Is this even legal? Hiding data deletion behind login (after email request)
I wanted to delete my old oppo id account, and to do that I'll need to login into it, but I don't know the password.
Password reset requires saying when the account was created (month and year) and "tech support" can't help here either.
Is it legal to block / hide account deletion behind login in European countries? GDPR (and polish RODO) both talk about a right to data deletion, which in this case, I believe, isn't respected.
That's just how it is. If you try hard enough everything can be spoofed. You can also try guessing someone's password and creation date of an account. This is not the issue here.
Email (on domains without DKIM and SPF at least) can be spoofed so easily, you could literally do it with on-board tools and a few lines of typing though. It is literally just sending an email that has your email address in the From header.
In terms of domains not really. Only the free-mailers use domains by one of those. The corporate users still need to set up their DNS properly for those technologies even if they use one of them as a mail hoster.
Why would OP contact OPPO using a corporate email?
It's extremely likely that they don't have their own domain since it's very uncommon for personal usage. Some absolutely do but they are in the minority.
Of course custom emails need to be set up properly, otherwise all mails would just go to spam.