Part 1: Caution! Angry dog ​​- (@)!

Good day, Habr!

After periodically reading Habra, and especially after reading Habravchan’s comments on the idea of ​​creating the concept of a “new”, secure mail, we very much itched our hands to write a topic.

A year and a half ago, our team had an idea to create secure e-mail. The initial concept was to create an e-mail server that would simply encrypt user information, but it did not visually and functionally differ from simple e-mail (for example, like gmail or yandex.mail).
')
From the very beginning of work on the mail server, our main task was to maximally simplify work with encrypted mail, as well as a different approach to solving the spam problem (without using spam filters).

Here are 4 points that we relied on when creating the mail server:

• Privacy and Security
• Identification
• No spam
• "Living" letters

As a result, there appeared - (@) Scimailbox, this is the name of the mail server we created.

Clause 1. Confidentiality and lack of spam

As mentioned earlier, we do not use spam filters - the very concept of anti-spam has been changed. The spam problem was solved by creating business cards and confirming the sending of letters.
Therefore, in order to start free correspondence with other users, you first need to exchange business cards with them, namely:

you simply specify the email address of the person with whom you want to correspond and send a business card. Another user, having received your business card, decides whether to accept it and start a correspondence with you, refuse or block it.

In this way, you create your contact list from people you are interested in, with whom you can easily correspond, and also, if you wish, indicate to the system users with whom you do not wish to correspond and thereby block them.

If the user is not in your contact list, but you want to send him a letter, the system will each time ask for confirmation to send a letter.

You can use private correspondence by blocking the receipt of letters from unknown senders, i.e. Only those users who previously exchanged business cards with you and are in your contact list will be able to correspond with you.

Item 2. Data Security

The information security algorithm is similar to PGP technology. Information security is carried out by the following technologies:

• RSA. The system uses 2048 bit keys;
• AES 128/192/256 bit encryption keys;
• SSL protocol;
• SCIMP proprietary messaging protocol;

Immediately, we note that mail is encrypted and decrypted on the user's local machine, the server does not encrypt the letter. This means that neither at the time of receiving / sending letters by the server, nor at the time of their reading / receiving, the contents of the letters are not “opened”. Reading the contents of letters by intercepting traffic is also excluded.

No keys that would be necessary for users to conduct correspondence are not issued.

Item 3. Identification

Identification of senders and their letters are very important in the postal correspondence. Thanks to her, you can talk about the authenticity of the information you receive, and the persons from whom you receive it. In (@) scimailbox, identification of senders occurs both by users and the system itself. The system is designed in such a way that allows you to exclude the substitution of personal data in letters, which is often used by spammers and other unfriendly persons.

When registering a mailbox, the user creates a business card in which his personal data can be entered, as well as the information that the user himself wishes to indicate (occupation, field of activity, etc.) When we receive a business card from another user, we receive certain information about the person and we can decide for ourselves whether we should continue to communicate or not. The system itself recognizes users / senders by other additional criteria.

If we talk about the compatibility of regular mail with our mail, then yes - they are compatible, but there are "nuances". The service responsible for sending letters from regular mail to (@) scimailbox and vice versa is being finalized.

Currently, the server is in closed beta testing, on our website you can send a request to get an invite to the test version of the mailbox www.massci.net .

We are sure that now comments will be made on the topic, such boxes already exist, plus Google Wave has appeared, etc. etc. Immediately answer, a market survey was conducted and various existing products were reviewed: S-Mail, Hushmail, cryptoheaven, Google Postini, etc.

GoogleWave is a separate story that you can write about separately ... How we corresponded with Google, and everyone learned about GoogleWave :)

ps We decided to split the article into several parts, because in one post just do not tell. So soon we will publish the second part ... Please do not judge strictly, this is our first post :) and we will listen to your wishes and comments with great attention.