How do MBPs cooperate with law enforcement?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

If a law enforcement agency ever contacts you about your email activity, it can feel alarming even when you've done nothing wrong. So it helps to understand how mailbox providers actually handle these situations.

MBPs cooperate with law enforcement on criminal investigations involving email. That means phishing operations, fraud schemes, child exploitation, terrorism-related communications, and similar serious crimes. They don't act on vague complaints. They respond to formal legal processes like subpoenas, court orders, and search warrants. An abuse report from a competitor or an angry subscriber doesn't trigger this pathway.

In the US, providers follow the Electronic Communications Privacy Act (ECPA), which sets out what government agencies must provide before an MBP hands over user data or message content. European providers have to balance those requests against GDPR protections, which often require stricter scrutiny before complying. Some countries also have data localization laws that affect what providers can share and with whom.

For most legitimate senders, this process stays completely invisible. You'll never know it exists. The situations where it becomes relevant to you are narrow but worth knowing about.

If someone falsely claims your emails are part of a fraud or phishing scheme, law enforcement would typically contact your ESP or the MBP receiving your emails, not you directly at first. Your ESP's legal team handles formal requests. You'd usually only get involved if authorities determine further investigation requires contact with you specifically. At that point, the standard advice is simple: respond promptly, be transparent, and involve a lawyer if the scope is unclear.

The practical takeaway for legitimate senders is this. Maintaining clean sending practices means there's very little investigative surface area attached to your domain. Proper authentication (SPF, DKIM, DMARC), honest subject lines, and visible unsubscribe options aren't just deliverability best practices. They're also what distinguishes your emails from the patterns law enforcement is actually looking for.

If you're worried your domain has been spoofed or used without your knowledge in a phishing campaign (which is more common than most senders realize), that's worth investigating. A quick check of your postmaster tools and DMARC reports can tell you if someone is sending email that pretends to be from your domain. If they are, report it. You become the victim, not the suspect.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Paste your sending setup details (domain, ESP, monthly volume, use case) and get a ranked risk and readiness checklist.

I'm a legitimate email sender and I want to understand what happens if my domain or sending activity gets caught up in a law enforcement inquiry (even wrongly). Based on my situation below, help me figure out what my risk exposure looks like, what records I should be keeping, and what steps I'd take if I were contacted. Please give me a ranked list of: (1) things I should already have in place, (2) things to check now, and (3) things to do if I'm contacted unexpectedly.

Edit the yellow boxes, then send to the AI of your choice.