Tagged with: [ crypto ] [ email ] [ bitmaelum ]
What if you can design an email system with a clean sheet. You don’t need to care about existing email clients or servers or anything at all. Even the concept of an email address can be touched. What would such a system look like? This is my attempt,..
Attempted by many, failed by even more
I know. Here’s some random guy trying to change the way that the whole world uses to communicate. Let’s be realistic: there is no way email gets replaced because it works well for companies and works well for anybody else too. Sure, we have to give up privacy in most cases, but we get back a relatively spam-free inbox at Google or any of the (handful) providers currently left hosting email.
But email has evolved on top of a system that wasn’t designed for today’s problems. We solved this by adding layers on top of layers to make sure everybody plays nicely, and still, it doesn’t work as well as it should be. No wonder that nobody wants to host their email anymore (I do, by the way), because even if you configure your mail server, DKIM, SPF, DMarc and other things correctly, it’s all still a crapshoot.
What happens if Google gets into a grumpy mood and decides your Gmail gets blocked, frozen, or deleted? Can you cope with the fact that nobody can reach you, or you can’t reach your account? Don’t like Google anymore? Well, good luck setting up a new account somewhere else and making sure all your accounts on the internet use that address.
We try to solve many problems, and lots of right solutions exist. But all rely on the fact that we use the same underlying infrastructure as designed in the ’80s.
So let’s rm-rf everything and try again. Will it work? Probably not. There are so many things I didn’t think about, and oh boy, don’t get me started on crypto.
But it’s a fun pet-project to play with: design a system that should theoretically run on a massive scale in a decentralized way. How can we achieve a system that is secure and respects privacy when we know for a fact that there are hostile systems out there. How do we make sure sending spam is not economical anymore, yet we still allow for legitimate email listings (how do we even define “legitimate”?).
So, my version of the story is called BitMaelum. I’ve tried to think of the (many) problems current email systems currently face and try to come up with a system that solves many of those problems without introducing (too many) others.
Among other things, it tries to solve the following problems:
Get rid of domain names. We only need them for routing and namespacing. Instead, have names/handles that are generic and can be suffixed with an organization if you want. But nobody should care that your grandma hosts her email at gmail.com.
Pick-up your account and go. You’re not bound to a single email server or domain anymore. Don’t like it, move to somebody else (or start your own) mail server. Your address stays the same.
A guarantee that the sender was A) the real sender, and B) the message hasn’t been tampered with.
End to end encryption. There is no way for mail servers or any organization snooping in between to read your email. Even metadata is encrypted. The only thing visible for mail servers is routing info (which is hashed as well, so, by default, we don’t even know to where we send a message to). Only the receiver can read the message locally. Not even the hosting mail server can read the message.
Mail servers can ask for proof-of-work before accepting mails. We can leverage this system to ask for more work for large spam runs economically infeasible.
A user and only the user can be added to a mailing-list. Not on the mailing-list: you need proof-of-work. Sending a 24.000 user mailing list might take 24 hours that way, or even longer, while legitimate enlisted users get their messages directly.
It should take more time and computational effort to send 1000 spam mails than to send 1.000.000 legitimate emails.
Want to subscribe? You are in charge, and it doesn’t take 5 to 7 business days to process your subscription. When unsubscribed, the mail server either refuses the email, or asks proof-of-work.
1 2 3, Go
I dabble a bit in Go. Not fulltime, unfortunately, but enough to create tooling and small apps. I decided to write this system in Go because we could get one single binary to run your mail server. Also, cross-compilation to other platforms should be easy enough.
So many problems, so little time
So there are many things to think about. How do we deal with organizations? How to deal with search? Can we search your email on a mobile device, or should we download the message first (server-search?). What if we lose our key (there is no “forgot password” option).
Anyway, there is a lot to figure out, and currently, I’m trying to put my ideas on paper (wiki) and write proof-of-concept code. It’s messy, and it’s ugly, it’s hard, it will never work, but I love it!
You can find the experimental code on github: https://github.com/bitmaelum
Oh.. and if you have a BitMaelum server running, do send me a message on