Introduction
Email security is of imperative importance when it comes to prevention and protection from cyber-attacks. Around 90% of cyber-attacks are carried through fraudulent emails where users are falling prey to email phishing, spoofing, spamming, and tampering attacks. Not to mention, since organizations have started operating remotely due to the pandemics, there has been a massive surge of 220% in email attacks.
Email is our day-to-day channel of staying connected with our peers, colleagues, friends, clients, and loved ones. Currently, we use the services of legacy email providers and email security service providers. All these legacy & emerging email security providers which rely on traditional email transfer protocols of IMAP and SMTP claim to provide end-to-end encryption for email transfers using their platforms. Even you might be one of the users of these email security service providers.
Problems with the current Email Transfer mechanism
Let’s take a step back to understand how these email transfer protocols work before taking a deep dive into how these claims of end-to-end encryption are flawed.
Suppose, we have two users named Alice and Bob and they want to have an email exchange. For sending an email Alice will use the SMTP protocol while for receiving that email Bob will use the IMAP protocol.
There are two types of email transfer mechanisms:
1. Inter-domain Email Transfer
2. Intra-domain Email Transfer
Problem with Inter-domain Email Transfer:
Now consider Alice is using the services of XMail and Bob is using the services of YMail. We will call this email transfer an Inter-domain email transfer. For this email transfer, email service providers will use Mail Transfer Agents (MTA). Now here things start getting interesting. If Alice wants to transfer email using MTA, then that particular email has to be in plain text, unencrypted, or in an ASCII format. If Alice is also willing to send an attachment, then that attachment has to be converted into Base 64 format which is not an encryption format.
So irrespective of what email security service you use or what level of encryption you use, the email transfer which is happening through MTA agents and SMTP Port 25 has to be plain text. This protocol has been designed to work in plain text, base 64, and ASCII format only. All the claims of providing end-to-end encryption for inter-domain email transfers are flawed, false, and void.
Problem with Intra-domain Email Transfer:
If Alice and Bob both are using the services of the same email provider which is termed an Intra-domain email transfer then they can exchange an encrypted email with each other. In this case, they can use a TLS level of encryption to secure the connection between both and have the email body encrypted. Remember, they can only encrypt the email body with some mechanism. They cannot encrypt the email header which consists of their email ID, timestamp, IP address, and subject line. We have already seen instances of the IP address & header data of users is being shared with three letter agencies.
This means it is impossible to achieve end-to-end encryption as long as we are using the traditional email transfer protocols of SMTP/IMAP.
What’s the solution?
Now we have understood the problem with having inter-domain email transfers that cannot be encrypted in any way, and these emails can be exposed through a simple wire short that will listen to your SMTP port 25. Along with this, the intra-domain email transfer put limitations on having email header exposed for spoofing and tampering. Let’s evaluate if we have any other options which can help us secure, encrypt and protect our email platform.
We are experiencing a rapid evolution in the Web 3.0 internet where peer-to-peer, censorship-resistant, decentralized, and democratic applications are being built which are focused on user security & privacy. With the same vision of protecting the digital rights of internet users, we have come up with the world’s first decentralized email solution popularly known as LedgerMail.
LedgerMail – The world’s first Decentralized Email Solution
LedgerMail replaces the traditional way of email transfer through these obsolete protocols with a peer-to-peer exchange of encrypted transactions leveraging blockchain technology. Each email transfer happening through the LedgerMail platform is treated like a wallet transaction on the decentralized blockchain network, where all the email data including files & attachments are encrypted, secured, and stored on a decentralized network.
Although LedgerMail is a closed-loop system where we can exchange emails with other LedgerMail users, we have tried to achieve some level of interoperability for the users by using email addresses of their own choice. So, users can use email domains of legacy email providers or customized business domains for seamless exchange of emails through the LedgerMail platform. These email addresses are just a namespace that is human-readable & easy to remember. Internally, when the user signs up to the LedgerMail platform, a wallet is created for that user which has a unique wallet ID. This immutable & tamper-proof wallet ID gets mapped with the human-readable address for the convenience & accessibility of the users while protecting the user from header manipulation and email spoofing attacks.
LedgerMail operates on a Web 3.0-enabled communication protocols, and we are enabling a close-knit ecosystem for the internet users to adapt to this revolutionary, secure, encrypted & decentralized protocol for their email exchange. We are not bridging the Web 3.0 email communication protocols of LedgerMail with the traditional Web 2.0 email service providers. By doing so, we are eliminating all the possibilities of email spamming, email phishing & tampering activities.
Now, you don’t have to worry about your emails getting listened to through SMTP port 25. Neither you have to limit yourself to using a particular email domain, nor do you have to get into the complexity of the PGP level of encryption.
Features of the LedgerMail
LedgerMail is on a mission to protect the Digital Rights of Web 3.0 internet users in a decentralized way. It inherits all the technical features and benefits from Blockchain technology while complementing it with an advanced cryptographic algorithm.
Some of the features of this decentralized email solution include:
1. Military-grade Security inherited through Blockchain technology
2. User Privacy
3. Cryptographic Encryption
4. Data Sovereignty & Reliability
5. Democratic, Peer-to-Peer, Censorship Resistance Protocol
6. Email Authenticity & Immutability
7. Forensic monitoring & accountability
8. Free of cost
9. Seamless user experience & interoperability
10. Prevention from email spoofing, spamming, phishing & tampering attacks
Popularity of LedgerMail among the Web 3.0 community
Since the launch of the beta version of LedgerMail in August 2021 operating on a public blockchain platform of the XDC Network, LedgerMail has successfully onboarded 750,000 users with more than half a million active users with a total email exchange crossing 2 million in a shorter amount of time.
The blockchain-based email security services provided through LedgerMail have attracted big tech enterprises and SMEs for protecting their email platforms through fraudulent attacks and preventing them from monetary, data & reputation loss.
LedgerMail will allow users to have a seamless exchange of their messages, files, and attachments with Web 3.0 standards while focusing on the global adoption by individuals & enterprises for their decentralized email communication. Currently, LedgerMail is free of cost and users will get rewarded for signing up & exchanging emails with their peers. To complement the decentralized email services, we are also coming up with a full-proof product suite that will allow you to have Web 3.0-enabled decentralized, secure, and privacy-focused communication.
A disruptive & decentralized email service that eliminates the false claims of legacy email security providers and envisions building a decentralized email ecosystem, we deserve it!