IMail

Last updated March 31, 2024

Invisible mail, also referred to as iMail, i-mail or Bote mail, is a method of exchanging digital messages from an author to one or more recipients in a secure and untraceable way. It is an open protocol and its java implementation (I2P-Bote) is free and open-source software, licensed under the GPLv3.^[1]

As with email, one can send and receive iMails. However, normal emails are visible to an ISP and to the administrators of the mail servers providing the service. HTTPS, or secure connections still allow the server admin to view the content of an email and its related IP number. In invisible mails both the mail's content, and the identities (of the sender as well as the receiver) remain unknown to a third party observer or attacker. Furthermore, all iMails are automatically and transparently end-to-end encrypted.

At present, iMail cannot be sent to regular email accounts. iMail addresses are called iMail destinations. They are much longer than the average email addresses and do not carry the "@" sign nor a domain. They already include the encryption key, so using an iMail destination is not harder than using standard email with gpg encryption. The destination is two in one: the "address" as well as the public key. In contrast to gpg- or pgp-encrypted emails, I2P-Bote also encrypts the mail headers.

I2P-Bote also works as an anonymous or pseudonymous remailer. iMails are sent via the I2P network, a secure and pseudonymous p2p overlay network on the internet and sender and receiver need not be online at the same time (store-and-forward model). The entire system is serverless and fully distributed. iMail peers accept, forward, store and deliver messages. Neither the users nor their computers are required to be online simultaneously; they need connect only briefly for as long as it takes to send or receive messages.

An iMail message consists of three components, the message envelope, the message header, and the message body. The message header contains control information, including, minimally one or more recipient addresses. Usually descriptive information is also added, such as a subject header field and a message submission date/time stamp.

iMails can carry international typesets and have small multi-media content attachments, a process standardized in RFC 2045 through 2049. Collectively, these RFCs have come to be called Multipurpose Internet Mail Extensions (MIME).

Features

secure messages: All iMail messages are automatically end-to-end encrypted from the sender to the receiver.
message authentication: All iMail messages that are not sent without any information on the originator are automatically signed and the message's integrity and authenticity is checked by the receiver.
anonymous messages: iMails can also be sent without any information about the originator.

^[2]

Attachment size limitations

iMail messages may have one or more attachments. Attachments serve the purpose of delivering binary or text files of unspecified size. In principle there is no technical intrinsic restriction in the I2P-Bote protocol limiting the size or number of attachments. In practice, however, the slow speeds, overheads and data volume due to redundancy limit the viable size of files or the size of an entire message.

Email spoofing

Email spoofing occurs when the header information of an email is altered to make the message appear to come from a known or trusted source. In the case of iMails, this is countered by cryptographically signing each iMail with its originator's key.

Tracking of sent mails

The I2P-Bote mail service provides no mechanisms for tracking a transmitted message, but a means to verify that it has been delivered, which however does not necessarily mean it has been read.

Drawbacks

iMails can only be received or sent via the web interface, there is no implementation of POP3 or SMTP for iMail yet. Furthermore, there are no bridges that allow for sending from I2P-Bote to a standard internet email account or vice versa.

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are cypherpunk anonymous remailers, mixmaster anonymous remailers, and nym servers, among others, which differ in how they work, in the policies they adopt, and in the type of attack on the anonymity of e-mail they can resist. Remailing as discussed in this article applies to e-mails intended for particular recipients, not the general public. Anonymity in the latter case is more easily addressed by using any of several methods of anonymous publication.

A cypherpunk anonymous remailer, also known as a Type I remailer, is a type of anonymous remailer that receives messages encrypted with PGP or GPG, follows predetermined instructions to strip any identifying information, and forwards the messages to the desired recipient.

A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These instructions usually involve the anonymous remailer network itself, thus protecting the true identity of the user.

<span class="mw-page-title-main">Apple Mail</span> Email client by Apple Inc.

Mail is an email client included by Apple Inc. with its operating systems macOS, iOS, iPadOS, watchOS, and visionOS. Mail grew out of NeXTMail, which was originally developed by NeXT as part of its NeXTSTEP operating system, after Apple's acquisition of NeXT in 1997.

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender's domain. This authentication only applies to the email sender listed in the "envelope from" field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the "Return-Path" header. To authenticate the email address which is actually visible to recipients on the "From:" line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.

S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. It is a form of opportunistic encryption and is primarily intended as a countermeasure to passive monitoring.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information of the user by hiding the client computer's identifying information such as IP addresses. Anonymous proxy is the opposite of transparent proxy, which sends user information in the connection request header.

Mailfence is a encrypted email service that claims to be secure and private. It offers OpenPGP based end-to-end encryption and digital signatures. It was launched in November 2013 by ContactOffice Group, which has been operating an online collaboration suite for universities and other organizations since 1999.

References

http://i2pbote.i2p/src.zip%5B%5D (source code)
http://i2pbote.i2p/history.txt%5B%5D (history.txt)

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] ttp://stats.i2p/cgi-bin/viewmtn/revision/file/cf46b537180b1a5b5740a1e2e85fc049ccc512ef/license.txt%5B%5D

[2] ttp://stats.i2p/cgi-bin/viewmtn/revision/file/cf46b537180b1a5b5740a1e2e85fc049ccc512ef/doc/techdoc.txt%5B%5D

[1]

[2]

v t e Computer-mediated communication
Online chat Online discussion Communication software Collaborative software Social network service Virtual learning environment
Asynchronous conferencing	Email Electronic mailing list FidoNet Usenet Internet forum Textboard Imageboard Bulletin board system Online guestbook
Synchronous conferencing	Data conferencing Instant messaging Internet Relay Chat LAN messenger Talker Videoconferencing Voice over IP Voice chat in online gaming Web chat Web conferencing
Publishing	Blog Microblogging Wiki

IMail

Contents