Looks cute - internally it sounds like XMPP rosters if we imagine all mail messages/attachments are pulled too.

Some issues at a glance

• no display names is a good thing - but then "name is retrieved from their public profile" does not sound very good
• ascii for local usernames will probably annoy a lot of people, maybe we should just remove the letters and just issue people numbers (i'm not being sarcastic)
• disallowing IP addresses in the remote part by definition sounds unnecessary

I think there are some gaps on the notification side of things - the agent not being able to verify them (and maybe dropping) or conversely accepting notifications that it should not.

What really puts me off here is the unnecessary use of HTTP .e.g discovery moves from DNS to well known file (webfinger?). Not sure what the benefit is, but ok. And the use of a novel authentication scheme makes me nervous.

It was a nice read and I agree with the point that making this pull based helps. But I wish it did not try to invent so much in one go

Was about to try it but then it won't open without Google play services, I use aurora store.

Haven't gotten through the entire protocol description yet, but so far it seems closer to DMs on a social network than digital letters.

Neat, but maybe we should just do email-over-activitypub then...

Where is the RFC describing the new protocol?

With Mail/HTTPS, self-hosting email is as simple as running a website.

That sounds amazing!

I'm all for software that greatens our ability to selfhost. I've heard it's very hard to host email. If open email delivers on this, it might just have what it takes to survive.

email fans are like:

Email is an open protocol and therefore we dont need this.

Openness doesn't mean flawless. Openness doesn't mean it is good. The protocol of BlueSky is open, but gives only the mighty the ability to take ownership.

I don't know why they think email is good enough, it must be something irrational.

...

Email is distributed.

It is certainly not distributed. Today it is a mix of oligopoly and decentralized. If it was distributed, it would be as easy to host an email service as it is to own a phone. Entirely possible, but not the reality of today.

Tuta wasn't able to succeed and therefore this is not going to succeed.

Just because somebody has failed before, doesn't mean it can't be done.

They are targeting the tinfoil hat people.

...

People don't care.

If you say this, then you are out of the discussion. Let adults speak instead.

A comment section full of strawmen.

If you are going to criticize this project, you need to criticize how they present their ideas. Perhaps you disagree how they portray email. Then you can say something like, "it is not an issue that a few corporation host most of the emails of the world." You can say "A significant amount of funding comes from xxx and this compromizes their integrity." You could say "Open email sais that their protocol is private, but why do they not implement superduper encryption".

Email is already open and fully distributed.

The fact that most people gravitate to a few large providers isn't really related to email as a system IMO.

No. The problem is not that email is not open, or that open and private email providers don't exist. The problem is that people don't care.

And seeing that this app is not available outside the Play Store, this provider is only pretending to.

It doesn't sound like anything except trying to sell something to tin foil hat people.

SMTP is still an open protocol, the ONLY reason you're able to email other servers is because it's an open protocol.

Here's the RFC for it.

Here's the one for SPF and here's everyone's favourite "I don't understand it, so I won't implement it, dammit why is Gmail blocking me? This is all big techs fault!"

"oh but what about the weird protocols Microsoft uses for Outlook! They're not proper protocols!" You mean MAPI(RPC\HTTP) and ActiveSync? Well, RPC was built because the idea of a client constantly hitting an IMAP or POP, CalDEV and CardDAV in 1990 seemed like a poor use of resources. ActiveSync is about pushing email to devices with very low resources which don't have the power to constantly be polling a sever. Neither of these protocols affect SMTP, they are client protocols which were not thought about during the 70s and 80s when servers were logged into directly with terminals.

Both solve legitimate problems. You actually have Microsoft's blessing to go build with either protocol because both are documented. Microsoft would probably love for you to improve on them because they are worked on by the engineers who care about protocols and performance. They do exist. But apparently being offered that opportunity is not good enough for the open source community because, while you will find a handful of projects with open source implementations of these, according to them IMAP is perfect.

In Dylan Beattie's excellent talk on the subject of large email providers, he makes the point that a perfectly open system will be exploited by assholes. There's a reason toad.com is blacklisted. It's not a perfect system, but compatibility comes with massive compromises. S/MIME is a kludge and if anybody really could think of a way to improve SMTP it would not be big tech that's stopping it.

ON A SIMILAR AND EQUALLY IMPORTANT TOPIC: Big tech isn't blocking Matrix adoption or XMPP. Maybe when they're a bit older, but they're not currently scalable or robust enough to take on proprietary solutions.

It's definitely not going to be. The most radical attempt to revolutionize email protocol that has been accepted is Tuta, where they use TutaCrypt instead of OpenPGP. And they are like being criticized af, because nobody actually wants to use TutaCrypt to replace standard encryption protocol. And you still get to send email to others with Tuta, which you can't even do with open.email. I am quite pessimistic on open.email's future.

Yes, another protocol will surely break the corporate stronghold on communication. This time for real! /s

Cool idea, but trying to replace email is an absolutely futile endeavor. There's no way we'll be able to replace a legacy protocol used by literally everyone around the world.

Right now the only way to host this is with cloudflare workers 😅 Until the go implementation is done I doubt anyone but them will run this.

"Soon even on your own domain." This smells like bluesky, hopefully it's not an empty promise this time.

It's cool but without legacy support, there's no way mainstream attention. Do what Tutanota does, encrypt whenever possible.

I don't quite understand their solution. I'd wait.