this post was submitted on 11 May 2024
-2 points (41.7% liked)

Privacy

652 readers
1 users here now

founded 2 years ago
MODERATORS
 

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 6 months ago (1 children)

Not really an option, since the onion TLD isn't accessible to clearnet servers. How are email servers supposed to reach out the onion domain name and mail server if they can't resolve it?

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

Not really an option

Sure it is. I can theoretically¹ do it myself with my mail server. If you use a mail client like (neo)mutt, you can literally free type whatever you want to put in the FROM field. IIRC, this contradicts no RFCs so long as there is a syntactically valid email address.

Ever get an email with a bogus address like “[email protected]”? It’s essentially the same. Not all e-mail addresses in the FROM field go to valid inboxes -- nor are they required to.

footnote 1The reason I say “theoretically” is that some exceptional SMTP servers check that the domain portion of the FROM email passes an MX lookup or that the DNS lookup matches the sending server. It’s a rare configuration. I have no domain name so my mail server always sends msgs with a “spoofed” email address (which is often valid but not related to my IP). I also write in completely bogus email addresses in some cases where no reply is needed. Very few servers reject on that basis. The other complication is that many mail services disallow outbound messages with a different address than what they assigned to a user.

since the onion TLD isn’t accessible to clearnet servers. How are email servers supposed to reach out the onion domain name and mail server if they can’t resolve it?

You’re talking about using the FROM address for replying purposes. The point of having this option is to make replies very difficult, but still possible.

Mail servers can be configured to handle onion addresses. I’ve configured postfix to do that. But indeed most servers are not configured to handle onions, which any users who make use of the feature would need to be aware of. It’s a useful scenario because it can be used to force recipients out of Google’s and Microsoft’s walled gardens, and give them incentive to join the free world away from surveillance advertisers, for example. They must join an onion-capable email service if they want to reply.

[–] [email protected] 1 points 6 months ago (1 children)

Your information is way out of date. Almost every server tries to resolve the sending fqdn, if only to check spf and dkim records. The sending domain not existing will usually leave your messages in spam or outright blocked.

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

If you monitor IRC channels on email servers, you’ll find there are plenty of email admins unwilling to even go through the dkim and dmarc hoops. An fqdn check not on the sending server but on the FROM field of a msg is over-zealously above and beyond dkim and dmarc. I’m quite fine with not reaching these fringe servers. I can always decide from the bounce msg whether it’s worth my effort to dignify their excessive hoops with a transmission to their persnickety liking.

[–] [email protected] 0 points 6 months ago (1 children)

Oh yeah, fringe servers such as checks notes Gmail and Microsoft. Let us know how that goes!

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

Gmail doesn’t care what the FROM field address is. It can be entirely unrelated to the sending server and can be complete gibberish nonsense. MS did not care either back when MS did not consider dynamic IPs blacklisted. Now that MS wholly rejects dynamic IPs I’m not interested in retesting that anyway.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Are you wanting to have a .onion TLD email address, and be able to communicate with non-TOR web servers?

The host needs to be able to look up addresses, and resolve them to a location. If the email server can’t find it, itll be undelivered. It would require having clearnet servers also connected to the TOR network which I would imagine is incredibly unlikely.

In the same way you can browse non onion sites through TOR but not the other way around, you would likely be able to send email but not receive them

You would need a tor email host that also connects on clearnet, and directs clear to tor traffic

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

Are you wanting to have a .onion TLD email address,

Yes, and that much exists. There are onion email providers, but when you email a clearnet recipient, they typically convert your onion email address to a clearnet address. That’s useful in most situations but there are also several use cases for not doing the conversion. But finding a service that accommodates the other use cases is hard, considering onion email is rare in itself.

and be able to communicate with non-TOR web servers?

No, nothing to do with the web. Just email.

The host needs to be able to look up addresses, and resolve them to a location.

Only for replies. But not all messages need a reply. See my other msg.

It would require having clearnet servers also connected to the TOR network which I would imagine is incredibly unlikely.

Those exist already (danwin, riseup, onionmail, etc). But they operate on the assumption that senders always want replies from the recipient to be possible via their receiving server. That’s not always desirable.

In the same way you can browse non onion sites through TOR but not the other way around,

There is a service that enables clearnet users to reach onion services (onion.to, onion.cat, etc), but this is unrelated. Web is unrelated.

you would likely be able to send email but not receive them

Bingo. That’s the point in some of the use cases.