| I'd prefer to see decentralized email before "encrypted" email. Recipient runs qmail listening for connections on some personally chosen port from among 1000's of choices. She is also running a firewall such as pf. authpf might also be useful. Recipient tells sender her chosen port number and a personally chosen address to use. How does she do this? In person. Through the postal mail. Over the telephone. But _not_ over the Internet. Of course she does not have to use the same port and address for every sender. In addition to the potential randomness of the port, the address she chooses could be any string of legal characters up to 250 whatever in length. The approved sender runs qmail to connect to recpient's qmail and leaves a message on recpient's computer. No DNS. No "email provider". No POP3. How two users can discover each others' IP address and connect to each other through firewalls _without forwarding traffic through a third party server_ is left an as exercise for the reader. Chances are most users have used software that does this at one time or another, maybe without even knowing it. The methods have been around for decades. It works. Centralized DNS and the need for a "domain name" is not needed. Centralized "email providers" who store users' email are not needed. There are a number of disadvantages and limitations to this approach. Yes, I know what they are. But I have already tested this and it works so I'm biased. My opinion is that the _advantanges_ of "peer-to-peer", SMTP-to-SMTP email easily outweigh the disadvantages of store and forward and POP3 and make this a useful _alternative_ (not a replacement) system for centralized email. It's an _option_ users could have that would be quite useful. The status quo approach to email has become highly centralized in both the need for ICANN DNS and "email providers". Not to mention the commercialization of email and the need to have "permission" to be able to send mail "because of" the proliferation of spam. It's far too difficult for any user to control their own email under the current centralized system. Solution: Give users another system where they _can_ control their email. IMHO the centralization and protectionism of the current system (email is a business, but it doesn't need to be) is a bigger problem than lack of encryption. It's also what makes spamming viable. Everyone knows your email address or can get it easily enough. In many cases, that is not necessary. As it stands, email is concentrated in a limited number of locations (the servers of email providers), transferred over a few ports (25, etc.) and users are limited in the addresses they can use (commercially registered domainnames). |
I'd worked on a proof of concept that would have all three of the above features using a DHT for delivery, relying on collisions for addressing, so that targets overlap, but a given target could only decrypt messages actually to them... the down side is it would be possible to send MANY messages to a target, so many that the system would be brought to a crawl and effectively useless.