in that I already have Google Apps and they're not starting to charge me. But if I didn't I'd look at whether there are reasonable free/cheap alternatives out there.
For customers it looks like the end of free Gmail-for-your-domain. But for competitors I imagine it looks like the end of price gouging.
It's 2012, nobody wants to delete an email from the server. When Google Apps Standard launched (50 accounts, 1 GB per account, for free) business were consuming email using Outlook + POP3, deleting the mail from the server. Then you could offer 'ilimited' Cpanel based emnail accounts in less than 1 GB. Business and people have different standards now and consuming email using IMAP, letting the mail in the server, using more storage (7 GB / account) without paying anything. We can't back to the 1GB 'ilimted' accounts scenario. Google has influenced our behavior, has give us the 'first dose', now they come for the money.
I do this. It's not easy, but it's not as bad as most of the comments here would lead you to believe. If you have the wherewithal to run things on a server it's definitely within reach, albeit probably not a cost-effective way to spend your time.
Let me make a few recommendations. I'm not a sysadmin by trade but I know a few things you can do that will improve your lot in life running mail.
- Postfix and Dovecot. They have the right combination of ease of use, power and security. Don't overconfigure; try to get it working with basic settings first and then evolve it towards what you dream of rather than setting out to configure it that way first.
- SPF and DKIM. I have no trouble getting messages to Gmail and I think this is part of why.
- Make sure your hosting provider is not huge and very high quality. I chose RootBSD because they're small but highly technical. If you have a lot of spare cash, iNetU are quite good and sometimes help with FreeBSD. The larger or crappier the host is, the more likely you'll wind up in blacklisted IP space. (BSD hosting companies tend to be smaller and more technical, and BSD is great software, so I'd recommend that if you're interested.) Getting off a blacklist isn't a lot of fun and it's not hard to wind up on one, but I find being on a discriminating host is a good preventative measure.
- Rely on IMAP. If you want webmail, try and find one that is really just an IMAP frontend. I tried and liked Roundcube a while back; these days I have IMAP clients everywhere so I don't know what the new hot stuff is, but IMAP is fantastic.
- I strongly recommend you get an account with DNSReport.com. Their software can detect most of the DNS problems you can get yourself into that wreak havoc with mail. Odds are good you'll be doing a lot more DNS than before, it's a great tool to have in the toolbox.
- Stay on top of your security updates. I recommend running sshguard and whatever other security software/IDS/firewall type stuff you can stand. Make sure you're not giving out a bunch of shell accounts with root on this server. Seems obvious, but people forget or get lazy. FreeBSD will email you a security message every day; if something like that isn't coming your way, consider trying to set it up. It tells me, among other things, who tried to log into the server, how many times they failed, what their IP was, and lots of other stuff.
There are a number of nice upsides to running your own mail server.
- Email can be hooked up to the database various ways.
- Automatic emailing for free (keep an eye on it).
- Scripted email handling for free (Procmail etc).
- Get system-generated messages emailed (Nagios/monit etc., login/sudo failures, etc.)
- Advanced forwarding/wildcard accounts.
Anyway, I hope you do give it a shot despite the nay-saying. Cost-effective? No, but it's a blast, and many of the upsides would be hard to replicate with Gmail. Of course the web mail UI will be worse. Tradeoffs.
I've run my own mail server for 15 years, since I got my first permanent connection. I host on the end of it as I have a large distrust of "the cloud".
It is cost effective for me as it has increased my merchantable skill portfolio. I've ended up designing some mail systems (50k+ users) for some large ISPs in the past thanks to my accumulated knowledge.
Debian is probably the easiest to get off the ground - it's pretty much "sudo aptitude install postfix dovecot" and follow the instructions. I was a FreeBSD user but primarily due to apathy, I tend to use Debian.
This is about to change however, when FreeBSD supports the raspberry pi as it's a much lower memory and power footprint device so some of FreeBSD's simplifications and optimisations will assist there.
For me, a Raspberry Pi with a 32 gig SD card plugged into my 12Mbit connection will suffice for the 18 users and 5 domains via IMAP that are currently being hosted on a much larger machine. Cost to me: $40-50. No brainer.
32GB of storage satisfies 18 users? That surprises me. I have 5GB in one mailbox and I'm not much of an e-mail hoarder. Also, what do you do for backups? Do you have offsite backups? How do you search your email? How do you filter spam? What about calendars, shared contacts, and internal document storage? Do you have multi-factor auth and application-specific passwords? Google Apps has a ton of features and it's reliable. Not to mention, it's cheap. Unless your time is worth very little, setting-up and maintaining your own mail server is going to cost a lot more.
