{"id":16939368,"url":"https://github.com/snipe/ssmtp","last_synced_at":"2026-02-03T18:33:25.189Z","repository":{"id":66818374,"uuid":"10332731","full_name":"snipe/ssmtp","owner":"snipe","description":"Secure simple mail transport protocol - requirements gathering","archived":false,"fork":false,"pushed_at":"2013-05-28T22:42:17.000Z","size":140,"stargazers_count":3,"open_issues_count":3,"forks_count":3,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-04T19:07:43.332Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snipe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-05-28T09:58:13.000Z","updated_at":"2016-10-01T02:05:02.000Z","dependencies_parsed_at":"2023-02-20T12:15:42.952Z","dependency_job_id":null,"html_url":"https://github.com/snipe/ssmtp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/snipe/ssmtp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snipe%2Fssmtp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snipe%2Fssmtp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snipe%2Fssmtp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snipe%2Fssmtp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snipe","download_url":"https://codeload.github.com/snipe/ssmtp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snipe%2Fssmtp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29052633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T15:43:47.601Z","status":"ssl_error","status_checked_at":"2026-02-03T15:43:46.709Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T21:04:32.534Z","updated_at":"2026-02-03T18:33:25.162Z","avatar_url":"https://github.com/snipe.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"SSMTP - Secure Simple Mail Transport Protocol *\n=====\n\nSummary\n-------\nEmail as we know it just doesn't work anymore. Fighting spam has become a losing game for email administrators and passwords are insecure and easily stolen. \n\nWe're working on gathering requirements for a new email protocol, one that is easy to implement, easy to use (as an end-user), and is more secure. We don't have all the answers yet, but we're trying to work some of that out here. Feel free to contribute if you have any ideas! \n\nWhile we definitely aim to look to the research and brilliance of others (such as DJB with Internet Mail 2000), we want to approach this with fresh eyes, taking into consideration the current state of spam, hacking, phishing and spoofing, and where trends indicate it will go from here. We're starting from the business requirements first, and seeing where this takes us. \n\nIn discussing this with colleagues (over beer and brunch - very technical stuff), we realized that several of the social networks have gotten it pretty close: \n\nOn Facebook, if someone you're friends with sends you a Facebook Message, it goes into your FB Inbox and you are alerted that you have a new message. If someone you're not Facebook friends with sends you a message, it gets filed in Facebook's version of a pseudo-SPAM box, labeled \"Other\". Messages from Facebook fan pages you \"liked\" also appear here and bypass your Inbox altogether.\n\nOn Twitter, messaging is much simpler. If you are following someone on Twitter, they can send you a direct (private) message. If you do not follow them, they cannot privately message you. If you have blocked them, you will not see @replies to you, and they will be prevented from sending you direct messages.\n\nSo the challenge here is partly how to handle those layers of relationships and trust. We certainly don't want a corporation holding the keys to those relationships, so we need something federated. \n\n\nRough Requirements\n--------\n- Web of Trust\n- Key exchange\n- Possible multiple tiers of trust/keys: \n    - Well Trusted: good friends/colleagues, always gets through\n    - Known: Newsletters, people you've just met and want to hear from, but you don't know well\n    - Unknown: probably spam, but might not always be\n\nUse-Cases to Consider\n--------\n- Slow-adopting enterprise - need sane fallbacks, but not so sane that they discourage adoption\n- User gets hacked - they need to revoke their own keys, people with their public key need to be able to invalidate it (and possibly notify the user)\n- People will try to hack this, of course. How, and how can we mitigate? \n- Like spam filters of today, how do I let a legit stranger contact me and not get caught in spam traps?\n- DDoS mitigation\n- Chain of Custody (losing BCC headers in IMAP Sent items, etc)\n\nDisorganized thoughts\n--------\n- Backwards Compatibility with SMTP?\n- Distributed By Nature?\n- Mobile/Multi-device friendly?\n- Consider amending/usurping/replacing IMAP as well? \n- Can it just be a SpamAssassin plugin with a distributed friend-network component?\n- Is it just SMTP with some new headers?\n\nUseful Articles\n--------\n- http://en.wikipedia.org/wiki/Internet_Mail_2000\n- http://en.wikipedia.org/wiki/Proof-of-work_system (+ certs?)\n- http://en.wikipedia.org/wiki/Thawte#Web_of_trust\n\n\n**THIS NAME WILL PROBABLY CHANGE.** We know Debian ships with an SSMTP :P One problem at a time. \"There are only two hard things in programming: naming things, cache invalidation and off-by-one errors.\"","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnipe%2Fssmtp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnipe%2Fssmtp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnipe%2Fssmtp/lists"}