I would like to send emails from a server, but also make them unable to trace for me as server owner or attackers. I want this for GDPR but also to protect people from abusers.
Short info about service: I am a provider of a service as a person, not a company. Emails will be tied to product (invites and service content) with 0 marketing, there will be rate limits preventing spamming, emails will be triggered only by real users, users won't be able to send just any email, but rather use specific templates, nonusers will be receiving emails too (invites).
Will it be enough to just store emails hashed and salted with one system-wide salt value? My main concern is mostly nonusers as I can't have their consent before emailing them. So I could provide them a way to block abusers or all emails from my server with just storing hashed and salted email and comparing every request to send email against it.
Another problem is, how can I prove that some user gave me consent to receive past emails? Is stored hashed and salted value enough?
Do you know how other big services like Gmail, Mailgun, etc solved this?