cross-posted from: beehaw.org/post/21500261
If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.
European email self hosters–
Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).
Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).
Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.
¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).
poVoq@slrpnk.net 8 hours ago
This is unlikely to work and I doubt data protection agencies will bother with taking up your complaint.
debanqued@beehaw.org 8 hours ago
Depends on how you define the goal. It’s not going to work like magic, all in one motion. Indeed you are right that the DPAs are not going to take action. The DPAs ignore most cases that get filed by individuals no matter how solid the law and evidence is.
After dealing with deadbeat DPAs, I’ve lowered my expectations quite a bit. The DPA cannot legally ignore the complain wholly. They must file it and acknowledge it. Then they will ignore it, sure. For me, it’s about getting the complaint on record. Then it gets reported in the stats and metrics in annual reports and the 4-year report that the EDPB prepares for the Commission.