3
wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet
(sopuli.xyz)
cross-posted from: https://sopuli.xyz/post/12515826
I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:
From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion To: someoneElse@clearnet_addy.comI wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?
Indeed that’s the idea. If you’ve ever received a message where the sender’s address is “noreply@corp.xyz”, it’s similar. But in fact the onion address is slightly more useful than a “noreply” address because the responder would at least have the option of registering with an onion-capable email server to reply.
Imagine you want to email a gmail user. You can ensure that the message contains nothing you don’t mind sharing with a surveillance advertiser, but you cannot generally control what gets shared in the response. An onion address ensures that replies will be outside of Google’s walled garden, for example. That’s just one of several use cases.
Those are server to server authentication protocols, not something that validates the functionality of a sender’s disclosed email address. Otherwise how would a bank send an announcement from a “noreply” address?
Because dmarc, DKIM, and SPF validate the domain against the sending server, not the address.
When i send from noreply@ at work, it passes dmarc, DKIM, and SPF, because the recipient mail server validates the message came from an authorized mail server for the domain (mosty based on dns entries).
Without that validation, you can certainly still send emails, but most clearnet mail hosts will drop your messages. Google, Microsoft, and yahoo at the bare minimum will
The server is checking that the EHLO domain matches that of the IP of the sending server. Whatever is in the FROM: field is entirely irrelevant to that. The RFC even allows multiple email addresses in the FROM field. It’s rarely practiced, but it’s compliant. So if you have FROM: bob@abc.com, bob@xyz.onion, bob@xyz.org, are you saying the receiving server would expect the domain of all FROM addresses to match that of the sending server? What happens when a sender has a gmail account but uses a vanity address? Instead of bob@gmail.com, he has bobswidgets@expertcorp.com. Are you saying expertcorp.com ≠ gmail.com, so the receiving server will reject it? I think not. Google offers the ability of their users to use an external address last time I checked.
Maybe i need to further clarify that none of this is in the email RFC. Email is very old. These are new standards that everyone has agreed to on top of the RFC
I’m not surprised. Google took an anti-RFC posture when they broke email and brought in their own rules under the guise of anti-spam (the real reason is domination). The whole point of RFCs existence is interoperability. That was broken when servers reject RFC-compliant messages.
I’m not interested in bending over backwards to accommodate. Satisfying Google’s dkim reqs requires the server admin to solve a CAPTCHA. That’s a line I personally will not cross. So at the moment I simply do not email gmail users (or MS Outlook users, same problem).