This is coming from a general perspective of wanting more privacy and seeing news of Mozilla creating an email service “which will definitely not train AI on your email”. Sure Mozilla, whatever you say.
Rant aside, here’s my question: is it possible to store all of your email on your own infrastructure (VPS or even NAS at home) and simply using an encrypted relay to send emails out to the public internet? My idea is that this removes the problems of keeping your IP whitelisted from the consumer, but the email provider doesn’t actually hold your emails. This means your emails remain completely in your control, but you don’t have to worry about not being able to send emails to other people as long as your storage backend is alive.
I don’t know much about email to comment on what this would take. I think something similar is already possible with an SMTP relay from most email providers, but the problem is that my email also resides on their servers. I don’t like that. I want my email to live on my servers alone.
Do you think this is possible? Does any company already do this?
Thanks
Only thing I can comment on is that 99% of all E-Mails you will get are unencrypted and can be read by your relay. (There are few e2e encrypted emails being send.)
So either trust them or don’t use a relay.
Not true that most incoming email will plaintext. It’s the opposite:
“Most of today’s email services, including Gmail, employ transport layer security (TLS) to protect emails in transit”
Ref: https://umatechnology.org/gmails-new-encryption-can-make-email-safer-heres-why-you-should-use-it/
Sorry are not emails like https protected in transit in 2025? I mean equivalent http to https but in email transport. How is this still a thing? Why nobody is concerned. Is this not a problem?
Communication between the email servers is normally encrypted with TLS. The email files themselves are rarely encrypted. Most providers that do encryption of email are using local server managed encryption, so the email providers would still be able to access it.
For proper end to end protection you would want to setup PGP between you and your recipients, and encrypt the email before its sent.
But like in 2025 there is still no mechanism to do true end to end without manually setting up pgp? Meaning when i browse using https i do not need to think or anything. It happens automagically. But with emails, where do i even start with pgp when i use gmail via email client like thunderbird
Https give you encryption in transit. The files you view will be accesible to the host.
Same idea with email.
Yeah, in 2025 doing encrypted email is a painful process. Every option is a hack on top of a 43 year old protocol.
Here is a howto from Mozilla on pgp with Thunderbird. It isn’t a pleasant process.
https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq
This 100%. It is well-advised to consider what your security/privacy objectives are, since encryption-at-rest is different than guarding against eavesdropping when sending outbound mail. What threat model you use will define what is or isn’t acceptable.