Dark Mail Alliance

Last updated September 27, 2023

The Dark Mail Alliance is an organization dedicated to creating an email protocol and architecture with end-to-end encryption.^[1]

In October 2013, Silent Circle and Lavabit announced a project to create a more secure alternative to email and began a fundraising effort.^[2]^[3] The Dark Mail Alliance team originally consisted of Phil Zimmermann, Jon Callas, Mike Janke, and Ladar Levison. As of August 2023^[update], the only original member of the team still listed on the Dark Mail Alliance website is Levison.^[1]

DIME

Dark Internet Mail Environment (DIME) aims to be a secure communication platform for asynchronous messaging across the Internet. It was presented by Ladar Levison and Stephen Watt at DEF CON on August 8, 2014.^[4]

Specifications

There have been multiple revisions for DIME specifications. The latest revision is presented as a preliminary draft.

First public revision, December 2014^[5]
Preliminary draft, March 2015^[6]
Draft, June 2018^[7]

Protocols

Dark Mail Transfer Protocol (DMTP)^[6]
Dark Mail Access Protocol (DMAP)^[6]

Data formats

Signet Data Format
Message Data Format (D/MIME)

Implementations

Server-side

Magma is the reference MIME server implementation. It supports server side encryption, Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), Internet Message Access Protocol (IMAP) and Hypertext Transfer Protocol (HTTP).^[8]^[9]

Client-side

Volcano, a Thunderbird fork with DIME support.^[10]

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 9051.

Multipurpose Internet Mail Extensions (MIME) is an Internet standard that extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs. Message bodies may consist of multiple parts, and header information may be specified in non-ASCII character sets. Email messages with MIME formatting are typically transmitted with standard protocols, such as the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Internet Message Access Protocol (IMAP).

In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Today, POP version 3 (POP3) is the most commonly used version. Together with IMAP, it is one of the most common protocols for email retrieval.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

Philip R. Zimmermann is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. Zimmermann is co-founder and Chief Scientist of the global encrypted communications firm Silent Circle.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.Morrison, Steven R. "What the Cops Can't Do, Internet Service Providers Can: Preserving Privacy in Email Contents". Va. JL & Tech.</ref>

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients are personally identified and transactions are logged by the secure email platform.

AS1 is a specification about how to transport structured business-to-business data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption.

Invisible mail, also referred to as iMail, i-mail or Bote mail, is a method of exchanging digital messages from an author to one or more recipients in a secure and untraceable way. It is an open protocol and its java implementation (I2P-Bote) is free and open-source software, licensed under the GPLv3.

Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktop. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.

Lavabit is an open-source encrypted webmail service, founded in 2004. The service suspended its operations on August 8, 2013 after the U.S. Federal Government ordered it to turn over its Secure Sockets Layer (SSL) private keys, in order to allow the government to spy on Edward Snowden's email.

Kolab Now is a web-based email and groupware service, based completely on free and open-source software. It is owned and operated by Kolab Systems AG and was formerly known as MyKolab.

pretty Easy privacy is a pluggable data encryption and verification system, which provides automatic cryptographic key management through a set of libraries for written digital communications. Its main goal is to make end-to-end encryption the default in written digital communications for all users in the easiest way possible and on the channels they already make use of, including e-mails, SMS, or other types of messages.

Stephen Huntley Watt is an American computer security consultant and hacker, known for his involvement in the TJX data breach.

References

1 2 Levison, Ladar. "Dark Mail Alliance website". Dark Mail Alliance. Archived from the original on 2022-12-28. Retrieved 2023-08-03.
↑ "Lavabit's Dark Mail Initiative". Kickstarter.
↑ Hern, Alex (31 December 2013). "Email is broken but Dark Mail Alliance is aiming to fix it". The Guardian newspaper. Retrieved 2 January 2014.
↑ "DEF CON 22 - Ladar Levison and Stephen Watt - Dark Mail". Youtube.
↑ "Dark Internet Mail Environment, Architecture and Specifications, December 2014" (PDF). Dark Mail. Retrieved 2015-07-25.
1 2 3 "Dark Internet Mail Environment, Architecture and Specifications, March 2015" (PDF). Dark Mail. Retrieved 2015-07-25.
↑ Dark Internet Mail Environment� Architecture and Specifications
↑ Paganini, Pierluigi (2017-01-21). "Lavabit, the Snowden recommended encrypted email service, is back". Security Affairs. Archived from the original on 2023-08-03. Retrieved 2023-08-03.
↑ "lavabit/magma.classic". GitHub. 15 November 2022.
↑ Scharr, Jill. "DIME, Formerly DarkMail, Promises Secure Email".

External links

Dark Mail Alliance web site

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[official_web_site-1] 1 2 Levison, Ladar. "Dark Mail Alliance website". Dark Mail Alliance. Archived from the original on 2022-12-28. Retrieved 2023-08-03.

[2] "Lavabit's Dark Mail Initiative". Kickstarter.

[3] Hern, Alex (31 December 2013). "Email is broken but Dark Mail Alliance is aiming to fix it". The Guardian newspaper. Retrieved 2 January 2014.

[4] "DEF CON 22 - Ladar Levison and Stephen Watt - Dark Mail". Youtube.

[dime-2014-12-5] "Dark Internet Mail Environment, Architecture and Specifications, December 2014" (PDF). Dark Mail. Retrieved 2015-07-25.

[dime-2015-03-6] 1 2 3 "Dark Internet Mail Environment, Architecture and Specifications, March 2015" (PDF). Dark Mail. Retrieved 2015-07-25.

[7] Dark Internet Mail Environment� Architecture and Specifications

[8] Paganini, Pierluigi (2017-01-21). "Lavabit, the Snowden recommended encrypted email service, is back". Security Affairs. Archived from the original on 2023-08-03. Retrieved 2023-08-03.

[9] "lavabit/magma.classic". GitHub. 15 November 2022.

[10] Scharr, Jill. "DIME, Formerly DarkMail, Promises Secure Email".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]