5 Things You Shouldn't Self-Host, Even If You Can

Key Takeaways

• Self-hosted email servers face deliverability issues because major providers flag residential and small VPS IPs as suspicious
• Payment processing requires PCI compliance that most individuals and small teams cannot maintain safely
• Some services have zero tolerance for downtime, making self-hosting a liability rather than an asset

The appeal of self-hosting is real

Self-hosting your own software stack comes with genuine benefits. You own your data. It never leaves your infrastructure. You pay nothing in recurring software costs. One experienced self-hoster reports saving up to $50 a month by running open-source apps on personal hardware.

But capability and wisdom are different things. Some services that look like perfect self-hosting candidates turn into weekend-eating maintenance nightmares. Others expose you to security risks that professionals spend careers managing. A few will simply make your life harder without any compensating benefit.

The line between "I can do this" and "I should do this" matters. Here are five categories where that line is clearest.

1. Email servers: deliverability is the problem you can't solve

Running your own email server sounds like freedom from Gmail's storage limits, Outlook's interface quirks, and the general unease of having a corporation read your messages. In 2026, the technical setup is easier than ever. The problem is that technical competence doesn't matter.

Google, Microsoft, and Yahoo are deeply suspicious of email coming from residential IPs or small VPS providers. You can configure SPF, DKIM, and DMARC records perfectly. Your messages will still land in spam folders. Recipients will see large warnings telling them not to trust you.

There's also the zero-downtime requirement. If your server goes offline during a delivery attempt and isn't configured correctly for retry queuing, messages vanish permanently. No bounce notification. No error message. Just gone.

Email is too critical for most people to accept that risk. The cost of a missed message from a client, a bank, or a family member far exceeds the cost of a paid email provider.

2. Payment processing: compliance isn't optional

Building your own payment system might seem like a way to avoid Stripe's fees or PayPal's account freezes. It's technically possible. It's also one of the fastest ways to create serious legal and financial liability.

PCI DSS compliance exists because payment card data is a high-value target. Meeting those requirements means maintaining specific network segmentation, encryption standards, access controls, and audit logs. Professional payment processors employ entire teams to handle this. They still get breached sometimes.

A self-hosted payment system puts you on the hook for every security incident. A breach means potential fines, legal action, and the reputational damage of having exposed customer financial data. The 2-3% fee that Stripe charges starts looking reasonable when you consider the alternative.

3. Services with zero tolerance for downtime

Some software can be offline for a day while you troubleshoot. Your personal wiki, your recipe database, your bookmarks manager. You'll be mildly annoyed. Nothing breaks.

Other services need to be available 24/7 or they stop providing value entirely. Home automation systems that control locks, alarms, or cameras. Communication tools your family depends on. Anything where "I'll fix it this weekend" means days of broken functionality.

The question isn't whether you can achieve high uptime. It's whether you want to be on call for your own infrastructure. Professional services have teams, redundancy, and monitoring. You have whatever time is left after work, sleep, and the rest of your life.

4. Complex backup systems for critical data

Self-hosting a backup solution sounds like the ultimate control over your data. No monthly fees. No trusting a third party. No worrying about a company shutting down and taking your archives with it.

The problem is that backups only matter when you need them. Testing restores is tedious. Monitoring backup jobs requires attention. Hardware fails at inconvenient times. The moment you actually need your backup is the worst possible time to discover it hasn't been working for six months.

For truly critical data, the cost of a proven backup service is insurance against the cost of loss. Self-hosting backups can work well as a secondary layer, but relying on it as your only protection is a risk that scales with how much you have to lose.

5. Security tools you can't keep updated

Self-hosting security tools like password managers or VPN servers can make sense if you have the skills and attention to maintain them. The danger is that security software requires constant updates. Vulnerabilities get discovered. Patches get released. The window between disclosure and exploitation shrinks every year.

A self-hosted password manager that misses a critical update becomes a single point of failure for every account it protects. A VPN server with an unpatched vulnerability might be worse than no VPN at all, because it creates a false sense of security.

If you're going to self-host security tools, you need automated updates, monitoring for new vulnerabilities, and a plan for rapid response. If that sounds like more work than you want, commercial options with professional security teams are worth the cost.

The self-hosting decision framework

Self-hosting works best when three conditions are met. First, the service can tolerate occasional downtime without serious consequences. Second, security failures affect only you, not customers or family members who didn't sign up for the risk. Third, you genuinely enjoy the maintenance work, or it's minimal enough to ignore.

Media servers, personal wikis, note-taking apps, RSS readers, recipe managers. These are good candidates. Email, payments, security infrastructure, and anything with high availability requirements. These are usually not.

• Can it be offline for a weekend without real consequences?
• If it gets compromised, who is affected besides you?
• Are you willing to be on call for this system?
• Do you have tested recovery procedures?

Honest answers to these questions will tell you whether a service belongs in your self-hosted stack or with a provider who specializes in keeping it running.

Frequently Asked Questions

Is self-hosting email really that difficult?

The technical setup is manageable. The deliverability problem is not. Major email providers treat small servers as suspicious by default, and there's no technical fix for their spam filtering decisions.

What are the best services to self-host?

Media servers like Jellyfin or Plex, note-taking apps, RSS readers, and personal wikis are excellent candidates. They tolerate downtime, don't involve sensitive data, and provide clear value over commercial alternatives.

How much can you save by self-hosting?

Experienced self-hosters report savings of $30-50 per month by replacing subscription services with open-source alternatives. The savings depend on which services you replace and the cost of hardware and electricity.

Can I self-host a VPN server safely?

Yes, but only if you commit to keeping it updated. VPN software with unpatched vulnerabilities is worse than no VPN because it creates false security. Automated updates and vulnerability monitoring are essential.

What happens if my self-hosted email server goes down?

If your server is offline during delivery and not configured for proper retry queuing, incoming messages can be lost permanently. There's no bounce message, no notification. The sender thinks it was delivered, and you never receive it.

Source: MakeUseOf