Ep. 370
For years, self-hosting email meant stitching together a fragile patchwork of outdated tools - mail routing, storage, spam filtering, calendars, contacts - all running separately and barely cooperating. In this episode, we dive into Stalwart, a modern all-in-one mail and collaboration server that rethinks that entire model from the ground up.
Stalwart replaces the traditional maze of disconnected components with a single unified system, managed through one configuration and built in Rust, a language designed for memory safety. That architectural choice matters: it eliminates entire classes of vulnerabilities that have plagued legacy mail infrastructure for decades, making the server both more stable and dramatically harder to exploit.
We explore how Stalwart secures data at every level. Emails can be protected with OpenPGP or S/MIME encryption at rest, secure transport is maintained through automatically provisioned TLS certificates via ACME, and modern synchronization is handled through JMAP, a protocol that enables fast, real-time updates across devices without the constant polling overhead of older systems like IMAP.
The episode also examines Stalwart’s advanced security stack for the modern threat landscape. Built-in support for SPF, DKIM, and DMARC helps verify sender authenticity, while LLM-assisted spam filtering, collaborative digest systems like Pyzor, and defenses against homograph attacks help detect phishing and malicious messages before they ever reach the user.
Finally, we look at how Stalwart scales - from a small deployment using SQLite all the way to large enterprise environments backed by distributed databases like FoundationDB. The result is a platform that makes secure, sovereign, self-hosted communications far more practical than ever before.
If you’ve ever assumed that controlling your own email infrastructure had to mean complexity, fragility, and pain, this deep dive into Stalwart shows why that assumption may no longer hold.