If you want to run mailcow on a VPS without providing identity documents or a phone number, you can—by choosing providers that accept anonymous payment methods, allow account creation with minimal personal data, and support a dedicated IP for mail delivery. Pick a VPS that explicitly permits anonymous signup or accepts cryptocurrency, confirm it offers a dedicated IP and PTR configuration, and be prepared to configure DNS (SPF, DKIM, DMARC) and a relay or VPS-to-home WireGuard setup for reliable deliverability.
You’ll weigh trade-offs between privacy and deliverability: many privacy-focused hosts avoid strict KYC but may limit port access, lack PTR setup, or have stricter anti-spam policies that affect outbound mail. This article VPS for Self-Hosting Mailcow Without Identity Verification or Phone Number shows how to evaluate providers, what technical configurations matter for mailcow, and how to reduce delivery issues while keeping registration minimal and private.
Evaluating Providers Offering Anonymous VPS Hosting
You need clear rules for identity checks, payment options, and uptime history before you deploy mailcow. Focus on specific verification steps, available crypto payment paths, and measurable reliability metrics.
Understanding Identity Verification Policies
Look for explicit statements about KYC and phone verification on the provider’s terms, billing, or signup FAQ pages. Some hosts advertise “no KYC” but still require an email and basic billing address; confirm whether they ask for government ID, selfie checks, or phone/SMS validation during account creation or at support escalation.
Check automated onboarding paths separately from manual review. A provider might allow anonymous signup for standard plans but trigger identity checks for high-CPU, high-bandwidth, or DDoS-protected tiers. Document the exact thresholds (RAM, CPU, transfer limits) that trigger reviews before you commit.
Prefer vendors that publish a clear acceptable-use policy and an appeals process for disputed suspensions. That reduces surprise account terminations, which are especially disruptive for mail servers. Keep screenshots or cached pages of the verification policy when you sign up.
Locating Services Accepting Crypto Payments
Target providers that accept on-chain Bitcoin (BTC) or stablecoins (USDT, USDC) without mandatory fiat fallback. Confirm whether they use custodial invoice gateways (which may require email) or let you pay directly to a wallet or via LN (Lightning). Direct wallet payments reduce metadata tied to your account.
Check invoice lifetimes, refund policies, and how receipts are generated. Some vendors link invoices to an account ID that can reveal your identity; others allow pay-as-you-go without attaching personal details. Also verify whether the provider supports recurring crypto subscriptions; recurring billing often requires linking a payment method or email that can weaken anonymity.
Read support threads and recent reviews specifically about crypto payments to spot delays or middlemen that force KYC. Test with a small plan first and keep records of the payment address, amount, and block confirmation for dispute resolution.
Assessing Reputation and Reliability
Prioritize providers with published uptime SLAs, historical status pages, and transparent incident reports. Uptime percentages, maintenance windows, and past outage durations matter for mail delivery and mailbox availability. Look for providers with at least 99.9% reported uptime and low mean time to recovery (MTTR).
Evaluate network quality: announced peering, IPv4/IPv6 availability, and whether PTR/rdns control is provided (essential for mailcow SMTP reputation). Confirm abuse handling procedures and how quickly they respond to false-positive abuse reports; slow or heavy-handed abuse teams can suspend mail servers.
Use third-party monitoring (UptimeRobot, Pingdom) and community feedback from forums or privacy-focused reviews to corroborate the provider’s claims. Prefer vendors with multi-year positive histories over newly launched “anonymous” offerings that lack verifiable track records.
Key Considerations When Self-Hosting mailcow
You need a static, properly routed IP and exact DNS records. You also must protect account data, encryption keys, and backups while meeting deliverability standards like SPF, DKIM, and PTR.
Networking Requirements and Dedicated IP Addresses
Run mailcow on a VPS with a dedicated IPv4 address; shared or NATed IPs will cause deliverability and reverse-DNS problems. Ensure your provider allows outbound SMTP (port 25) and doesn’t block common mail ports (25, 587, 465, 143, 993, 110, 995).
Set a correct PTR record that matches your primary MX hostname. Configure an A/AAAA record for the mail hostname, and add an MX record pointing to it.
Lock in these DNS entries: SPF (include only authorized senders), DKIM with mailcow’s generated keys, and DMARC with a reporting address you control. Test connectivity (telnet/openssl) to verify ports and TLS. Monitor IP reputation and consider warm-up if the IP is new.
Ensuring Privacy and Data Security
Encrypt mail at rest and in transit. Enable TLS for all SMTP and IMAP connections and use strong ciphers; enforce STARTTLS and consider MTA-STS to prevent downgrade attacks. Protect DKIM private keys—store them with restricted permissions and include them in your backup plan.
Harden the VPS: apply OS updates, limit SSH to key auth, run a host firewall allowing only required ports, and use Fail2Ban or similar to block brute-force attempts. Isolate mailcow containers on their own host or VLAN. Encrypt backups and rotate credentials periodically. Log access to the admin UI and audit changes to user accounts and DNS records.
Compliance With Email Communication Standards
Follow RFC-recommended practices to avoid being flagged as spam. Publish accurate SPF and a DKIM selector that matches signed headers; rotate keys when compromised. Use a valid PTR record and avoid dynamic or consumer ISP IP ranges that mail receivers routinely block.
Implement DMARC with a policy of none initially to collect reports, then move to quarantine or reject as your sending signals improve. Maintain clean sending lists, honor unsubscribe requests, and monitor bounce/complaint feedback loops where available. Keep timestamps, MIME formatting, and reverse DNS consistent to satisfy major providers’ automated filters.
