Just come across this. Haven’t dug too deep but sounds like an interesting opportunity. I think it can only succeed if it is fully compliant with current systems. Seems to only be mobile clients. No desktop? Are big tech going to permit this to grow? It would shut down a data mining opportunity …
Looks cute - internally it sounds like XMPP rosters if we imagine all mail messages/attachments are pulled too.
Some issues at a glance
- no display names is a good thing - but then “name is retrieved from their public profile” does not sound very good
- ascii for local usernames will probably annoy a lot of people, maybe we should just remove the letters and just issue people numbers (i’m not being sarcastic)
- disallowing IP addresses in the remote part by definition sounds unnecessary
I think there are some gaps on the notification side of things - the agent not being able to verify them (and maybe dropping) or conversely accepting notifications that it should not.
What really puts me off here is the unnecessary use of HTTP .e.g discovery moves from DNS to well known file (webfinger?). Not sure what the benefit is, but ok. And the use of a novel authentication scheme makes me nervous.
It was a nice read and I agree with the point that making this pull based helps. But I wish it did not try to invent so much in one go
With Mail/HTTPS, self-hosting email is as simple as running a website.
That sounds amazing!
I’m all for software that greatens our ability to selfhost. I’ve heard it’s very hard to host email. If open email delivers on this, it might just have what it takes to survive.
Its not difficult to self host email. Ispconfig will do all the work for you locally, then you just need to set up your DNS records. The difficult part is staying on top of patching and block lists.
Ok that makes it so much better for me.
I’ll say this much, the sign up was super easy. Only need your name and a hook to create an account.
Was about to try it but then it won’t open without Google play services, I use aurora store.
email fans are like:
Email is an open protocol and therefore we dont need this.
Openness doesn’t mean flawless. Openness doesn’t mean it is good. The protocol of BlueSky is open, but gives only the mighty the ability to take ownership.
I don’t know why they think email is good enough, it must be something irrational.
…
Email is distributed.
It is certainly not distributed. Today it is a mix of oligopoly and decentralized. If it was distributed, it would be as easy to host an email service as it is to own a phone. Entirely possible, but not the reality of today.
Tuta wasn’t able to succeed and therefore this is not going to succeed.
Just because somebody has failed before, doesn’t mean it can’t be done.
They are targeting the tinfoil hat people.
…
People don’t care.
If you say this, then you are out of the discussion. Let adults speak instead.
A comment section full of strawmen.
If you are going to criticize this project, you need to criticize how they present their ideas. Perhaps you disagree how they portray email. Then you can say something like, “it is not an issue that a few corporation host most of the emails of the world.” You can say “A significant amount of funding comes from xxx and this compromizes their integrity.” You could say “Open email sais that their protocol is private, but why do they not implement superduper encryption”.
It doesn’t sound like anything except trying to sell something to tin foil hat people.
SMTP is still an open protocol, the ONLY reason you’re able to email other servers is because it’s an open protocol.
Here’s the RFC for it.
Here’s the one for SPF and here’s everyone’s favourite “I don’t understand it, so I won’t implement it, dammit why is Gmail blocking me? This is all big techs fault!”
“oh but what about the weird protocols Microsoft uses for Outlook! They’re not proper protocols!” You mean MAPI(RPC\HTTP) and ActiveSync? Well, RPC was built because the idea of a client constantly hitting an IMAP or POP, CalDEV and CardDAV in 1990 seemed like a poor use of resources. ActiveSync is about pushing email to devices with very low resources which don’t have the power to constantly be polling a sever. Neither of these protocols affect SMTP, they are client protocols which were not thought about during the 70s and 80s when servers were logged into directly with terminals.
Both solve legitimate problems. You actually have Microsoft’s blessing to go build with either protocol because both are documented. Microsoft would probably love for you to improve on them because they are worked on by the engineers who care about protocols and performance. They do exist. But apparently being offered that opportunity is not good enough for the open source community because, while you will find a handful of projects with open source implementations of these, according to them IMAP is perfect.
In Dylan Beattie’s excellent talk on the subject of large email providers, he makes the point that a perfectly open system will be exploited by assholes. There’s a reason toad.com is blacklisted. It’s not a perfect system, but compatibility comes with massive compromises. S/MIME is a kludge and if anybody really could think of a way to improve SMTP it would not be big tech that’s stopping it.
ON A SIMILAR AND EQUALLY IMPORTANT TOPIC: Big tech isn’t blocking Matrix adoption or XMPP. Maybe when they’re a bit older, but they’re not currently scalable or robust enough to take on proprietary solutions.
tin foil hat people.
This particular community is full of totally unhinged people who dont know the difference between privacy and anonymity. 90% of people here act like they’re living in north korea and will be disappeared if their phone number leaks
Where is the RFC describing the new protocol?
I’m not sure if you explicitly want an RFC-style description (i.e. follows https://www.rfc-editor.org/rfc/rfc2119 for MUST vs SHOULD vs etc) or if you are using RFC as a colloquial term for the technical details of the protocol.
In case of the latter, the “protocol” link at the top resolves to this GitHub repo: https://github.com/Open-Email/MailHTTPS-Protocol
Yea that link is basically what I was looking for, thanks!
Who is RFC?
What do they offer?? An alternative to email that isn’t standard, not based in open and standard protocols like IMAP/SMPT at all and is incompatible with everything else out there that FYI is distributed. So this is basically another attempt at emulating Proton’s success and making email effetely less standardized. lol
There’s 14 standards…
Haven’t gotten through the entire protocol description yet, but so far it seems closer to DMs on a social network than digital letters.
Neat, but maybe we should just do email-over-activitypub then…
Activitypub as far as Ive understood hasnt been designed with privacy in mind.
It’s definitely not going to be. The most radical attempt to revolutionize email protocol that has been accepted is Tuta, where they use TutaCrypt instead of OpenPGP. And they are like being criticized af, because nobody actually wants to use TutaCrypt to replace standard encryption protocol. And you still get to send email to others with Tuta, which you can’t even do with open.email. I am quite pessimistic on open.email’s future.
It’s cool but without legacy support, there’s no way mainstream attention. Do what Tutanota does, encrypt whenever possible.
Yeah, no. Email has always been an open standard. What is occurring is standard software allows filtering out spam (because people make money sending out spam) and then because centralized domain reputation inevitably occurs (because it is annoying hunting down bad actors and collectively it becomes easier) we end up with what we have today.
The solution is white list filtering in the hands of their users and people adding the senders that they want routed to their inbox but that is a user training problem that nobody wants to pay for.
whitelist only email means you’re reading your spam folder to find addresses to whitelist, you’re reading the spam. or more realistically, you don’t, you miss legit messages, you don’t make connections with strangers and that’s the end of that.
Instead the spaminess of each message should be visually graded with colored tags indicating certainty of the spaminess, this is “graylisting” or more specifically “shades of gray” listing
I don’t quite understand their solution. I’d wait.
Interesting discussion going on here 🙂 sounds like this is pretty new and as I had suspected doesn’t seem to be well documented. If its just another Tuta, I wonder why they think they’ll be better at succeeding where others haven’t.
