NYTimes: Everyone Wants Your Email Address. Think Twice Before Sharing It.

The solution is an infinite supply of throw-away addresses.

Happiness is building your own email server ...

It is perfectly fine to use a single email server to handle many domains. However, I need to be aware:

• The MX record for the email domain should point directly to the actual server by its DNS name (do not use a raw IP address). For example, the MX record for fghg.net should point to charlie.kernelmode.com
• The email client (Outlook) should point directly to the actual email server (charlie.kernelmode.com). Using an intermediate alias (ie pointing Outlook to mail.fghg.net and then using a CNAME to redirect email.fghg.net to charlie.kernelmode.com) will cause Outlook to complain that charlie's certificate is invalid, since Outlook is expecting the certificate to be for mail.fghg.net.

Why?

Why did I feel the need to write my own email server when there are already so many well-established programs available, many for free?

I tried using sendmail on a Linux system. This works, of course, and is by far the most common solution. But I am not familiar enough with Linux as a system admin and was never really sure it was working properly. Sendmail gives little feedback about what it is doing, and I could never get it to do exactly what I wanted. What I really wanted was a live display showing exactly what the server was doing right now that I could watch in real-time. Monitoring text logs was not good enough and they didn't contain exactly what I wanted.

I used MailEnable on Windows for a while, almost four years. This was reasonably priced ($130 one-time cost) and I was more comfortable managing Windows than Linux. MailEnable had some weird quirks, especially in the way it used separate services for SMTP, POP, and MTA. I had a bad experience where I accidentally set up an open relay (something no modern email server should ever enable) and did not realize it was spewing spam until my IP address was blacklisted. MailEnable would occasionally stop working for unknown reasons and need to be restarted every few months. The final straw was when the server became unresponsive because MailEnable had completely filled the disk with log files during a sustained DDoS attack. This was especially frustrating because MailEnable's logs are useless; they contain useless minutae in multiple formats without any sense of context. I could not make heads or tails of any of it. To keep MailEnable running, I would have to periodically log into the server and delete gigabytes of these useless logs.

Almost all existing email servers were written at a time when the biggest threat was spam and virus attachments. Today these are mostly solved problems, and the biggest problems are hackers who try to overwhelm a server with socket storms or suborn it with password guessers.

When I had to rebuild my email server yet again, I wondered just how hard would it be to write my own email server -- one that would do exactly what I wanted, use very little system resources, and be built from the ground up to resist hacker and DDoS attacks. I wanted an email server that was fully integrated with the firewall. I also wanted an email server that would use MySQL for data so that I could integrate with other stand-alone programs and easily monitor the status of the system.

EMailV1 is different than most existing email servers:

• Runs on any version of Windows without requiring anything other than MySQL, which could be running on a separate (possibly Linux) machine.
• Designed to consume very little memory and cpu resources. It runs perfectly well on a free-tier t2.tiny instance, or a $200 mini-pc.
• It uses MySQL for all its data storage, except for the message text. This makes it easy to monitor, diagnose, and integrate with other programs. My intention was to open up the mail server to third-party programs, and MySQL provides a standardized and well-known interface.
• No persistent log files. Activity is written to the database and old entries are periodically flushed. Log files will never fill up the disk. Searching and analyzing acitivity in a database is much, much easier than with text files.
• Human-centric logging. EMailV1 has an extensive array of log filters, so I can configure it to log the minutae of every internal action or I to log just the high-level actions as text that is easy to read and understand. When a connection is dropped, the logs contain the facts about when and what happened and (hopefully) an explanation of why it happened. Useful logging is more of an art than a science.
• Logging is optimized for heavy loads, including the live console view. Logging will never back up and choke even during DDoS attacks.
• Built-in firewall. Windows Defender is a complete disaster, Amazon Firewall is prohibitively expensive and complex, and external firewalls may not be feasible. EMailV1 is designed to run without a front-end firewall and manages its own banlist.
• Full support for catch-all accounts. This lets me invent new email addresses at will without actually creating any new accounts, making modern life much easier to manage. Catch-all accounts are incredibly handy.
• Domains and accounts can be managed using email messages to the server's MailBot. No need to log into the server to create new user accounts, just send an email from your admin account. Or write your own web page to manage the server by updating the MySQL database directly.
• Unlike most other email servers, EMailV1 can run both as a headless background service or as a "normal" Windows GUI program. This lets me display live logs, statistics, and an activity graph that instantly tells me what is happening inside the server. Much, much more informative than trying to parse text logs. I can see in an instant what it would take hours to extract from static logs.

I found that writing a basic email server was not terribly difficult. Then it took a lot of trial and error to make it to work right, handle TLS connections, shrug off hackers, and interoperate with all existing email servers. I have now been using EMailV1 as my primary email server since July 2020, over three years now, and it has matured into a rock-solid service.