Secure .NET email library and proxy with full support for SMTP, IMAP, POP3, and S/MIME. Free and open source.
It's time for secure email
Imagine if physical envelopes were never invented. Everything you sent, whether a letter to a friend, business correspondence, or a bill payment, would be handed openly to the mailman.
Every postal employee who carried your letter would be able to thumb through it and surreptitiously review your photos or financials without your knowledge. Nosy neighbors who shared the same outbox as you could do the same.
Now imagine that there are laws requiring every message to be scanned and stored in a database. Indefinitely. And somebody you don't know could run queries to see if you sent anything they consider interesting.
In this world, you could probably trust everybody in that convoluted delivery chain. After all, an unbelievable amount of mail gets sent. Why would anybody pay attention to your letters?
But let's say that one day you are handed an envelope to use. Not just a regular envelope either, but a locked envelope that only your recipient had a key to open. Only you and your recipient would ever be able to look inside.
Would you choose to send a letter without that envelope?
This analogy isn't a stretch. It illustrates exactly how email works today. But it doesn't have to stay that way.
The goal of OpaqueMail is to make secured email envelopes available to everyone.
- Create Windows encrypted email client (Planned)
- Create Mac OSX encrypted email client (Planned)
- Create Linux encrypted email client (Planned)
- Create iOS encrypted email client (Planned)
- Create Android encrypted email client (Planned)
- Create Mac OSX and Linux SMTP encryption proxies using Mono (Planned)
- Create PHP email client library (Planned)
- Create PHP webmail interface (Planned)
- Create Ruby email client library (Planned)
- Create Ruby webmail interface (Planned)
- Partner with popular email client companies to ensure encrypted email is the default (Planned)
Where we are and how we got here
Email was invented more than 40 years ago, before network security or privacy were common concerns. The original creators could never have predicted it would become the world's most popular communications medium.
Today, billions of people spend hours reading and composing emails every day. These range from personal messages to critical business communications. Everything travels through email, including sensitive information.
The overwhelming majority of emails are sent in "plain-text", meaning that everybody involved in sending your message can (and does) read it. And that's significantly more people than you'd expect.
The problem's even more serious when using an untrusted network, like the neighborhood coffee shop. Free tools allow anyone to snoop on unencrypted email traffic. That's unacceptable.
Whatever you have to send, an email's audience should be limited to you and the recipient. Not some technician at your ISP, not the government, and certainly not a hacker on your wifi.
The solution already exists
"Public key cryptography" (a.k.a. asymmetric encryption) is the answer to secure messaging. This is the underlying technology behind SSL and TLS, which are used for everything from banking to military security.
Two standards have existed for mail encryption since the 1990s: S/MIME and OpenPGP. Both approaches work by encrypting email in a way that only the recipient can read. First, a "public key" is used to compose a secure message. Then, the recipient uses a "private key" (like a decoder ring) to decode the message.
Both OpenPGP and S/MIME are free, proven, and secure.
Why email encryption hasn't caught on yet... and what we can do about that
There are four main reasons email encryption hasn't caught on so far:
Most people are unaware of encryption or the need for it.
Now is the time to spread the word. Everyone should be aware of the risks of insecure email and the options to secure it.
Prism is scary enough, but they're not the only ones spying on email. The average email "bounces" through several servers, each of which retains a copy of the message. Anybody with access to these servers, whether your ISP or a network provider you've never heard of, can open and read your message.
Now is the time to get the word out. Lead by example in signing and encrypting your messages whenever possible.
Encryption seems complicated or expensive to set up.
In order to set up email encryption, everybody who receives an email needs to have a secure key. This is the biggest roadblock to secure email.
The good news is that there are established vendors that offer these keys for free. Comodo and StartCom offer personal keys that you can set up in minutes.
There's even a free, open-source certificate authority called CACert, although it's still not as usable as it should be.
Encryption isn't supported by all email clients.
The most common email clients support S/MIME (such as Outlook, Thunderbird, Apple Mail, and iOS Mail), but there are far too many that don't.
Several mobile clients and webmail interfaces (notably Gmail) lack S/MIME support. That needs to change.
OpaqueMail is a free .NET library with full support for S/MIME email encryption. It can be plugged into existing email clients (including mobile clients via Mono) to simplify email protection. The goal of the project is to make email encryption standard.
It complicates spam filtering and virus scanning.
One of the few benefits of email transparency is that central servers can read everybody's messages in order to spot trends. By scanning everybody's email at once, they can identify emerging threats. Of course, the same technology is also used for spying and marketing purposes.
There are workarounds, but this is a legitimate challenge. The best current option is using endpoint antivirus and antispam. In all aspects of OpaqueMail, we seek community ideas and feedback.
Let's fix that
The OpaqueMail project's goal is to normalize the use of email encryption. The first step is education, but we ultimately seek to make secure email the default option.
Let's get the word out.
First, spread the word about why email privacy matters and what we can do about it. We live in a critical time for defining and protecting our personal liberties online.
We all deserve freedom of speech and confidence that our communications are secure.
Let's start signing and encrypting our messages.
It only takes a few minutes to get started.
Check out our email encryption tutorial now.
Make sure to set up encryption for all of your devices that support it and encourage your friends to do the same.
Lead by example. And consider updating your email signature to link to http://opaquemail.org/ to spread to word.
Let's create better software.
Going forward, all mail applications should not only support S/MIME, but encourage users to default to it. It shouldn't be a hidden, arcane option limited to power users.
To support that end, we've created a free open-source .NET email library with full S/MIME support via IMAP, POP3, and SMTP available on GitHub. We'll share other resources for simplifying S/MIME using other programming languages.
If there's enough community interest, we'll also create secure e-mail clients for Windows, Mac OSX, Linux, iOS, and Android.
What's in a name?
Headlines have recently been dominated by "Prism", the US government's clandestine surveillance program. A prism refracts light, such as the fiber optics underlying the internet, allowing true colors to be studied individually.
"Opaque" is the opposite of "transparent", meaning that it's impenetrable to light. Opaque objects can't be refracted. OpaqueMail is resistant to Prism.