securitytxt.org VS Mailcow

You might consider setting up security.txt notifications, per RFC 9116, to funnel people into the right notification paths. Otherwise, they might try spamming random emails they find or can guess at. I've had external researchers contact our CTO and CEO directly, creating a new problem for me.

Check if they have a security.txt, if they do not, check their /security. If both come up empty, use any contact form that they have available.

In addition to the Bug bounty programs already posted in the comments, I'd suggest you create a security.txt with a dedicated security contact.

Does the website have a responsible disclosure page or a security.txt?

there's technically https://securitytxt.org as well; but sadly it's not in super duper wide deployment (some big places have it, though!)

Especially in the area you guys are operating in, I think it would be great if you could implement RFC 9116 (https://securitytxt.org/). If someone finds a vulnerability on your website, the client or even the SPN, this would make communication or a responsible disclosure process much easier. Furthermore, it would be great if the possibility for secure communication with your staff (e.g. using GPG) would be possible.

When do companies finally start adopting the `security.txt` proposal (see https://securitytxt.org).

Would have made a big difference!

I've been running mailcow [1] on a Hetzner cloud server for a few years and am pretty happy with it.

[1] https://mailcow.email

I have been searching for a self-hosted suite similar to Google Worksuite. I found the following: 1. Mailcow - https://mailcow.email/

Yes, I switched to mailcow (https://mailcow.email) and installed Roundcube via the excellent tutorial (https://docs.mailcow.email/third_party/roundcube/third_party-roundcube).

I've heard good things about mailcow

https://mailcow.email/

You can self host email if you really want to, but it's really more trouble than it's worth. If you do self host, you have to worry about the consequences of missed emails if your server or Internet ever goes down, and you'll have to use someone else's SMTP server if you don't want your emails to go directly to spam. The cheapest good SMTP server is Amazon SES, which I believe is $0.10 per 10k emails. I've been looking into mailcow for self hosting an email server and it seems the best way to go.

However, https://mailcow.email/ is the ONLY exclusion I make for that. As it's an all in one docker managed solution. Where the only things you have to worry about is the reputation of your mailing IP.

But its probably easier to use a dockerized container with all the mail stuff integrated and pre-setup like: https://mailcow.email/

If you're looking for a full solution that I haven't tried (due to resources) try: MailCow. Good luck.