Re: Used to run my own mail server 6 or 7 years ago, but stopped
I am much more confident in Google's ability to repel attacks than I am in either my own or pretty much anyone commenting on this thread. It's not an opinion, it's been proven out time & time again, from Chinese dissidents to the CEO of CloudFlare or even Lavamail.
As far as Google accessing all my (or your) data - they are already doing so. Pretty much every ad served in every website is driven by Google's backends. Even using ad blockers doesn't really stop tracking unless you are blocking them at the firewall (even then, it's still YOUR firewall...) or you never use a web browser. You may be under the illusion that by using all these blockers you are anonymous, but that's just not the case (c.f. browser fingerprinting).
Besides, as a paying customer of Google's services, I have also explicitly given them permissions to access my data - I'm perfectly OK with that.
As far as attacks, have you never seen automated scans? Because I see thousands of them every day just on my home connection. Zero-day attacks are NOT about specific targeting, they are about automated attacks where the vulnerability is unknown. As soon as you setup a server on the interwebs, is is vulnerable, it will be scanned within the first 5-10 minutes and this will only increase from then on.
Finally, it's not just bugs in the 'mail software' (which is a pretty broad term for some spectacularly crappy software....), but the entire stack, from the hardware all the way to crypto libs. And given that a lot of comments describe webmail setups, it also includes all the HTTP/application vulnerabilities (and probably database ones as well).
The overall point I am trying to make is that, as someone who is hosting anything on the internet, you only have to make a mistake once to have a compromise - automated scans & exploits makes the odds far, far better for the attacker than for you. Personally, it's not really something I want to clean up (BTDT, it was unpleasant).
But, hey, it's your risk, not mine - given the amount of downvotes on my original post, there are clearly a lot of people willing to take that risk.... Good luck to them.
Biting the hand that feeds IT
