cross-posted from: https://sopuli.xyz/post/12515826
I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:
From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion To: someoneElse@clearnet_addy.com
I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?
TL;DR you can send emails from .onion addresses if you want, but no clearnet server is going to accept them.
So when you send an email, you can actually put whatever you want in the
from
header. I could send an email that says from “made.this.up@website.doesnotexist”. The protocol doesn’t care.Do you know who does care? The email server you’re sending messages to, because spammers and scammers love to try and send email with fake
from
addresses.So, there’s an entire verification system in place that involves looking up public keys from the website that the email claims to be from. (this is a gross over simplification. Look up SPF, DKIM, and DMARC for more info). The problem is you can’t even reach
.onion
sites from the clearnet to do the lookups. So no email servers would be able to validate your address is legitimate and so would drop it as spam.The receiving servers do not generally care what’s in the FROM field. They care that the sending server they are connected to is authorized and has their SPF, DKIM, and DMARC shit together. It’s not for the receiving server to control the email aliases of individual senders. Some rare over-zealous servers will look at the FROM field and expect the domain to match but if I encounter that, the collateral damage is what it is. I can always still decide from there whether it’s worthwhile to go through extra hoops.
That mismatch between DMARC verification domain and the domain of the “from” header is called DMARC Alignment. Any modern spam filter is going to mark unaligned messages as spam. Especially if one of the domains is completely non-routable like .onion.
And even if you sent the email and it got through with your .onion address, no one would be able to reply to you because the replying mail server can’t even look up the MX record for your .onion domain.
I’m fine with all that. I’ve mostly abandoned #email anyway because I do not accept the terms Google has imposed on the world. I send most messages by postal mail when recipients have only exclusive and restrictive receiving options.
The inability of the recipient to reply to an onion address using their normal service is actually part of the idea. I would not want a gmail user to be able to use gmail to reply, for example. While Google drags people into their walled garden, I’m happy to exert pressure in the opposite direction.
(edit)
If I were to send a msg to gmail user in a way that they could simply reply from Google, then I become part of the problem by reinforcing the use of Gmail and helping Google get fed. That’s not going to happen. It’s a non-starter.