As someone in infosec, how do you handle your personal email?

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 17:18:54 GMT

bobbricoleur@infosec.exchange — Sat, 04 Apr 2026 17:18:54 GMT

@noplasticshower I self-host with Dovecot 2.3 + Postfix on a VPS.
No issues with TLS so far — using Let's Encrypt with SNI for multiple domains.

SPF/DKIM/DMARC all set up with hard fail. Deliverability has been surprisingly good.

Honestly the hardest part was getting the PTR record right with the hosting provider. Once that matched, everything was ok.

What TLS issues are you seeing on 2.4? Curious before I upgrade.

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 17:13:26 GMT

bobbricoleur@infosec.exchange — Sat, 04 Apr 2026 17:13:26 GMT

@hotarubiko thanks a lot for this view , very interesting. so basically Proton, provide you the key that they also have in their server ?

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 17:09:44 GMT

bobbricoleur@infosec.exchange — Sat, 04 Apr 2026 17:09:44 GMT

@Prometheus nice to know, any other similar services you know ?

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 17:08:11 GMT

hotarubiko@infosec.exchange — Sat, 04 Apr 2026 17:08:11 GMT

@bobbricoleur Self-hosting is always preferred. It is a lot of work. Many mail services still pre-emptively block self-hosting for spam despite spammers not doing self-hosting. It is too easy to add self-hosting to blocklists and some people do this automatically and without cause. Once on it is difficult to get off. Most mail services do collect and retain mail messages. Tuta and proton say they do not retain mail. Tuta and Proton encrypt mail at rest but they possess the keys. Proton may only allow entprise accounts to use smtp. Tuta seems to allow only imaps.

Ymmv.

Bonne chance.

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:44:08 GMT

prometheus@infosec.exchange — Sat, 04 Apr 2026 16:44:08 GMT

@bobbricoleur proton with my own domain. I love all the services that proton has. It works well from my Graphene OS phone without Google Play. The calendar, Simlelogin,and the email services are my daily goto's. Minus Lumo+, which I signed up for and now have abandoned for multiple reasons.

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:26:28 GMT

noplasticshower@infosec.exchange — Sat, 04 Apr 2026 16:26:28 GMT

@bobbricoleur proton mail

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:18:12 GMT

plaimbock@fosstodon.org — Sat, 04 Apr 2026 16:18:12 GMT

@bobbricoleur I use proton because AFAICT dovecot 2.4.3 still has TLS/LDAP issues. When that is resolved I'll probably return to self-hosting. What do you use for SPF, DMARC and DKIM?

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:15:44 GMT

mrfoostang@foostang.xyz — Sat, 04 Apr 2026 16:15:44 GMT

@bobbricoleur@infosec.exchange @relay@relay.infosec.exchange I ran a #WildDuck server for a while. I had to use an smtp relay to send because non-ISP source servers tend to score higher on spam filters even with DKIM, SPF and DMARC in place, so it became a game of diminishing returns.

When I got tired of that I just went to Proton like a normie.

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:12:08 GMT

bobbricoleur@infosec.exchange — Sat, 04 Apr 2026 16:12:08 GMT

I'm using standard email solution right now, and want to see if there is good alternative ?

Reply to As someone in infosec, how do you handle your personal email? on Sat, 04 Apr 2026 16:11:30 GMT

4fd485@mastodon.social — Sat, 04 Apr 2026 16:11:30 GMT

@bobbricoleur
I use tuta mail