Skip to main content
Question

Postfix SMTP server attack from your IPs

  • April 16, 2026
  • 2 replies
  • 53 views
S

Dear Censys Support,

Thank you for your response.

I am fully aware of what Censys does. That is precisely the issue.

Your opt-out model is not compliant with GDPR. Under Article 6 of Regulation (EU) 2016/679, any processing of data — including the active probing of private infrastructure — requires a valid legal basis. "Legitimate interest" (Article 6.1.f) is explicitly conditional: it cannot override the rights and interests of the data subject when those are clearly asserted. I am asserting them now, in writing, for the second time.

To be unambiguous:
- I did not opt in to your scanning program.
- I am not required to opt out of something I never consented to.
- The burden of compliance is yours, not mine.

I also note that my server logs show repeated connection attempts from multiple Censys-operated IP ranges over an extended period (July–August 2025, and again April 2026). This is documented and timestamped.

I expect the following within 5 business days:
1. Permanent cessation of all scanning targeting my infrastructure.
2. Deletion of any data collected from my systems, with written confirmation.
3. Identification of the legal basis under which my infrastructure was scanned without prior consent.

Should I not receive a satisfactory response, I will file a formal complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) and escalate to ANSSI. I will also share this correspondence publicly as a documented case study on GDPR non-compliance in the security scanning industry — a topic of considerable interest to the professional community.

This is not a threat. It is a factual description of my next steps.

Regards,

Mike

2 replies

MattK_Censys
Forum|alt.badge.img+2
  • MattK_Censys
  • Censys Community Manager
  • April 17, 2026

Hey Mike, please review our Privacy Policy and submit your request to:

  • EU: DP-Dock GmbH, Attn: Censys, Inc., Ballindamm 39, 20095 Hamburg, Germany
  • UK: DP Data Protection Services UK Ltd., Attn: Censys, Inc., 16 Great Queen Street, Covent Garden,
    London, WC2B 5AH, United Kingdom
  • www.dp-dock.com
  • censys@gdpr-rep.com

Thanks.
 

S

Done :

 

Dear DP-Dock GmbH / Censys GDPR Representative,

This communication constitutes a formal request under the General Data Protection Regulation (EU) 2016/679, submitted in accordance with the referral provided by Censys Support on 19/04/2026.

---

I. FORMAL OBJECTION – Article 21 GDPR

I hereby formally object to the processing of data related to my infrastructure (SMTP server, IP address, associated metadata) by Censys, Inc., on the grounds that no legitimate interest justifies such processing against my explicitly and repeatedly stated objection.

Under Article 21(1), once a data subject objects, the controller must cease processing unless it can demonstrate compelling legitimate grounds that override the interests of the data subject. I invite Censys to demonstrate such grounds in writing.

---

II. REQUEST FOR ERASURE – Article 17 GDPR

I formally request the deletion of all data collected by Censys, Inc. relating to:
- My SMTP server and associated IP address(es)
- Any scan results, metadata, banners, or fingerprints derived from probing my infrastructure

This request is grounded in Art. 17(1)(c): data must be erased when the data subject objects under Article 21 and there are no overriding legitimate grounds for processing.

---

III. TIMELINE & ESCALATION

Under Article 12(3) GDPR, you are required to respond within one calendar month. I am formally marking today's date as the start of that period.

Should I not receive a substantive response within 30 days, I will file a formal complaint with:
- CNIL (France) – my country of residence
- The Hamburg DPA (Hamburgische Beauftragte für Datenschutz und Informationsfreiheit), given the registered address of your EU representative

I also reserve the right to document this case publicly as a reference example of GDPR compliance failures within the internet scanning industry.

---

Supporting Evidence – Attached & Referenced

The following documents and public records are provided in support of this request:

Terms & ConditionsAccessibility statement
Censys logo

censys.com | Documentation | Censys Platform | Censys ASM | Contact Us