Confidant Mail is an open source cryptographic email system that wants to replace the Simple Mail Transfer Protocol (SMTP), an Internet email standard in use by leading email providers Gmail, Outlook and Yahoo to send messages outside their own system. Confidant Mail is not compatible with SMTP, it comes with its own client, server and protocol creating a new email game plan with privacy and security native to the network.
In exchange for the huge task of switching to a new email system, Confidant Mail automatically encrypts all messages with GnuPG, it conceals metadata, email headers “From” and “Subject” are contained in the envelope, it has its own key distribution system, looking up encryption keys using DNS, it can attach files bigger than 4GB to email messages transferring them with hashed chunks like BitTorrent.
There is spam protection making it computational costly to send bulk email, digital signatures are checked before forwarding messages, a user can change server without needing a new email address, mail servers can be run at home with a dynamic DNS with servers paired for redundancy, messages can be made traffic analysis resistant delaying sending of messages with the AFTER command, and there is built-in support for sending email with Tor and I2P to hide your computer IP.
I downloaded the Windows installer, there is an easy set up option, you enter the email address you currently have, choose a passphrase for your private GPG key and paste a remote configuration URL that your Confidant Mail provider will have given you. Being this a new email system that is not compatible with current SMTP email providers, this is where it gets tricky, it is not easy to find a Confidant Mail provider, you will have to use one of the developer test servers or set up your own and the person you communicate with will have to be using the same email system.
Your email address it is just an identifier for Confidant Mail, you can use an email address or domain name that does not exist if you like, it will still work. When you get an email from somebody Confidant Mail automatically fetches the public encryption key for that address and adds it to your keyring, there is no central key directory that can be compromised, you can run Confidant Mail in peer to peer mode. At present there is no key verification built-in, you have to manually check the fingerprint shown to the right of the address.
Unlike BitMessage, Confidant Mail can be easily scaled to millions of users, you can run mailing lists. A security and privacy email system like this can be useful for journalists to interview somebody without technical expertise, it solves the problem of users not encrypting their messages and brings aboard encrypted email millions of people who don’t have a clue about what OpenPGP is and would not bother to learn how it works.
Confidant Mail takes care of all email security and privacy for you, when you click on the send button, the server interacts with GPG in the background, finds the encryption keys, and encrypts the message, attachments are encrypted and broken into blocks for transmission. When you receive and email, Confidant Mail automatically decrypts it and lets you reply with the email client of your choice.
This is a fantastic project that only needs for email providers to adopt it as a standard for it to be successful, until that happens, you can run a Confidant Mail in parallel to your other SMTP email for when you need real security, just make sure that your friends know about it and they have registered their address with a Confidant Mail server.
Mike
Thank you for the write up. I am the author of this system.
Right now I am providing free encrypted mail hosting to anyone who wants it.
Go to the website and sign up. Send me an email:
Keyid: d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
hacker10
Hello Mike,
That’s very kind of you, best of luck.
hacker10
Mike Ingle
Those images above make the setup look really scary.
It’s not.
There is an Easy Setup page where all you have to type is your name, email address, and passphrase. You plug in a URL to automatically configure the rest. Don’t let that complicated looking setup dialog scare you off trying it.
My name here
I was impressed with the review above, so just now went to Confidant Mail web site and signed up.
What attracted me is email limited to other users of Confidant Mail only.
No “traffic analysis” is possible.
Also, I like that the developer is a “one-man-band”.
The developer posted a message above.
I prefer apps from individual developers, so if I have a question or problem, can ask directly instead of struggling through a jungle of “customer support team” on ZenDesk.
The sign-up and set-up was surprisingly easy using the automatic config.
And I observed that the web page is just the essentials: no grandiose photos of grinning diversities in various skin colors — thank you very much.
Not enough experience yet to know a lot, but first glance this looks very worthwhile.
Disclaimer: I don’t know the developer and he doesn’t know me.
Just found it by browsing Hacker10.
.
Hacker10
Hello anonymous,
Thank you for sharing your experience, best of luck.
hacker10
Mike
At the moment you can only send to other Confidant Mail users. However, this is an open protocol and does communicate between servers. In the future there will be multiple service providers, and they can all exchange messages. The key distribution system has been tested with 6,144 simultaneous servers, and it also supports DNS key distribution. The protocol is designed to create an Internet-wide secure email system.