Frequently Asked Questions

DarkPipe is a complete self-hosted email infrastructure that separates internet-facing mail services (running on a VPS) from persistent mail storage (running on hardware you control at home). Mail arrives at the cloud relay, is immediately forwarded over an encrypted tunnel to your home device, and is never stored on the cloud.

Privacy: Gmail and Outlook read your mail for advertising and analysis. ProtonMail is better, but you're still trusting a third party.

Control: No service can lock you out, change terms, or read your mail.

Trade-off: DarkPipe requires technical skill to manage. If "docker compose up" sounds intimidating, stick with Gmail.

Those excellent projects run everything on a single VPS — meaning all your mail is stored on hardware you don't physically control. DarkPipe's key difference: Split architecture. The cloud relay is a pass-through gateway with no persistent storage. Your mail lives only on your home device.

Initially, yes — but this improves over time. New IP addresses have no sending reputation. IP warmup takes 4-6 weeks of gradually increasing send volume. DarkPipe automates SPF/DKIM/DMARC configuration, which are the technical prerequisites for good deliverability. Use mail-tester.com to check your score — aim for 9/10 or higher.

$4-7/month ongoing. VPS: $3-6/month. Domain: ~$1/month. Home hardware: varies ($0 if you already own it, ~$100 one-time for a Raspberry Pi kit). Electricity: ~$1/month. Competitive with ProtonMail Plus ($4/month) and Fastmail ($5/month) — but requires your time to manage.

Recommended: Hetzner (best price/performance, EU-based, SMTP-friendly), Vultr (port 25 after account verification), OVH (SMTP-friendly, good EU presence).

Avoid: DigitalOcean (blocks port 25, no exceptions), Google Cloud (blocks port 25), AWS EC2 (port 25 throttled).

Key requirement: Port 25 must be open for SMTP.

No — and this is intentional. DarkPipe's security model requires separating the cloud relay from mail storage. Running everything on one server defeats the privacy purpose. You must have a cloud relay on a VPS (for SMTP deliverability) and a home device on your hardware (for mail storage and privacy).

Minimum: Raspberry Pi 4 (4GB RAM recommended), 20GB SSD, Ethernet.

Also supported: Any x64/arm64 system with Docker or Podman, TrueNAS Scale, Unraid, Synology, Proxmox LXC, Mac Silicon. See the platform guides for your system.

Yes, fully supported. DarkPipe works with Podman 5.3+ and podman-compose using provided override files. Cloud relay requires rootful Podman (port 25 binding). Home device can run rootless for additional security. SELinux-compatible volume labels included. Run bash scripts/check-runtime.sh to validate your setup.

Stalwart (recommended for most): Modern, Rust-based, all-in-one with IMAP4rev2, JMAP, built-in CalDAV/CardDAV, and web admin UI.

Maddy: Minimal Go binary, suitable for 2GB RAM systems, requires Radicale for calendar/contacts.

Postfix + Dovecot: Battle-tested with decades of production use, maximum community support, requires Radicale.

Can't decide? Start with Stalwart.

Yes, but it requires migrating mail data. Re-run the setup wizard, migrate mail via IMAP or maildir export/import, update DNS (DKIM keys change). It's possible but not trivial — choose carefully at the start.

No. POP3 downloads mail to a single device and deletes from server. This is a security liability — if that device is lost, your mail is lost. IMAP is the modern standard (syncs across all devices). All DarkPipe mail servers support IMAP on port 993.

Transport is encrypted. At-rest depends on your setup.

Encrypted: Internet to relay (Let's Encrypt TLS), relay to home (WireGuard or mTLS), home to mail clients (IMAPS/SMTPS), offline queue (age encryption). All containers run with dropped capabilities and read-only filesystems.

Not encrypted by default: Mail storage on home device (enable full-disk encryption with LUKS or FileVault). For content encryption, use PGP/S/MIME in your mail client — DarkPipe doesn't prevent it.

An attacker can read mail in transit and decrypt the offline queue. An attacker cannot access stored mail on your home device or read historical mail. Mitigations: harden VPS (firewall, auto-updates, SSH keys only), monitor logs, use PGP/S/MIME for high-risk scenarios.

Mail queues encrypted (age encryption) on the cloud relay with a configurable timeout (default 7 days). S3-compatible overflow available for extended outages. Auto-drains when home device reconnects. Alternative: configure bounce-immediately behavior instead of queuing.

Stalwart: Web admin UI at port 8080.
Maddy: Edit setup-users.sh, run maddyctl creds create, restart.
Postfix+Dovecot: Edit vmailbox and users files, restart container.

All servers support aliases, multi-domain, and catch-all addresses.

Back up the mail data directory on your home device. Cloud relay has no mail to back up (by design). Methods: Docker volume backup with tar, ZFS/Btrfs snapshots, or rsync to external drive. Recommended: daily or weekly automated backups.

Pull new Docker images, update version tags in docker-compose.yml, restart services. Typically under 30 seconds of downtime. The setup wizard handles config migrations when needed — re-run with --migrate-config if prompted in release notes.

Use the darkpipe-setup migrate CLI wizard. Supports Gmail, Outlook, Yahoo, iCloud, Fastmail, ProtonMail, Zoho, and generic IMAP. OAuth2 device flow for Gmail/Outlook. Dry-run mode previews before executing. Migration time: 30 minutes to 24+ hours depending on mailbox size.