People use e-mail constantly. It's important. $50 per person per year isn't a blip on the radar. Do you know how much money you'll lose if your 18 users can't access their mail for an hour? Now consider how much time they'll spend setting up their own mail clients instead of using Gmail. Think of the increased time and frustration waiting for searches to finish. Think of the extra time they'll spend deleting spam. You're paying a lot more than $40-50 for that mail server, but the real cost is obscured from you.
It's a no-brainer: skimping on email hosting is simply not worthwhile.
Our biggest mailbox is 200mb. Pretty much everything gets deleted or moved out of the mail system. It's not a file system. If you think it is, you're doing it wrong.
Backups: tar and gzip daily, then scp to a friend's server in another country. Also take manual backups to encrypted USB stick weekly which I carry around on me at all times.
Searching: you only have to search it if you have lots of it. I have 9 messages in my maildir. I receive perhaps 20-30 messages a day. No problems - they all fit on the screen. If it's worth keeping, it goes as a ticket/wiki entry or in the hg repo as a document.
Spam: get one or two a week per user. Just delete by hand at the moment. People who use imap use their mail client's spam filtering stuff. If it gets problematic I'll probably install a filter.
Calendars/contacts: both in mercurial in agenda format (plain text, one line per event or contact). Very easy to manage and share. Have you tried keeping a central address book/calendar accurate using any other method?
I know how much we'll lose without email which is why it is where it is :) About 2m from me most of the time.
Cost? I've spent 20 minutes on admin this year. Everything is automated..
I'm not skimping, I'm making sure we do it right so we don't need all the tooling and features. To be honest, google is too cheap to be good if you ask me and their reputation shows regulalrly with outages and problems.
I can appreciate that for most people this is not a decision. But for technically inclined people who want to learn this stuff, there's no reason to talk them out of it. Is it substantial work? Yeah, but so is running a web server or a database and those are also critical IT components that have a lot of niggling details.
There are lots of reasons to not use Gmail. Maybe $50/year is a lot for you. Maybe your needs are modest. Maybe you want the knowledge and experience of running mail. Maybe you want or need to interface your other components with mail. Maybe you don't like the rest of Google Apps. Maybe you hate the Gmail interface. Ultimately, most people will choose Gmail despite whichever of those reasons might apply. There's no need to turn a technical decision into a dogmatic one.
I am failing to see what the big stink is about "giving up one's privacy" when using "the cloud." Yes, there are some shady providers that might put their hands in the cookie jar at their convenience. That sucks. Google isn't one of those providers, though. What advantage would they gain from reading people's mail at a whim?
Regardless, one's privacy is already compromised the moment they sign up for Internet service; that information can be made available to the right people after one subpoena.
Google read your email and use it to throw targeted ads at you.
There is a fine line between profiling, tracking and analysing communications and utilising that data for something nefarious. The only deciding factor on how far it goes is cash.
Quick dumb question about the RASPBERRY-PI: What do y'all do with the board itself as far as a case? I mean, are most of you just letting it sit on a self or something (it's so dang small anyway)? I've seen a few plastic cases floating around and they seem like the only option really (outside of just building a simple wood box and screwing it to the wall...
I've thought about doing this. Last time I tried to set up a mail server on a cheap VPS I didn't have enough memory, ClamAV was the biggest culprit. But I think the new 512 RPis would work quite well.
You don't need that much memory if you're setting up a simple IMAP server; you could probably do it on a super cheap instance on AWS, Rackspace or similar.
I ran my own email server at home for many years, but in the end I switched to Gmail/Google Apps about two years ago since
- I kept a mostly "if it works don't break it" approach, but about once a year there'd be some alert about security issues with some specific software and I'd run a "aptitude update". Invariably it'd update the packages out of order, libc would get screwed up, and I'd have to reinstall the whole server.
- I could never get the spam filtering up to snuff. I had daily auto-training spam+ham folders etc set up, the works, but I'd always get a a few spam messages in my inbox, and a handful of false positives. Used SPF but it had to be softfail since someone I visit friends/relatives who's ISPs have blocked SMTP ports aside from their own relay.
- My fault, but I ran a forwarding address for a friend, and I got blocked by my ISP since it forwarded some spam messages that got flagged.
- I don't feel properly equipped to deal with backups. (sure you can set up an rsync to somewhere else [that you have to pay for], but you also want to keep monitoring that they're good, test restores, etc)
Easily worth $50/year for me to not have to think about it.
edit: forgot the biggest reason I switched: I got an iPhone, and iOS doesn't do push email over IMAP. Gmail supports Exchange, and there's no way I'm going to be hosting that myself...
I kept a mostly "if it works don't break it" approach, but about once a year there'd be some alert about security issues with some specific software and I'd run a "aptitude update". Invariably it'd update the packages out of order, libc would get screwed up, and I'd have to reinstall the whole server.
