I have my own domain since when I was about 15 years old and used that for a while on a digital ocean droplets. It's incredibly easy to set-up.
The only issue I had was that other people were not getting my mail and I sometimes it was not even reaching their spam folders. Probably because Google/Microsoft were blocking that IP range of Digital Oceans.
Nowadays I just pay for a personal Gsuite license and use Google Infrastructure.
Much simpler that way and I'm almost guaranteed that my mail will reach the recipients. You only need to set-up your DMARC / SPF records and point your MX records to the ones that Google provides.
We've been running a small mail host for ~10 years (less than 100 accounts, but outgoing monthly newsletter to a few thousand addresses) ... we had basically zero problem with delivering to Gmail. Their spam filter, while strict and applies throttling (and a bit of greylisting) is completely livable, compared to the balls-to-the-wall insane Outlook/Microsoft "protection" ( https://news.ycombinator.com/item?id=28982434 )
If you put an address or domain in the safesenders list; they do literally nothing. Like you can just totally spoof the domain entirely.
However if you use transport rules as per their rec, there’s all sorts of stuff that will still get flagged, and you have to to reference ATP, anti-phishing, anti-spam policies. Much of which aren’t even in the Exchange admin panel, rather they are in “security” and buried in hamburger menus galore.
And what’s best. They don’t even have any documentation for how these modules interact or what order mail is processed in. I had a case open for months thst finally got escalated to someone that was able to explain the issues we had with specific list serves/domains getting flagged.
In the end my only option was to whitelist emails classes as phishing and route them to junk rather than keeping them in quarantine. Even though it was a 99% accuracy rate sans this single domain.
The guy was really only able to commiserate with me. We are but a number and not a big enough one to get Ms to change a thing. Their best recommendation was to deploy an edge device like proofpoint/proofpoint hosted and just handle it from there.
I get what they want to do. They are trying to make the crazy email RFCs easy for devops guys thst don’t give a damn about how e-mail works. But it’s still hard to keep up with as they constantly just move stuff around and change their own standards on a near monthly basis.
Well....that's how I found out about it when I took on my current role. We had pretty solid phishing attempt slip through. I was able to spin up a VPS as test it on mine and some other known tenants as well (with their permission). And since o365 uses a predictable name for their SMTP receivers for a tenant (domain-com-net-whatever.mail.protection.outlook.com)its easy to kind of....select targets and test it out.
So even if its not listed on the domains MX record but you can suss out they are an office365 tenant receiving mail, you may be able to relay off it and spoof to high heavens (especially if the edge device reccomends you....ahem...whitelist your own domain and not use transport rules). In fact especially if you can do this.
For example i think MS forced proofpoint to change their config recommendations as an outcome.[1]
from the page on [1]:
"Due to major complaints, Proofpoint has opted to change change to the format of ensuring Proofpoint mail is not scored via the O365 system. This rule will allow external email to come in still, but will follow O365 scoring. This is to ensure no mail is lost."
I've been running my own (and other) email servers for over 25 years. About four years ago I switched mine over from sendmail (with a bunch of add-ons like spamd/spamassassin, rbl, etc.) to mailinabox. Mailinabox is full-featured, secure, and reliable. It doesn't take anywhere near the level of effort required to maintain vs. other solutions.
Microsoft has blacklists the entirety of Digital Ocean and won't whitelist any IPs, even if it's a legit mail server. If I didn't know better, I would say that's anticompetitive behavior.
If true, that is probably the last excuse I needed to migrate my own email server off Digital Ocean to another provider. Oh well, it's been a very good run, DO.
I have my own domain since when I was about 15 years old and used that for a while on a digital ocean droplets. It's incredibly easy to set-up.
The only issue I had was that other people were not getting my mail and I sometimes it was not even reaching their spam folders. Probably because Google/Microsoft were blocking that IP range of Digital Oceans.
Nowadays I just pay for a personal Gsuite license and use Google Infrastructure.
Much simpler that way and I'm almost guaranteed that my mail will reach the recipients. You only need to set-up your DMARC / SPF records and point your MX records to the ones that Google provides.