For the next few months, you can get a completely free mailbox with one of 9 joke domains! The whole thing runs on cPanel, and we have a closed-source backend operation that encrypts the mail to make sure any mail can only be read by the user.
The backend encryption uses GnuPG, and generates a unique GPG keyset for each individual when the mailbox is created, and then rotates the GPG keys every 6 months. For security, the private keys and passphrases are stored in 50 parts across 8 different servers, and it is impossible to get the full private key/passphrase without all 50 parts. The 8 servers also change every time a GPG key is rotated.
When mail is received, it first goes through an encryption server, which encrypts the contents of the email with the mailbox’s public key. Once the email is encrypted, the email then goes through to cPanel, where it is placed in the user’s mailbox.
When a user wants to view their mail, the request goes to the decryption server, which then verifies the user’s password, connects to the 8 servers to fetch the GPG private keys & passphrases, connects to cPanel to fetch the contents of the user’s mailbox, decrypts the contents, and then responds to the request with the decrypted content of the mailbox.
The encryption process takes an average of 274ms per megabyte, and the decryption process takes an average of 106ms per megabyte.
All unencrypted emails are overwritten with random data to ensure security. We maintain logs, however, IP addresses are overwritten with “127.0.0.1” every 5 seconds.
Not Another Mail Platform uses 20 different servers across 8 countries to ensure the highest level of privacy & security possible.
During this process, I learned how to use the cPanel API, create bash scripts, use rclone, and use GnuPG in automations.
We are planning to implement a forgot password function, secure SAML authentication with Auth0, two-factor authentication, an account deletion function, stricter CAPTCHA, and make a No-JavaScript Tor version available.
Get your mailboxes quick, because once all the features on our roadmap are completed, any signups after the features on the roadmap are fully implemented will be charged $1 per mailbox. Any signups before the features on the roadmap are fully implemented will continue to be free forever, and will not be impacted by this change. Please note, the $1 is not a monthly charge, and is a one-time charge.
