It's more secure, generally, than Google, or Microsoft, or Yahoo, if you know what you're doing, for all of not having the possibility of getting locked out of your own email for no discernible reason and with no real recourse, for not allowing intrusion through other mechanisms of their massive infrastructure, or for not allowing access to your email at rest. Also, many large cloud providers still have issues where one customer can masquerade as another. They don't learn.
Since there's no way to ever know with any certainty whether employees at any large provider is looking at your email (we already know they're scanning it), then you can never have any certainty at all about how private it is. If you set up an email server that uses SSL / TLS for SMTP delivery and reception, then you'll have logs showing whether email you sent or received communicated with the sender's / recipient's email server directly, using encryption, without anyone in the middle being able to intercept.
We can't control the fact that if the NSA really wanted, they could likely make a certificate for any domain that appears legitimate to our servers and do a MITM. Therefore, while I'd assert that my servers are much, much more secure than Google's, I'd never be so naive to say it's "NSA-proof" because of limitations of the Internet that don't necessarily apply to the NSA.
It's more secure, generally, than Google, or Microsoft, or Yahoo, if you know what you're doing, for all of not having the possibility of getting locked out of your own email for no discernible reason and with no real recourse, for not allowing intrusion through other mechanisms of their massive infrastructure, or for not allowing access to your email at rest. Also, many large cloud providers still have issues where one customer can masquerade as another. They don't learn.
Since there's no way to ever know with any certainty whether employees at any large provider is looking at your email (we already know they're scanning it), then you can never have any certainty at all about how private it is. If you set up an email server that uses SSL / TLS for SMTP delivery and reception, then you'll have logs showing whether email you sent or received communicated with the sender's / recipient's email server directly, using encryption, without anyone in the middle being able to intercept.
We can't control the fact that if the NSA really wanted, they could likely make a certificate for any domain that appears legitimate to our servers and do a MITM. Therefore, while I'd assert that my servers are much, much more secure than Google's, I'd never be so naive to say it's "NSA-proof" because of limitations of the Internet that don't necessarily apply to the NSA.