You can run Mailcow on a VPS without providing ID or a phone number, but you must choose providers that explicitly offer anonymous or no‑KYC VPS plans and prepare to handle DNS, IP reputation, and email authentication yourself. Pick a no‑KYC VPS with a dedicated IP, stable IPv4, and clear policies on port 25 and SMTP to avoid delivery and blacklisting issues.
You’ll learn what to check in provider terms, which technical settings matter for Mailcow (DKIM, SPF, DMARC, PTR), and how to balance privacy with deliverability and long‑term reliability. This post VPS for Self-Hosting Mailcow Without Identity Verification or Phone Number walks through selecting an anonymous VPS, hardening your instance, and configuring Mailcow so your mail keeps moving without exposing unnecessary identity details.
Key Considerations for Anonymous VPS Providers
Choose a provider that minimizes personal data, accepts privacy-preserving payments, and hosts servers in jurisdictions with strong privacy or limited surveillance reach. Focus on concrete policies, technical controls, and legal exposure for the physical location of the hardware.
Evaluating Registration Requirements
Check whether the provider requires email, phone, postal address, or ID at signup. Some providers accept throwaway emails and don’t require phone verification; others insist on KYC for higher-tier plans. Read the Acceptable Use Policy and Terms of Service for triggers that force identity checks (payment disputes, abuse reports, or credit-card processing flags).
Look for explicit statements about data retention and logging. Prefer providers that document minimal logs, retain only what’s needed for billing, and offer account deletion that truly removes personal metadata. Also verify support channels—if they require identity to open tickets, that undermines anonymity.
Payment Methods That Protect Privacy
Prioritize providers that accept cryptocurrencies (BTC, LTC, USDT, or privacy coins like XMR) and avoid merchant services that convert crypto into fiat immediately using KYCed intermediaries. Prepaid anonymous vouchers or gift cards can work for small monthly fees; ensure the provider documents voucher redemption without demanding identity.
Understand transaction visibility: on-chain crypto payments leave a ledger trail unless you use coin-mixing or privacy coins. If you use Bitcoin, prefer providers that allow invoice addresses or Lightning payments to reduce linkability. Always check refund and dispute procedures—these often require identity verification and can nullify anonymity if invoked.
Assessing Server Location and Jurisdiction
Server country determines legal exposure: some jurisdictions have mandatory data retention, gag orders, or broad surveillance powers. Choose locations with limited applicable data retention laws and a track record of pushing back on extraterritorial requests. Offshore providers in privacy-friendly jurisdictions may lower legal risk but verify physical ownership and company registration to confirm protections.
Consider the network route and peering as well. A VPS physically in a privacy-friendly country can still transit through monitoring-heavy networks. Ask providers about carrier relationships, IXPs used, and whether they offer private VLANs or dedicated IPs to reduce cross-tenant risk.
Selecting and Configuring VPS for mailcow Deployment
Choose a VPS with a dedicated IPv4, reliable upstream, and at least 2 CPU cores, 4 GB RAM, and 40 GB SSD to run mailcow smoothly. Configure DNS control and SSH access before deployment so you can set PTR, SPF, DKIM, and manage ports without provider intervention.
Setting Up mailcow Securely
Install mailcow on a clean Ubuntu or Debian LTS instance and keep the host kernel and Docker packages updated. Use a non-root user for installation and run Docker Compose under that account; restrict SSH to key-based logins and change the default SSH port if your provider allows it.
Expose only necessary ports: 80/443 for webmail and admin, 25 for SMTP (if allowed), 587 for submission, and 993 for IMAP. Put fail2ban or equivalent on the host to block repeated login attempts. Enable automatic certificate provisioning (Let’s Encrypt) via mailcow’s configuration to avoid expired TLS.
Use strong, unique passwords for the mailcow admin and mailboxes, and enable two-factor authentication for the admin UI if available. Back up /opt/mailcow-dockerized/data and the generated configuration files regularly; test restores in a disposable VM.
Mail Deliverability Challenges and Solutions
Expect delivering mail from small VPS providers or IPs without history to trigger spam filters. Prevent this by setting DNS records precisely: a PTR record matching your mail hostname, SPF that authorizes your IP, DKIM keys generated by mailcow and published in DNS, and a DMARC policy aligned to your domain.
Monitor IP reputation and the SMTP logs (postfix) for bounce and rejection patterns. If initial deliveries fail, warm the IP by sending low-volume, legitimate mail over weeks and use confirmed opt-in lists only. Consider using a reputable outbound relay (smart host) temporarily if your VPS provider’s IP is on blacklists; configure it in mailcow’s relay settings.
Publish consistent HELO/EHLO that matches your PTR and TLS certificate. Automate DKIM key rotation and keep your MTA’s SPF/DKIM/DMARC records in sync after any hostname or IP changes to maintain deliverability.