What distribution are you using? I've never had this happen, though for important servers I tend to use Debian stable. I would be shocked if it happened on stable.
Ran into the same issues years ago (though this was only for myself and a couple family members). Didn't think I'd get myself blacklisted so easily. You really need to be up to par on spam filtering etc. Gapps is quite elegant for my needs most of the time.
For those in Europe, Hetzner do excellent FreeBSD dedicated servers. They are based in Germany. They have a server auction for older hardware as well where you can get decent dedicated servers for just over 20 euros per month.
I've done this and I'd recommend getting rDNS set up if you can, on top of your SPF and DKIM, though it sounds like maybe it's not entirely necessary.
I ran a linksys NSLU2 as my mail server for a few years, with a USB stick as its storage. With Debian linux with Dovecot, Postfix, spamassassin, and the Spamhaus DNSBLs set up I managed to keep the signal to noise ratio pretty damn high too.
If you only support public key or two factor authentication you won't need to worry about brute force attacks. Most SSH brute force attacks are dictionary based using common usernames.
You'll most likely be ok. The main attack vector is a chunk of regularly used usernames and a small selection of passwords. These are quite successful against shared hosting where password quality is hard to control properly.
If you've got a "garden variety" server with a strong password, I wouldn't worry.
I've got a laptop slung on the end of my ADSL line that has had literally millions of attempts.
If you are worried, you can install fail2ban which will block repeated attacks at the firewall level.
Virtually all SSH attacks are of the nature mysql:mysql or mysql:password, so you should be safe as long as you can trust your users not to be stupid. The attackers prefer quantity over quality when looking for targets.
And if you use SSH keys you should be totally safe.
Remember to apply security fixes though since the automatic attacks also probe for ancient versions of SSH servers.
If you're worried about ssh brute force or just don't like all the noise in your logs, moving the port tends to drop off about 95% of them. In addition, running iptables tarpit rules (or your OS equivalent) tends to kill the rest fairly quickly.
I put info like this in a password manager for sanity (Keepass, I work on a PC).
One easy way to manage it is make a folder for each hostname, and add things like mysql root password, ssh port, public IP, pivate IP as different entries relating to the all aspects of managing the host.
If Heroku can afford to support free users on it's PaaS, it surprises me that it isn't feasible for a giant like Google. I can't see this move doing anything to improve what is arguably an already unpopular service.
Just a note, you outgrow the free Heroku implementation pretty quickly. Do you need SSL on a custom domain? You're now paying. Do you need more than a small number of DB connections simultaneously? The smallest production psql tier is $50 a month, or the annual fee for one seat on Gmail.
I'm glad I already have my Google Apps accounts setup. I rarely even use the web interface except from work. At home it's all IMAP and Android.
At $50 / year for Google it's cheaper to buy a domain from GoDaddy and pay for email services (webmail + IMAP) that are automatically tied to your domain.
Basically GMail only has the two-step authentication. The uptime is worse than that, the web interface is not that great, it is slow and interoperates poorly with IMAP/Exchange/POP3 access.
But that's great. Google is going for enterprise market, freeing the small business niche to whatever competitors would spring up. If I wanted to open a start-up, I'd be delighted I just had a 800-pound gorilla move out and open the space for the rest to compete and try to have a part of immense success Google has. How often you see a giant company just come out and say "please, come in, take part of my market, I don't need it anymore"?
I've got several domains, I just forward them to my gmail account and set up the reply-to addresses if I want to be consistent - no need to get an Apps account for that.
We also run an email system at work, though it's a lot more work than other services - mostly due to spam / deliveriabilty - so even if you do pay $50/yr still seems a bargain. IMHO you need 100+ users to even think about justifying the time cost for running a mail server yourself.
Also, I get access to all the new Google stuff without having to wait for Google to make it 'business-ready'.
Paying Google to make email problems go away (and get nice features to boot) is worth it on $ alone if you plan to need even a handful of hours of outside help/year, plus equipment. Plus the peace of mind (and your saved time) of not even worrying about it.
Email is a solved problem that is totally worth it to outsource or pay someone else to manage in-house. If you feel comfortable setting up your own mail server, managing spam, updating it, etc., and WANT to do it, then you're probably not Google's target audience, anyway.
They can play the game though, too. Offer good discounts for onloading users; First year or two free, etc.. Hell, first 5 years free. What do they care if they get you used to their products, and then stay a client for 15 years after the 5 year trial?
Plenty of services offer unlimited accounts for $5/month. The amount of services offered in a Google Apps account needs to stop getting minimized to just email in this thread as it skews comparisons.
I just wanted an email for my domain and that's not worth 50 bucks a year. I'll just set up my own email system at this point, call it a learning experience and never be exposed to the rest of whatever was in Google Apps.