If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.
European email self hosters–
Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).
Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).
Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.
¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).
Out of morbid curiosity … how do you propose to enforce this and which stick will you be wielding to bring the message home?
I’m asking because at present there is very little evidence to suggest that the GDPR has made any substantial inroads on curtailing the bad behaviour by any of the billionaire enterprises currently chocking democracy to death whilst making obscene profits and paying absolutely no tax.
Indeed it may very well be in vain to file an article 77 complaint. I am saying you might as well do it, if you have the urge and the time. It is gratis. Technically the DPA must accept the complaint and file it. The reality is they will do that much but then the case will rot.
From there, I’m not sure it’s entirely useless. If you file an art.77 complaint against Google and it gets mothballed, then the DPA has another case against Google for another reason, perhaps they will add the art.22 reports into the mix.
I also think the reports are tracked for metrics and stats. By filing a complaint, you add to the overall stats which will add to the embarrassment of GDPR inaction by the DPAs who will look bad in the face of the EU eval every 4 yrs. Perhaps it would have the effect of increasing figures that prove the DPAs need more resources. If you don’t file a complaint, they don’t even know there is a problem. So it’s about getting light on a problem not necessarily going as far as to fix it.
Some folks are happy to take the art.78 route and directly sue. I heard a Brit say he does that. Costs him £50 or something which he does not get back, but for him it’s worth the satisfaction of getting a symbolic win.
