GallApr 2, 2025
Delta Chat

new security milestone reached: #chatmail relay servers are hardened to only transfer end-to-end encrypted e-mail with metadata minimization. No cleartext message can enter or leave the secure chatmail network anymore.

We now talk about "chatmail relays" rather than servers as they only ephemerally store messages until delivery. Dirt cheap to run.

We opened up our #rust "chatmail core" infrastructure library and set up an overview of the community driven ecosystem ...

https://chatmail.at

Chatmail

Chatmail provides FOSS infrastructure for interoperable, secure, speedy and reliable end-to-end encrypted messaging. Check out clients as Arcane Chat, Bots or Delta Chat today!

Apr 2, 2025 at 9:29pmWeb
Show threadDelta ChatApr 3, 2025

Fun fact: The SMTP return code for when you try to get a not properly encrypted Internet Message (vulgo e-mail) relayed:

523 Encryption Needed

It's standardized already :)

Show threadlpsApr 2, 2025

@delta

"Chatmail relays are therefore cheap to run and use:

Hosting costs for 100K relay users are around half a Cent per user and year.

System administration costs are near-zero after setup.

Apps and bots can freely use instant chatmail addresses, avoiding classic e-mail server rate limits."

THAT IS AMAZING!!!!

Wow, you are a bunch of geniuses!!

Show threadLight Owl ☸️Apr 2, 2025
@delta Can geoblocks be set up to stop signups from certain countries? Like if there were one or two countries, or IP ranges where I didn't want to allow signups from them, could I do that? I would still accept email from any IP for relaying purposes. Just signups - new local account creation - was restricted.
Show threadNamiApr 2, 2025
@sbb @delta be careful about what you want - the conflict that matters is not between countries, but between those above and those below. Excluding users by IP address is not very wise - I'd rather make technology possible which discourages organized violence and enables escape, trust, and intimacy.
Show threadLight Owl ☸️Apr 3, 2025

@compl4xx @delta A lot of flooding of open Web services is happening these days by bots, wasting lots of bandwidth and CPU. Bots downloading the same web assets tens of thousands of times. It's a "bad-faith" wastage of the free services offered. Party poopers must eventually show up to any wide open party, and foul it, if possible. Blocking Alibaba cloud's IP range stops about 80% of these bots - for now.

Allowing free and easy account creation on a #DeltaChat/Chatmail server provides a similar bad-faith "opportunity" for such party-pooper wastage of disk IO, disk space, CPU, etc - creating a huge number of free accounts, but not using them. So that's why I would want to know how to do such Geo-blocking/IP range blocking upfront - having seen what bad-faith bots are up to these days.

Show threadDelta ChatApr 2, 2025
@sbb blocking IP addresses temporarily or for longer, can probably just use standard firewall rules. It's particularly the SUBMIISSION and IMAP ports you could try to block and probably HTTPS. This would still allow SMTP-relaying (incoming messages etc.). Requires research and trying out a bit. From our side, we are rather trying to make relays resiliently available (you can also connect via HTTPS port and ALPN to imap/submission btw).
Show threadFarshid Hakimy / فرشیدApr 2, 2025
@delta I wonder how good the metadata minimization is compared to Signal.
Does the server get to know both the sender and the recipient?
Show threadGallApr 2, 2025
@delta What will happen if I'm not online when the message comes? Does the relay store it until it can send it to me or does the message disappear?
Show threadDelta ChatApr 2, 2025
@funtoomen chatmail relays are store-and-forward servers and they keep it until you get it, but not longer than X days (default 20, chatmail relays differet a bit but should have the info on their web page)
Show threadGallApr 2, 2025
@delta Thanks. Awesome stuff btw, just downloaded the app and started using mailchat.pl. <3
Show threaddexternemrodApr 3, 2025

@funtoomen

@delta

Welcome to the party ✌️

Show threadMartin ███████Apr 3, 2025
@delta "No cleartext message can enter or leave the secure chatmail network anymore." doesn't seem to be true (just tried it), and also sounds extremely alienating towards those who use Delta as an API-free pager app. 🤔
Show threadNamiApr 3, 2025
@unixtippse @delta existing accounts can still receive unencrypted messages, to not break such workflows - but in general, for unencrypted use cases it is better to login with a classic email account.
Show threadDelta ChatApr 3, 2025
@unixtippse existing addresses can still get cleartext messages. New ones cannot. We didn't want to break existing user experiences abruptly.
Show threadSpacewizard! (Ed H)Apr 3, 2025
@delta so is delta not really going to do that "interoperability with traditional email" thing anymore?
Show threadFarooq | فاروق [Master Patata]Apr 4, 2025
@delta Man! your 5 USD dirt cheap VPS costs 8.8 #Falafel sandwiches here!
Show threadtreefitApr 4, 2025
@farooqkz I don't know how they look (a what quality and quantity you get) but I bet in Germany you would only get 2-3 of those for that money.
like the price when you buy it from a take away fast food place, preparing it yourself will be much cheaper
Show threadFarooq | فاروق [Master Patata]Apr 4, 2025

@treefit

exactly. the dirt price for germany is too expensive in our money

Show threadvitaliyApr 5, 2025
@delta is it possible to detect or distinguish chatmail servers from any other mail server? I am interested because the censor can make a small scanner, which will connect to every mail server and collect a list of chatmail servers.
Show threadrakooApr 8, 2025
@gvitalik

Try to create an account with random username and password, it should work :)
@delta
Show threadDelta ChatApr 8, 2025
@rakoo @gvitalik even if such direct attempts can be mitigated relatively easily on the operator side, fingerprinting remains a possibility. Automating such approaches and blockings can easily cause collateral damage ... A large country once automated blocking of IP addresses for certain domains and thereby brought down the payment system in a big city after someone pointed their DNS entries to it. Then, there are shadowsocks and other proxies which are easy to use in delta. Cat and mouse.