this post was submitted on 07 Aug 2025
10 points (100.0% liked)

Self Hosted

105 readers
1 users here now

founded 7 months ago
MODERATORS
tfm
10
📧 Email self hosters can use the GDPR fight big mail hosters who block you (beehaw.org)
submitted 2 months ago* (last edited 2 months ago) by debanqued@beehaw.org to c/SelfHosted
4 comments fedilink hide all child comments
 

cross-posted from: https://beehaw.org/post/21500261

If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.

European email self hosters--

Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).

Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).

Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.

¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).

top 4 comments
sorted by: hot top controversial new old
[–] zamolxis@social.subl.im 2 points 2 months ago (1 children)

I used to host my own mail servers a long time ago, gave it up, went with a hosted version by a very small company, and began retesting self hosting email with mox in december for a few domains I can say that it works great.

Fighting for your rights.. with gdpr, yeah, I'm sometimes doing it, but the problem is, sometimes tcompanies fail to respond .. and if they take 30 days.. or longer to give a response you're really at a huge loss

Now, if you're trying to host it form residential ip address you will have problems namely Your IP will change resulting in issues with sending/receiving email It's maybe easier to just buy a $5 VPS and host it there, yeah, I know, most providers block those ports unless you've been active long enough.. but well this is an alternative

[–] debanqued@beehaw.org 1 points 2 months ago (1 children)

Fighting for your rights… with gdpr, yeah, I’m sometimes doing it, but the problem is, sometimes tcompanies fail to respond … and if they take 30 days… or longer to give a response you’re really at a huge loss

Not sure what you mean by being at a huge loss. Filing a GDPR complaint is gratis, by law. It’s indeed typical that data controllers ignore complaints. After 30 days of ignoring your request, you have a sound case for an art.77 complaint. The DPA will also likely do nothing, but you’re not at a loss for complaining. If the DPA decides to simply contact the data controller, they will dance. The case will still go nowhere, but the data controller will respond to the DPAs inquiry, if they make one.

[–] Tuuktuuk@sopuli.xyz 1 points 1 month ago (1 children)

It means that for more than 30 days, you'll be unable to send or receive emails that have to do with that email provider. Not being able to send emails can be a bit annoying, but not being able to receive them gets really problematic. Doesn't it mean that when someone is trying to send you an email, they'll just get a message telling that the message cannot be delivered because the address does not exist? That would mean people cannot reliably send you email.

And also, it means that you might need to wait a month to be able to reply to an email using your own address.

[–] debanqued@beehaw.org 1 points 5 days ago* (last edited 5 days ago)

It means that for more than 30 days, you’ll be unable to send or receive emails that have to do with that email provider.

I’m not sure how you arrive at that. Whether you file a GDPR Art.77 complaint is independent of how you ultimately decide to reach the other party.

This is not what I would do but this is what most activists would do:

  1. Use a residential dynamic IP address to attempt to send an email to a recipient whose data processor (email provider) is Microsoft.
  2. Keep the logs of the MS server refusing you.
  3. File an Art.77 GDPR complaint against MS.
  4. In parallel, use a different webmail account to email your correspondent. Ideally wait a week or two after filing the GDPR complaint.

The fact that your webmail provider can reach MS does not obviate your Art.77 complaint.

Personally, I have indeed quit sending email. When I need to reach an MS recipient, I use fax or snail mail and I do not give them an email address, thus forcing them to respond by snail mail. Most people will not elevate ethics above convenience like that, but to each his own.

but not being able to receive them gets really problematic.

That’s a separate matter and it depends on what email address you supply. You can attempt to send from your own server using any email address you want, even an @gmail.com address if that’s your thing. The email address you share with the other party need not be one that associates to your mail server.

I personally do not even share an email address with MS users, so those users can only reach me by postal mail. But of course this move requires a higher level of discipline on your part.