6 comments

[ 2.9 ms ] story [ 27.3 ms ] thread
Dear Internet,

For 25 years you've pleaded for an SMTP replacement. But all you got was SaaS, sans interop.

Now at long last, here it is. (We're so sorry it's taken so long, but we're only human!)

TMTP is a sane network protocol for email, to end attacks and promote productivity. You can download client and server, written in Go, from the mnm open source project:

https://mnmnotmail.org

Why now? The cybercrime crisis, a huge portion of which is facilitated by social engineering attacks via email.

Good idea in theory, but this part:

```To prevent theft of correspondence (in the event of a compromised account or server) the messaging service must store only messages that have not yet been delivered or returned as undeliverable.

Where archiving is required, the service should encrypt the traffic of designated accounts with a public key, and forward it to a write-only archive service.```

This is a silly default behavior. For enterprise I guess it makes sense, but I want to keep my mail local, not shuffle it off to Yet Another Service™. And I certainly want it to SAVE my mail and not delete it by default!

Its not silly, its just a division of responsbility: delivery vs. dleivery archiving (probably not usually needed outside of enterprise) vs. user reader support & user archiving (the last two out of scope).
For personal backup/archiving, there's replication to multiple clients, also described on the website.

Someone will create a web service that implements a TMTP client to replicate your account in the cloud. That's fine for many consumers, but must not be the default.

Actually I think I'm not understanding this properly... does the phrase 'messaging service' mean the email service, i.e the server? So the server would not store my mail, but the client would?

I guess the answer is obvious. Sorry, I didn't read this properly. Good work on this!