LemonMail to IMAP/SMTP

[MisterDex]

Hello,

I'm interested in contacting the original developers of this project to ask them why they did not finish with the plan to integrate Lemonmail with IMAP/SMTP servers. Was this ever a reality, and if so, what prevented it from happening?

If you can make this a reality, I might be interested in donating to your project.

Best, MisterDex

[horohronos]

Hey,

It's a long answer but I'll try to make it short.

Lemonmail has 2+1 kinds of services: Regular, Private and DApp.

Regular is just that, classic email service that is fast but has no focus on privacy... DApp is basically this repo. But, Private is a little bit more complex. It's a mix of DApp and Regular email. In short, DApp is a (open-sourced) fork of Private Lemonmail service - Private mail has couple of additional services:

1. Server-side proxy between ETH/IPFS and (User's) Browser - to enable dummy users to interact with decentralized world without having wallets and such, but users can just remember passphrase (something like protonmail) for priv/pub key, that is never sent to the server. Keys are kept on Private Lemonmail services (unactive, 'cause there is no passphrase on server at any time)
2. Additionally, there is server-side service (SMTP/IMAP functionalities in short) that listens to any event on the Smart Contract (e.g. send event) and if recipient is external email address , this service forwards just the notification (not the whole body; something like hushmail does) to external address. Also, it serves as a proxy between external email (e.g. gmail) so when somebody from e.g. gmail sends to lemonmail address, this is also encrypted and forwarded on the Contract.

These services are not open sourced, even though they are implemented and tested.

If you have any ideas on what's good for Lemonmail project or some new features, you can find me on Blockemon Slack, nickname @masa or write on malisa.pusonja@labs.devana.rs

Thanks a lot for the interest in this project.

[MisterDex]

Hi Malisa,

This is very interesting and I have a few more questions to your previous numbered answers.

1. Server-side proxy between ETH/IPFS and (User's) Browser - a. This appears to allow non-technical users an easy method to use LemonMail without acquiring an Ethereum wallet. It does not appear to allow any emails between LemonMail and IMAP/SMTP accounts. Correct?

2. Server-Side IMAP/SMTP forwarding - functionalities in short) that listens to any event on the Smart Contract (e.g. send event) and if recipient is external email address , this service forwards just the notification (not the whole body; something like hushmail does) to external address. Also, it serves as a proxy between external email (e.g. gmail) so when somebody from e.g. gmail sends to lemonmail address, this is also encrypted and forwarded on the Contract. a. This allows messages to external accounts to be forwarded as described above. Does this mean all header info, including sender and recipient addresses, must remain unencrypted at all times and open for public viewing on the blockchain? If so, have you considered any way to keep this information private? b. Once the external recipient receives the notification, are they required to set up a LemonMail account in order to decrypt and read the message or reply back? It would seem that this would be necessary to maintain information security. Would they need to run Metamask, or would you have a custom Chrome browser plugin to authenticate these users for future emails? c. Does your system have any similarity to how Virtru.com authenticates recipients and on-boards new users? https://www.virtru.com/secure-email/ c. Is there a feature that onboards new LemonMail users to IPFS, and requires them to provide some storage space to the network in exchange for storing their data? If not, how do you prevent running out of storage space as the system scales? d. Who can test and use this private LemonMail service. What are the fees associated?

Thanks, MisterDex

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, December 13, 2018 3:24 AM, Malisa Pusonja notifications@github.com wrote:

Hey,

It's a long answer but I'll try to make it short.

Lemonmail has 2+1 kinds of services: Regular, Private and DApp.

Regular is just that, classic email service that is fast but has no focus on privacy... DApp is basically this repo. But, Private is a little bit more complex. It's a mix of DApp and Regular email. In short, DApp is a (open-sourced) fork of Private Lemonmail service - Private mail has couple of additional services:

• Server-side proxy between ETH/IPFS and (User's) Browser - to enable dummy users to interact with decentralized world without having wallets and such, but users can just remember passphrase (something like protonmail) for priv/pub key, that is never sent to the server. Keys are kept on Private Lemonmail services (unactive, 'cause there is no passphrase on server at any time)
• Additionally, there is server-side service (SMTP/IMAP functionalities in short) that listens to any event on the Smart Contract (e.g. send event) and if recipient is external email address , this service forwards just the notification (not the whole body; something like hushmail does) to external address. Also, it serves as a proxy between external email (e.g. gmail) so when somebody from e.g. gmail sends to lemonmail address, this is also encrypted and forwarded on the Contract.

