ENG ITA
What is OnionMail?
OnionMail is an anonymous and encrypted mail server made ​​to run on the TOR network without losing the ability to communicate with the Internet.

This ensures greater privacy to the users but also protect against eavesdropping of the NSA and others. Thanks to the TOR network nobody can know:


All OnionMail servers are configured as TOR hidden services and use SSL (via STARTTLS).

To use OnionMail all you need is an email client connected to the TOR network without install any special or complicated software. (Example: Claws-Mail or Thunderbird).

All OnionMail server are connected in a federated network to check the SSL certificates and working state. All federated server can connect to the Internet via exit/enter servers to forward messages between networks.

OnionMail through the exit/enter nodes forwards messages between networks TOR and internet in a transparent manner.

TOR =► TOR



Internet =► TOR


TOR =► Internet


Some special protocols implement the possibility not to use obligatory the TOR network addresses with 16 alphanumeric characters using the address registered with the enter/exit servers.
Nobody is obligated always to use the addresses of 16 characters of the TOR network.


In the event of theft OnionMail does not reveal any sensitive data:
The OnionMail server type uses asymmetric encryption. Each inbox are encrypted with RSA asymmetric keys encrypted with different users' passwords. Obtaining the keys of the server nobody can read messages from users' inbox.

All data are saved in encrypted form and chopped files using an hash algorithm. In this way an attacker can't obtain the reverse path to get informations or metadata of any users and their activities.

The messages are saved only on the server of the recipient. In case of errors during sending the message, you will get an error message on the mail client. OnionMail uses POP3 protocol with SSL to obligate the user to read all messages and delete all messages from the server.
Every file is deleted via wipe to prevent forensic recovery of messages or other user's data.

All files, users and inbox are encrypted via rolling key calculated form hash algorithm and some server's keys. The master key of the server is not on the server:
When an OnionMail server start it negotiate some function F(X) with other servers. The keys are chopped, encrypted and calculated from a lot of F(X) spread into the TOR network.
All F(X) are controlled by auto destruction KCTL certificates.
The auto destruction certificate can activate, deactivate or destroy the keys on all F(X) nodes without access the original OnionMail server.
This provides the ability to delete the keys of the server in the event of theft or seizure without require server access.

Spam is short-lived because there are the custom blacklists. So each user can set their own spam filters.

OnionMail contains a little bot to communicate with the server directly. This bot is used to activate the OnionMail's extended functions. It supports PGP encrypted messages, mailing lists, spam filters and much more...

In the OnionMail's network are introduced some types of e-mail addresses. Some suffix of mail address are reserved to get the type of mail address: User, M.A.T. Protocol address, SysOp, servers, mailing list and applications.

All OnionMail server are anonymous and the system administrator can't read any message or get a list of users. With other configurations the system administrator can give an invite code to user to subscribe only one mail address. This way is used to change the subscription policy.

To create a new OnionMail's mailbox can be used three ways:
List of other OnionMail's functions:
(CC) by OnionMail Project

Licenza Creative Commons  Contatore per siti