I would like to send emails from server, but also made them unable to trace for me as server owner or attackers. I want this for GDPR but also to protect people from abusers.
Short info about service: I am provider of service as person, not company, emails will be tied to product (invites and service content) with 0 marketing, there will be rate limits preventing spamming, emails will be triggered only by real users, users wont be able to send just any email, but rather use specific templates, nonusers will be recieving emails too (invites).
Will it be enought to just store emails hashed and salted with one system wide salt value? My main concern are mostly nonusers as I cant have their consent before emailing them. So I could provide them way to block abuser or all emails from my server with just storing hashed and salted email and comparing every request to send email against it.
Another problem is, how can I prove, that some user gaved me consent to recieve past emails? Is stored hashed and salted value enough?
Do you know how other big services like Gmail, Mailgun, etc solved this?
Thank you very much for any help or suggestions