These services are not open sourced, even though they are implemented and tested.

If you have any ideas on what's good for Lemonmail project or some new features, you can find me on Blockemon Slack, nickname @masa

Thanks a lot for the interest in this project.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[MisterDex]

Malisa,

A few quick more questions to add to the ones above:

1. You mentioned that when submitting an email to Gmail, that the IMAP/SMTP server forwards a link that leads to the email (stored on IPFS). How are you controlling the keys to access/read that email and open that smart contract?

2. Do you feel that this solution is secure enough that those emails are protected, even if the IMAP/SMTP server were hacked? Please explain...

thanks, MisterDex

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, December 19, 2018 1:39 PM, MisterDex MisterDex@protonmail.com wrote:

Hi Malisa,

This is very interesting and I have a few more questions to your previous numbered answers.

1. Server-side proxy between ETH/IPFS and (User's) Browser - a. This appears to allow non-technical users an easy method to use LemonMail without acquiring an Ethereum wallet. It does not appear to allow any emails between LemonMail and IMAP/SMTP accounts. Correct?

2. Server-Side IMAP/SMTP forwarding - functionalities in short) that listens to any event on the Smart Contract (e.g. send event) and if recipient is external email address , this service forwards just the notification (not the whole body; something like hushmail does) to external address. Also, it serves as a proxy between external email (e.g. gmail) so when somebody from e.g. gmail sends to lemonmail address, this is also encrypted and forwarded on the Contract. a. This allows messages to external accounts to be forwarded as described above. Does this mean all header info, including sender and recipient addresses, must remain unencrypted at all times and open for public viewing on the blockchain? If so, have you considered any way to keep this information private? b. Once the external recipient receives the notification, are they required to set up a LemonMail account in order to decrypt and read the message or reply back? It would seem that this would be necessary to maintain information security. Would they need to run Metamask, or would you have a custom Chrome browser plugin to authenticate these users for future emails? c. Does your system have any similarity to how Virtru.com authenticates recipients and on-boards new users? https://www.virtru.com/secure-email/ c. Is there a feature that onboards new LemonMail users to IPFS, and requires them to provide some storage space to the network in exchange for storing their data? If not, how do you prevent running out of storage space as the system scales? d. Who can test and use this private LemonMail service. What are the fees associated?

Thanks, MisterDex

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, December 13, 2018 3:24 AM, Malisa Pusonja notifications@github.com wrote:

Hey,

It's a long answer but I'll try to make it short.

Lemonmail has 2+1 kinds of services: Regular, Private and DApp.

Regular is just that, classic email service that is fast but has no focus on privacy... DApp is basically this repo. But, Private is a little bit more complex. It's a mix of DApp and Regular email. In short, DApp is a (open-sourced) fork of Private Lemonmail service - Private mail has couple of additional services:

• Server-side proxy between ETH/IPFS and (User's) Browser - to enable dummy users to interact with decentralized world without having wallets and such, but users can just remember passphrase (something like protonmail) for priv/pub key, that is never sent to the server. Keys are kept on Private Lemonmail services (unactive, 'cause there is no passphrase on server at any time)
• Additionally, there is server-side service (SMTP/IMAP functionalities in short) that listens to any event on the Smart Contract (e.g. send event) and if recipient is external email address , this service forwards just the notification (not the whole body; something like hushmail does) to external address. Also, it serves as a proxy between external email (e.g. gmail) so when somebody from e.g. gmail sends to lemonmail address, this is also encrypted and forwarded on the Contract.

These services are not open sourced, even though they are implemented and tested.

If you have any ideas on what's good for Lemonmail project or some new features, you can find me on Blockemon Slack, nickname @masa

Thanks a lot for the interest in this project.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.