> You don't reply to many incoming emails, so they would never be seen by the MTA
Every email has a sender and a receiver, and if either of those parties are on cloud hosted email, your email will be seen by an MTA, and you can bet your life that Google/Microsoft/whatever will snatch your recipient email and catalog it.
As i said, if you want privacy use something else, like Signal for instance, or use encryption, in which case it doesn't matter where you store your emails as any information you expose is already exposed by the protocol itself (sender/recipient/topic/date/source ip/destination ip/etc).
> MTAs normally don't store emails, and it would be expensive for them to do so as you aren't paying them for storage. This protects your past and present emails from the MTA turning evil (or being hacked) in the future.
So do backups, but with much lower maintenance, and more security/resilience, simply by being "offline".
> Even consumer-grade routers support DMZs. With the right instructions, it's possible to only open the firewall to the server and keep it out of the home network.
Ask your friends what a DMZ is. I'm certain that most people on HN will know what it is, and a large share will probably also know how to set it up, but then the issues with hairpin nat, name resolution, and other stuff starts cropping up, which is where some people just give up and instead expose it from the LAN so that they may access it from home as well.
Expand the scope to also include VLANs and you have an even smaller group.
Next up is that many people will happily use the same server for exposing services to the internet as well as internal stuff, so now you're just one CVE away from having everything on your server encrypted/deleted/leaked. You can partially mitigate that by using jails/containers, but thats another layer you need to familiarize yourself with, with the risk of once again getting it wrong.
Most people would be much better off just setting up a VPN and using that to access their home network, and letting professionals worry about securing services.
Edit: I should add that i'm not against people setting up servers at home for experimenting/learning, it's only when they expose those services to the internet it bothers me.
There is certainly value in experimenting with stuff in a homelab, but when there are so many free servies available that does stuff better than almost any reasonable homelab can hope to, there is very little point in accepting the additional risk.
In the case of a "static webpage" use case, you can publish that for free with GitHub, or you can chose to expose it from home, opening up your firewall, as well as ports to your server. Congratulations, you're now a network and system administrator, as well as responsible for maintaining SSL/TLS certificates, ensuring uptime (if the webpage has value, otherwise why bother publishing it in the first place).
In the "free" package you get resilient infrastructure with redundancy on every level (power/internet, hardware, software, services), you get a professional staff that babysits services, and you don't have to worry about anything expect creating the content you want to publish.
Every email has a sender and a receiver, and if either of those parties are on cloud hosted email, your email will be seen by an MTA, and you can bet your life that Google/Microsoft/whatever will snatch your recipient email and catalog it.
As i said, if you want privacy use something else, like Signal for instance, or use encryption, in which case it doesn't matter where you store your emails as any information you expose is already exposed by the protocol itself (sender/recipient/topic/date/source ip/destination ip/etc).
> MTAs normally don't store emails, and it would be expensive for them to do so as you aren't paying them for storage. This protects your past and present emails from the MTA turning evil (or being hacked) in the future.
So do backups, but with much lower maintenance, and more security/resilience, simply by being "offline".
> Even consumer-grade routers support DMZs. With the right instructions, it's possible to only open the firewall to the server and keep it out of the home network.
Ask your friends what a DMZ is. I'm certain that most people on HN will know what it is, and a large share will probably also know how to set it up, but then the issues with hairpin nat, name resolution, and other stuff starts cropping up, which is where some people just give up and instead expose it from the LAN so that they may access it from home as well.
Expand the scope to also include VLANs and you have an even smaller group.
Next up is that many people will happily use the same server for exposing services to the internet as well as internal stuff, so now you're just one CVE away from having everything on your server encrypted/deleted/leaked. You can partially mitigate that by using jails/containers, but thats another layer you need to familiarize yourself with, with the risk of once again getting it wrong.
Most people would be much better off just setting up a VPN and using that to access their home network, and letting professionals worry about securing services.
Edit: I should add that i'm not against people setting up servers at home for experimenting/learning, it's only when they expose those services to the internet it bothers me.
There is certainly value in experimenting with stuff in a homelab, but when there are so many free servies available that does stuff better than almost any reasonable homelab can hope to, there is very little point in accepting the additional risk.
In the case of a "static webpage" use case, you can publish that for free with GitHub, or you can chose to expose it from home, opening up your firewall, as well as ports to your server. Congratulations, you're now a network and system administrator, as well as responsible for maintaining SSL/TLS certificates, ensuring uptime (if the webpage has value, otherwise why bother publishing it in the first place).
In the "free" package you get resilient infrastructure with redundancy on every level (power/internet, hardware, software, services), you get a professional staff that babysits services, and you don't have to worry about anything expect creating the content you want to publish.