Re: Used to run my own mail server 6 or 7 years ago, but stopped
I am much more confident in Google's ability to repel attacks than I am in either my own or pretty much anyone commenting on this thread.
You confidence is misplaced.
The most likely form of attack from a security agency will be by some sort of legal disclosure notice. If Google gets one of those, you'll never know. If TPTB want to look into my mail - they'll need to send *me* the notice.
As far as attacks, have you never seen automated scans?
Yes, of course. And they get nowhere because they are rate-limited. Any scanner persistent enough to annoy me with the crap left in my logs gets firewalled to boot - and I DROP, rather than REJECT, further slowing down the attacker.
Besides, as a paying customer of Google's services, I have also explicitly given them permissions to access my data - I'm perfectly OK with that.
Good for you. I'm not.
The overall point I am trying to make is that, as someone who is hosting anything on the internet, you only have to make a mistake once to have a compromise - automated scans & exploits makes the odds far, far better for the attacker than for you.
No, you're incorrect. It's quite easy to set up a mail server, and the tools to probe it for poor configuration are easily obtained. As long as the admin checks his config before claiming it to be "finished", there's no real risk. That might be quite a significant proviso on some situations...