Helm is not the Email Provider You Want

Update: 2022-12-27
Helm has shut down citing covid supply chain issues and to their credit have released a tool to convert a Helm box to armbian on github. They have also provided instructions on how to create a vpn bridge to enable mail sending.

Helm is a new software as a service provider touted by tech publications such as Ars, Verge, Mashable, and GeekWire that sells you a box to install in your home that can be configured to allow you to self host email, calendar, a VPN endpoint, and file hosting among other services. It costs USD $400 for the hardware plus a recurring yearly USD $100 subscription fee. Helm does not publicly provide the source code or binaries that are run on the box. The only way to get insight into what is run on the box is to look at their open source attributions. Among the attributions includes free email hosting software employed both by small entities (such as HighGuard) and large multinational organizations. The attributions include Postfix, Dovecot, SpamAssassin, openVPN, openSSH, rsync, Duplicity, and even wpa-supplicant. It seems that they use very little home grown software, which is both a good thing and a bad thing.

The good:

The open source software they use is well maintained, well secured, and well known. When Dovecot was tested by Cure53 in 2017 it was graded “near impenetrable”. All of the other open source software I mentioned previously is also known for its well secured status. This package offered automatically configures everything you need for a variety of services without the end user needing to know anything about configuring any of those services.

The bad:

It is dubious whether or not an owner could actually send email from this device because virtually all internet service providers in the United States block the required port 25 that is necessary to send email outbound. They do this because decades ago before the decision to block was made, malware would use home computers to send inordinate amounts of spam email. The block is generally considered a good move, even if it restricts a home user from running their own email from home.

All of the base software is free. The operating system is GNU + Linux, which is free. The service costs $400 plus $100 yearly for free software when yet with very little knowledge you could set your own (better) server running all of the same software for as low as ten dollars per month. With a Digital Ocean virtual private server, barely any knowledge about Linux or email servers, and Modoboa you can have a secure running email service that includes support for a web based email client (something Helm does not offer) and shared calendars. A simple script automatically configures a VPN endpoint on the server for you to use. By following the easy to understand OwnCloud or NextCloud installation instructions you can have a working self hosted DropBox alternative for hosting and sharing files in your own personal cloud. You can even host your own websites from the server for free using software like WordPress or Joomla.

The takeaway:

Helm’s website includes a lot of marketing material that talks about the importance of reclaiming one’s own privacy and maintaining security. I agree wholeheartedly with these views but do not believe that purchasing a Helm home server is the way to go. The actual cost to value ratio of the features provided is much lower than purchasing your own virtual private server hosted in a data center and self hosting all of your content and services. Helm does not provide the same level of control that you would get from owning your own server, as they still control how you use the box and what exactly is installed on it.