'Homebrew' email servers: Genius as well as sneaky?

March 6, 2015 byAnne Flaherty And Nancy Benac
In this Dec. 8, 2011, file photo, then-U.S. Secretary of State Hillary Rodham Clinton hands off her mobile phone after arriving to meet with Dutch Foreign Minister Uri Rosenthal at the Ministry of Foreign Affairs in The Hague, Netherlands. The personal email server used by Clinton during her time as secretary of state was probably about the size of your office desktop computer. Setting up your own email server is easier and cheaper than you might think. (AP Photo/J. Scott Applewhite, Pool/File)

No, it's not always a room filled with wires and glowing blue lights. It's probably not even the size of your furnace. The personal email server used by Hillary Rodham Clinton during her time as secretary of state was most likely about the size of your office desktop computer and could have been tucked quietly in a corner somewhere.

She's come a long way since 1997, when Clinton's staff bought the then-first lady a copy of the book "E-Mail for Dummies."

Setting up your own email server is something only the geekiest of tech geeks do because of the serious hassles involved, including spending every waking hour fending off spam. Like brewing your own beer, it's typically done just for fun—a way to challenge your smarts and fill the time. It also appeals to those who fear the government is sniffing around and could compel companies like Google or Yahoo to release customer data.

"It's not trivial to do it, but if you understand how all this works, you can certainly do it yourself," said Carole Fennelly, a New York City-area information security consultant who once operated her own mail server and has set them up for clients.

Setting up your own email server might only cost a few hundred dollars. A common and inexpensive solution might be to take an old computer running Windows; replace the guts of the machine with a free Linux operating system like Ubuntu; and install mail server software that lets you send and receive emails without the help of companies like Google or Yahoo.

Before you get any ideas, Fennelly and other tech experts say there are so many headaches involved with "homebrew" email servers that it's almost never worth it. The cable companies that provide most people their Internet connections don't like them and will often block them because they tend to spew out lots of spam. So you might have to buy a business-class connection or pay a hosting service. Also, servers can crash and power outages occur, requiring backup generators and constant maintenance.

"It's a huge, huge headache," said Christopher Soghoian of the American Civil Liberties Union.

Cables are connected to a server capable of handling an email server at the Washington bureau of The Associated Press on Thursday, March 5, 2015. It's not always a room filled with wires and glowing lights. It's probably not even the size of your furnace. The personal email server used by Hillary Rodham Clinton during her time as secretary of state was likely about the size of your office desktop computer and could have been tucked quietly in a corner somewhere. (AP Photo/Jon Elswick)

As the ACLU's principal technologist and a vocal opponent of government surveillance, Soghoian is exactly the type you'd expect to operate his own email server. But he says he's not comfortable with his technical ability to keep sophisticated hackers out and wonders what risks Clinton was taking. You could probably work around the clock to fend off spam and teenage hackers, he says. But what about the Chinese military?

"What may be a fun activity for a 20-year-old tech whiz is probably a bad idea for the secretary of state," Soghoian said.

So what's the point? In one word, control.

Think of computer servers a bit like post offices. Every time you send an email, that message is stored on a server physically located at a facility owned by Yahoo or Google, for example. That server connects with other networks on the Internet and sends a copy to the intended recipient. At work, your employer probably runs its own email server, storing and sending copies from a computer system maintained by tech support staff.

Either way, every time you write something online, a third party—Yahoo or Google or your employer—has a copy.

This is what makes what Clinton did both sneaky and, some might say, genius: Instead of setting up an email account with the government—for example, hillary.clinton@state.gov—she operated a computer email server on an Internet connection that has been traced back to her family's hometown in New York. (The email, hdr22@clintonemail.com, appears to be a nod to her middle name, Diane.)

No Yahoo employee with ambitions to become the next Edward Snowden could ever quietly search its server and leak her emails to the public. Google couldn't be compelled by congressional investigators to hand them over. If reporters were to ask the government for email records during Clinton's time as secretary of state, none would be found.

In other words, if you want a complete record of Clinton's electronic correspondence while she was helping to decide matters of war and peace, you'd have to knock on her door and ask politely. Or take her to court.

For Clinton, who is eyeing a presidential bid and is the wife of a former president, the hassle and expense of hiring consultants to manage the server might be worth it.

For the average Joe, however, not so much.

"When I saw that she had her own (server), I was like, 'Wow, that's a lot of hassle to go through,'" said Fennelly.

Explore further: Clinton ran own computer system for her official emails

Related Stories

Clinton ran own computer system for her official emails

March 3, 2015

The computer server that transmitted and received Hillary Rodham Clinton's emails—on a private account she used exclusively for official business when she was secretary of state—traced back to an Internet service registered ...

