What benefit does the anchoring give over just the signing part? Surely the signature is enough to prove that the email is from the expected sender? I feel like this is just an attempt to add Blockchain to an existing system for no benefit to the user.
EDIT: After looking around a bit more, the product appears to be your standard CRM tool (similar to Streak) but with "Blockchain" added to make it look different (but without adding any value).
Hi vivan. Thanks for your comment. Besides the signature of an email using the robustness and persistence of the blockchain, what is different with "Email Stamping" and especially interesting for professionals who send sensitive emails (e.g., lawyers, insurers, brokers...) is that they have a way to show they sent an email with a specific content at a specific time.
A decisive challenge raised by today’s email dominance in the workplace is that the latter means of communication does not offer a built-in function to prove the integrity and authenticity neither of its content nor of its origin. Knowing that emails are increasingly presented as legal evidence in courts worldwide, it becomes urgent to think of approaches that could palliate the inherent flaws of email.
EDIT: And yes, Gmelius offers a lightweight CRM targeting SMEs that covers all the stages of the modern communication flow: from the first interaction to the potential signature of a contract/quote. Besides, Gmelius offers a shared inbox making possible to follow-up on leads, stay in sync with your team.
How does that prove the email was sent, though? Couldn't one timestamp the email into the blockchain, without actually sending the email to the other party?
Edit: btw, I released something that utilizes bitcoin's blockchain for timestamping back in 2013: https://news.ycombinator.com/item?id=5790382 (the website is no longer available because better solutions came since, but its up on github[0] and the wayback machine[1])
This has some interesting use-cases, but people tend to overestimate what blockchain timestmaping actually gets you. You can prove that some piece of data existed at some point in time, but that's it. It doesn't prove this data is authentic, that this data was communicated to anyone, that no one else timestamped this data earlier, etc.
So you're acting as a trusted party to get delivery confirmations from Google? What if Google doesn't confirm delivery, but you decide to write to the blockchain anyway?
Also, won't Google servers return a cryptographically verifiable delivery confirmation? If so, couldn't this be used as the delivery proof directly instead?
Yes, we integrate with Gmail and communicate via the official Gmail API.
We only receive response statuses and act accordingly. Moreover, we think it's important for this functionality to make sense to insert the hash corresponding to the integrity of the email, and so make possible for our customers to "prove" they have indeed sent an email with a specific body/subject/...
"The insertion is done when we have received a response from Google servers"
But GMelius is a client-side application, right? According to your whitepaper, the insertion is done when the _client_ receives the response, I don't see anything about validation from the GMelius servers to GMail.
"SHA-512"
It's not the SHA part which is the problem, it's the RSA part. 512-bit RSA is well-known to be broken and there have already been multiple exploits. 2048 bits is the bare minimum anyone should use nowadays.
All the logic happens at the back-end level via our API communicating with Gmail's one. Nothing is done on the client-side (i.e., extension) besides the integration of our buttons/features within Gmail's UI.
The RSA key is just used to show that what has been inserted was through our service. Note that the final hash resulting from the mixer is done without any RSA.
Yes, because the killer feature missing from SPF + DKIM + DMARC is "blockchain". <rolls eyes>
Every time I see some new "<reliable tech>, now with Blockchain!" announcement, it just convinces me a little bit more that "blockchain" is still a solution (that very few actually need) searching for a viable problem.
EDIT: After looking around a bit more, the product appears to be your standard CRM tool (similar to Streak) but with "Blockchain" added to make it look different (but without adding any value).