My current side-project involves a RaspberryPi (sitting in my loungeroom on my home ADSL connection), iRedMail, full disk encryption, a handful of inexpensive VPS providers with APIs that allow automated provisioning (DigitalOcean, NineFold, and Hetzner – to spread out the jurisdictions) – with the RasPi opening a reverse SSH tunnel for ports 25 and 465. Add in a DNS provider with a useable API so the 'Pi can spin up and shut down VPSes itself and update MX records to suit, and VPS images configured to not log anything mail-related, and I think I've gone as far as I can to secure my end of all my email. Having physical control of the hardware/storage that my email relies on won't protect me against NSA level targeted-at-me snooping, or even local law enforcement with sufficient "probable cause" to get a judge to sign a search warrant, but at least I'll _know_ if someone grabs my server hardware. (Hmmm, I wonder if there's some NSL-type coercion that could be used against my partner to force her to let someone take/image my 'Pi while I'm not home, and not be allowed to tell me?)

Possible over-paranoid ideas include refusing port 25 smtp connections that wont negotiate a secured connection in response to a STARTLLS command, and possibly blacklisting mail originating from any of the 8 known PRISM collaborators. I like the _idea_ of ensuring none of my mail arrives from known-intercepted sources, but reality dictates otherwise since way too many of the people I really do want to communicate with are exclusively using gmail/yahoo for email (or worse still, have migrated largely to Facebook messaging instead of email).