Clinton email policy violated Obama administration guidance

March 4, 2015

Even if Hillary Rodham Clinton's use of a private email server to conduct official business as secretary of state was not illegal, it violated Obama administration guidance and undermined his pledge of historic transparency.

Experts: Clinton email practices risked data disclosures

March 5, 2015

Hillary Rodham Clinton's use of a private email address and private computer server for official State Department business heightened security risks to her communications, such as the inadvertent disclosure of sensitive information ...

Recommended for you

Semimetals are high conductors

March 18, 2019

Researchers in China and at UC Davis have measured high conductivity in very thin layers of niobium arsenide, a type of material called a Weyl semimetal. The material has about three times the conductivity of copper at room ...

10 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

EarthlingX
3.8 / 5 (4) Mar 06, 2015
Setting up a personal mail server is not that horribly difficult as this article is trying to show. These days there there's also no requirement for physical machine with plenty of cheap virtual machines all over the Net, if one is not working in WH, that is.
Kudos to Mrs Clinton though for biting it, there's still so much computer-phobia in her generation.
Squirrel
5 / 5 (2) Mar 06, 2015
Probably means she will miss getting the office once held by her husband.
katesisco
5 / 5 (1) Mar 06, 2015
Glad that she eliminated what should never have been there in the first place. Kudos for privacy!
julianpenrod
1 / 5 (2) Mar 06, 2015
Take a lesson where it is offered.
The article posits that running your own server is a great deal of trouble, dealing, for example, with spam and viruses. Supposedly active with all the back room and clandestine dealings that are the real essence of politics; as much as a dictator as she has been shown to be; as criminally complicit as the Clintons are in so much, requiring particular care in keeping their business secret, a personal server would seem to be an incredibly dangerous venture. She could hire a large group of computer capable but craven quislings, but that doesn't seem to have happened.
The answer is plain. The "problems" that are listed for the "rank and file" do not exist for the rich and powerful! There are ways the hackers, also known as programmers, have built into the system to always leave the "rank and file" imperiled, but there are means to avoid that, too! Programmers give them only to the rich and corrupt.
cjn
1 / 5 (1) Mar 06, 2015
FTA:
In other words, if you want a complete record of Clinton's electronic correspondence while she was helping to decide matters of war and peace, you'd have to knock on her door and ask politely. Or take her to court.


This is only partially true. IF she was using her personal email for communications with other employees of the State department, then there would be a record of these emails on the Federal servers (because Federal employees are required to conduct Federal business through an official email exchanges -for professionalism, security, and accountability). If these records don't exist, then there is a much larger problem... one that should undermine the public faith.
antigoracle
3 / 5 (2) Mar 06, 2015
So, who amongst the morons, use your work email for personal private communications?
rp142
5 / 5 (2) Mar 06, 2015
Setting up an email server is a relatively simple exercise, with step by step guides available online that anyone could follow. There are also simple tools to deal with spam, although they will not stop every bit of spam.

I've had third parties host business email before that provided poor spam filtering and periodic downtime, sometimes for days at a time. At times our email would be blacklisted because of other clients of the hosting provider and that was very difficult to get around. Google has some pretty good spam filtering.

No all ISPs are against customers running their own servers. The ISP I use at home support customers running their own servers and offers free services to make it easier to do so by offloading some of the server tasks to them.

Running Internet accessible servers is a serious security risk if you are not prepared to but in the effort to learn how to keep them secure.
krundoloss
5 / 5 (1) Mar 08, 2015
Running your own email server is not a big deal. The concerns the article mentioned are as follows:
1. Security - in order for email to reach you, there has to be a public domain and mx recordds for that domain out on the web. That means that anyone, anywhere can find your ip address and attack your server easily.
2. Spam - not as big a deal, but spam can go direct into your server, unless there is some filtering in place. Even if your server is filtering the spam, it still wastes bandwidth doing so
3. Downtime - if the server goes down, email can get returned to senders
4. Maintaining - it must be kept up to date, kept from getting full, etc.
5. Strong firewall setup - any hole in your firewall would be a security risk, since your IP is public info

Thats why people just use other hosting services to eliminate all those headaches
Whydening Gyre
3.7 / 5 (3) Mar 08, 2015
If the Clintons were smart, they'd be incorporated. If they're incorporated, they are a business. If they are a business, it's a no brainer - Set up your own email server...
As citizens, they have the right to do this.
I'm not seeing what the problem is here...
howhot2
4 / 5 (4) Mar 08, 2015
I ran my own email server for years and frankly enjoyed all of the configuration options. Anybody speak sendmail? You know, it would be kind of fun to have an email server on a android and use dynamic_dns to keep track of it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.