Send email with Tor, I2P and GPG using Confidant Mail

Confidant Mail is an open source cryptographic email system that wants to replace the Simple Mail Transfer Protocol (SMTP), an Internet email standard in use by leading email providers Gmail, Outlook and Yahoo to send messages outside their own system. Confidant Mail is not compatible with SMTP, it comes with its own client, server and protocol creating a new email game plan with privacy and security native to the network.

In exchange for the huge task of switching to a new email system, Confidant Mail automatically encrypts all messages with GnuPG, it conceals metadata, email headers “From” and “Subject” are contained in the envelope, it has its own key distribution system, looking up encryption keys using DNS, it can attach files bigger than 4GB to email messages transferring them with hashed chunks like BitTorrent.

Confidant Mail encrypted email configuration

Confidant Mail encrypted email configuration

There is spam protection making it computational costly to send bulk email, digital signatures are checked before forwarding messages, a user can change server without needing a new email address, mail servers can be run at home with a dynamic DNS with servers paired for redundancy, messages can be made traffic analysis resistant delaying sending of messages with the AFTER command, and there is built-in support for sending email with Tor and I2P to hide your computer IP.

I downloaded the Windows installer, there is an easy set up option, you enter the email address you currently have, choose a passphrase for your private GPG key and paste a remote configuration URL that your Confidant Mail provider will have given you. Being this a new email system that is not compatible with current SMTP email providers, this is where it gets tricky, it is not easy to find a Confidant Mail provider, you will have to use one of the developer test servers or set up your own and the person you communicate with will have to be using the same email system.

Your email address it is just an identifier for Confidant Mail, you can use an email address or domain name that does not exist if you like, it will still work. When you get an email from somebody Confidant Mail automatically fetches the public encryption key for that address and adds it to your keyring, there is no central key directory that can be compromised, you can run Confidant Mail in peer to peer mode. At present there is no key verification built-in, you have to manually check the fingerprint shown to the right of the address.

Confidant Mail Tor and I2P proxy settings

Confidant Mail Tor and I2P proxy settings

Unlike BitMessage, Confidant Mail can be easily scaled to millions of users, you can run mailing lists. A security and privacy email system like this can be useful for journalists to interview somebody without technical expertise, it solves the problem of users not encrypting their messages and brings aboard encrypted email millions of people who don’t have a clue about what OpenPGP is and would not bother to learn how it works.

Confidant Mail takes care of all email security and privacy for you, when you click on the send button, the server interacts with GPG in the background, finds the encryption keys, and encrypts the message, attachments are encrypted and broken into blocks for transmission. When you receive and email, Confidant Mail automatically decrypts it and lets you reply with the email client of your choice.

This is a fantastic project that only needs for email providers to adopt it as a standard for it to be successful, until that happens, you can run a Confidant Mail in parallel to your other SMTP email for when you need real security, just make sure that your friends know about it and they have registered their address with a Confidant Mail server.

Visit ConfidantMail homepage

Comments (6)

  1. Mike 17 April, 2015
  2. hacker10 17 April, 2015
  3. Mike Ingle 20 April, 2015
  4. My name here 29 April, 2015
  5. Hacker10 29 April, 2015
  6. Mike 2 May, 2015

Leave a Reply