Add DNS-based aliases

[cofob]

Is your feature request related to a problem? Please describe.
In the current version of yggmail, it is quite difficult to remember or share addresses like e8a6d1decc5c53b657bf57c546b894c7f07bcebf9a1bcc09de00d7a03d7e5366@yggmail.

Describe the solution you'd like
It is possible to use ALFIS (or any other DNS) to solve this problem. You can add a TXT record to _yggmail.domain.tld containing the yggmail public key. When sending a message to domain@tld, yggmail will extract the public key from the DNS, and send the message to the {public key}@yggmail

[neilalexander]

This is a pretty good idea and I had been thinking of something similar. Just not sure if it will fracture the experience if people use different DNS (e.g. some people use ALFIS, others use internet DNS, or have no DNS connectivity at all).

[zander]

now, I'm no expert in ygg, so correct me if I'm wrong here.

If on my example.com I add an ygg AAAA record (starting with 0200), isn't that enough for yggmail to already be able to do the task?

Afterall, ygg manages to encrypt and route packages based purely on IP, yygmail should be able to extract the public key from a running node too.

[cofob]

This is a pretty good idea and I had been thinking of something similar. Just not sure if it will fracture the experience if people use different DNS (e.g. some people use ALFIS, others use internet DNS, or have no DNS connectivity at all).

You need yggdrasil to use it, I don't think that the people who use it do not distinguish between different DNS.

[cofob]

now, I'm no expert in ygg, so correct me if I'm wrong here.

If on my example.com I add an ygg AAAA record (starting with 0200), isn't that enough for yggmail to already be able to do the task?

Afterall, ygg manages to encrypt and route packages based purely on IP, yygmail should be able to extract the public key from a running node too.

This will allow you to more flexibly customize your mailbox (and not all domains have a yggdrasil address, or there may be several of them). You can make yggmail look at the TXT record first, only then at AAAA.

[Revertron]

There are some security concerns though.
If someone sends mail, for example to neil@yggmail and uses faulty DNS-server, it can get attackers address, and send mail to an attacker instead of Neil.

The better way is to use addresses like neil.ygg@yggmail, using full domains from ALFIS' zones. Then if yggmail sees that address is not a public key, and has one of ALFIS's zones ending, it tries to resolve that domains TXT record. I think, the record should be for subdomain like yggmail.neil.ygg.

[cofob]

There are some security concerns though.
If someone sends mail, for example to neil@yggmail and uses faulty DNS-server, it can get attackers address, and send mail to an attacker instead of Neil.

The better way is to use addresses like neil.ygg@yggmail, using full domains from ALFIS' zones. Then if yggmail sees that address is not a public key, and has one of ALFIS's zones ending, it tries to resolve that domains TXT record. I think, the record should be for subdomain like yggmail.neil.ygg.

I suggested addresses like neil@ygg (neil.ygg), neil@com (neil.com).

[Revertron]

I suggested addresses like neil@ygg (neil.ygg), neil@com (neil.com).

How the DNS server will resolve such addresses?

[cofob]

I suggested addresses like neil@ygg (neil.ygg), neil@com (neil.com).

How the DNS server will resolve such addresses?

Before resolving, the back-end will parse such an address in domain.tld, and request a public key from the DNS, then send an email to public_key@yggmail

[ghost]

most apps don't work with tld

[cofob]

most apps don't work with tld

Perhaps we misunderstood each other. .tld is a placeholder for first level domain like .ru, .us, .com (Top-level domain)

[ghost]

i'm in point that most apps don't work with domain like hash@yggmail

[tionis]

Yes, I was unable to use my usual mail clients, because they didn't accept the mail address. The only one that worked for me was thunderbird.

[neilalexander]

i'm in point that most apps don't work with domain like hash@yggmail

Can you please qualify which apps don’t? Everything I have tested has so far been fine (including Apple Mail, iOS Mail.app, Thunderbird, mutt and Evolution).

[tionis]

Mailspring and KMail didn't accept the email.
Mutt didn't like the non existant encryption (this may have been a configuration issue on my side).

[ghost]

i'm in point that most apps don't work with domain like hash@yggmail

Can you please qualify which apps don’t? Everything I have tested has so far been fine (including Apple Mail, iOS Mail.app, Thunderbird, mutt and Evolution).

DeltaChat and KMail

"Wrong mail address"

[neilalexander]

Mutt definitely worked when I set it up. If KMail and Mailspring have issues with the address format then we should probably raise issues on their respective bug trackers, since the email addresses are valid as per RFC 5322.

[tionis]

I opened an Issue in the bug report forum of Mailspring link

[tionis]

Mutt definitely worked when I set it up. If KMail and Mailspring have issues with the address format then we should probably raise issues on their respective bug trackers, since the email addresses are valid as per RFC 5322.

How did you prevent Mutt from trying to use TLS for the SMTP server?
I already used the smtp:// format instead of the ssmtp:// one.

[neilalexander]

How did you prevent Mutt from trying to use TLS for the SMTP server?

Something like this in .muttrc:

set folder = "imap://localhost:1143"

set imap_user = "<username>"
set imap_pass = "<password>"

set smtp_url = "smtp://localhost:1025"
set smtp_pass = "<username>"

set ssl_starttls = no
set ssl_force_tls = no

set from = "<mailaddr>"
set realname = "<name>"

[tionis]

I tried it with this config and either get a SASL authentication failed if I use something like smtp://HASH@yggmail@localhost:1025 or SMTP session failed: 502 5.7.0 Not expecting anonymous connection on internal backend when configuring it via the example above. But this seems to be getting off topic.

[tbxv]

Maybe it would be better to allow multiple inboxes on one node and use more conventional addresses like inbox@public_key.yggmail and [email protected]. This would be more compatible, more flexible, and could make it possible to have one address for both yggmail and standard email.

Or maybe support only one inbox per node but accept any name before '@'. This way emails sent to both [email protected] and [email protected] will go to the same inbox, but different names could be used to help filtering and categorization of mails.

[tbxv]

Or maybe support only one inbox per node but accept any name before '@'. This way emails sent to both [email protected] and [email protected] will go to the same inbox, but different names could be used to help filtering and categorization of mails.

Also in this case an option to restrict allowed names will be useful for basic spam protection: to send mail complete address must be known, not just the public key, so it won't work for spammers to try to send mails to every node discovered on the network.