[xpressyoo]

Hi vivan. Thanks for your comment. Besides the signature of an email using the robustness and persistence of the blockchain, what is different with "Email Stamping" and especially interesting for professionals who send sensitive emails (e.g., lawyers, insurers, brokers...) is that they have a way to show they sent an email with a specific content at a specific time.

A decisive challenge raised by today’s email dominance in the workplace is that the latter means of communication does not offer a built-in function to prove the integrity and authenticity neither of its content nor of its origin. Knowing that emails are increasingly presented as legal evidence in courts worldwide, it becomes urgent to think of approaches that could palliate the inherent flaws of email.

EDIT: And yes, Gmelius offers a lightweight CRM targeting SMEs that covers all the stages of the modern communication flow: from the first interaction to the potential signature of a contract/quote. Besides, Gmelius offers a shared inbox making possible to follow-up on leads, stay in sync with your team.

[nadaviv]

How does that prove the email was sent, though? Couldn't one timestamp the email into the blockchain, without actually sending the email to the other party?

Edit: btw, I released something that utilizes bitcoin's blockchain for timestamping back in 2013: https://news.ycombinator.com/item?id=5790382 (the website is no longer available because better solutions came since, but its up on github[0] and the wayback machine[1])

This has some interesting use-cases, but people tend to overestimate what blockchain timestmaping actually gets you. You can prove that some piece of data existed at some point in time, but that's it. It doesn't prove this data is authentic, that this data was communicated to anyone, that no one else timestamped this data earlier, etc.

[0] https://github.com/shesek/btproof

[1] http://web.archive.org/web/20140430152135/https://www.btproo...

[xpressyoo]

The insertion is only done once we have received a response from Google servers that the email has been indeed sent (without bounce or other errors).

[nadaviv]

So you're acting as a trusted party to get delivery confirmations from Google? What if Google doesn't confirm delivery, but you decide to write to the blockchain anyway?

Also, won't Google servers return a cryptographically verifiable delivery confirmation? If so, couldn't this be used as the delivery proof directly instead?

[xpressyoo]

Yes, we integrate with Gmail and communicate via the official Gmail API.

We only receive response statuses and act accordingly. Moreover, we think it's important for this functionality to make sense to insert the hash corresponding to the integrity of the email, and so make possible for our customers to "prove" they have indeed sent an email with a specific body/subject/...

[nadaviv]

Well, doesn't that mean that the security model is based on you acting as trusted third party and relying on you to only write truthful data to the blockchain?

In other words, the delivery proof is not based on trusting the blockchain mechanics, its based on trusting Gmelius Ltd.

[xpressyoo]

EDIT: reply to your last comment. The whole idea is to propose a "hybrid" architecture that bridges the gap between a centralized technology such as the Email with the benefits of a decentralized one, the blockchain.

This hybrid process implies you will need to trust parties at some points, e.g., Google and Gmelius. However, the point here is to offer a means to store in a robust way the trace that a specific email communication existed at a point in time, including its context/content.