https://github.com/icd360s-e-v/mail
Secure, end-to-end encrypted email client for desktop and mobile — Flutter, OpenPGP, mTLS, ClamAV, zero local storage
https://github.com/icd360s-e-v/mail
clamav cross-platform dart email-client end-to-end-encryption fluent-ui flutter imap mtls openpgp pgp-mime privacy security smtp zero-knowledge
Last synced: about 1 month ago
JSON representation
Secure, end-to-end encrypted email client for desktop and mobile — Flutter, OpenPGP, mTLS, ClamAV, zero local storage
- Host: GitHub
- URL: https://github.com/icd360s-e-v/mail
- Owner: ICD360S-e-V
- License: agpl-3.0
- Created: 2026-04-04T19:23:41.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-04-19T12:05:58.000Z (2 months ago)
- Last Synced: 2026-04-19T12:32:32.804Z (2 months ago)
- Topics: clamav, cross-platform, dart, email-client, end-to-end-encryption, fluent-ui, flutter, imap, mtls, openpgp, pgp-mime, privacy, security, smtp, zero-knowledge
- Language: Dart
- Homepage: https://icd360s.de
- Size: 26.5 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# ICD360S Mail
**Secure, end-to-end encrypted email for desktop and mobile**
Your emails are encrypted so only you and your recipient can read them.
[](https://github.com/ICD360S-e-V/mail/releases/latest)
[](https://github.com/ICD360S-e-V/mail/actions)
[](LICENSE)
[](REUSE.toml)
[](https://flutter.dev)
[](https://www.rfc-editor.org/rfc/rfc9580)
[]()
[]()
[]()
---
> [!IMPORTANT]
> **Your emails are never stored on your device.** They are fetched live over mutually authenticated TLS and displayed in memory only. No forensic artifact remains after the app closes.
---
## How It Works
```mermaid
graph LR
A["Your Device"] -->|"mTLS + E2EE"| B["mail.icd360s.de"]
B -->|"PGP Encrypted"| C["Recipient"]
B -->|"DANE + DNSSEC"| D["DNS"]
style A fill:#1565C0,stroke:#0D47A1,color:#fff
style B fill:#2E7D32,stroke:#1B5E20,color:#fff
style C fill:#1565C0,stroke:#0D47A1,color:#fff
style D fill:#4527A0,stroke:#311B92,color:#fff
```
### :eye: What the server sees
- Sender address
- Recipient address
- Subject line
- Date and time
- Message size
### :lock: What's encrypted (E2EE)
- **Message body**
- **Attachments**
- **Attachment names & types**
- **Inner MIME structure**
- **Everything inside the payload**
---
## Features
### :lock: Encryption
- **OpenPGP E2EE** — PGP/MIME (RFC 3156)
- **Native Go engine** — 27 MB in < 1 sec
- **TOFU key pinning** — warns on key change
- **Zero-access storage** — admin can't read mail
- **WKD** — auto key discovery for Thunderbird/ProtonMail
- **Autocrypt** — key exchange in every email
- **Password-protected mail** — AES-256-GCM for external recipients
### :shield: Authentication
- **Mutual TLS** — per-user client certificates
- **Device approval** — admin-controlled enrollment
- **Remote revocation** — instant wipe on revoke
- **PIN unlock** — randomized keypad layout
- **DANE + DNSSEC** — verified transport
- **ARC signing** — auth preserved on forward
### :see_no_evil: Privacy
- **RAM-only cache** — zero disk, wiped on lock
- **Self-hosted DoH** — no Google, no Cloudflare
- **Header stripping** — IP/hostname removed from outgoing
- **PII-safe logging** — auto-redaction of sensitive data
- **No telemetry** — zero analytics, zero tracking
### :bar_chart: Security Monitoring
- **10 health checks** every 30 minutes
- SPF, DKIM, DMARC, MTA-STS, TLS-RPT
- CAA, DNSSEC, DANE (TLSA)
- IPv4/IPv6 blacklist (43 providers)
- **Recipient security** in compose — E2EE / DANE / TLS / Plaintext
---
## Cryptography
> [!NOTE]
> All cryptographic operations use modern, audited standards. No legacy algorithms.
| Component | Standard |
|:---|:---|
| :key: Signing | Ed25519 (EdDSA) |
| :closed_lock_with_key: Encryption | X25519 / ECDH (Curve25519) |
| :envelope: Messages | OpenPGP (RFC 9580, PGP/MIME RFC 3156) |
| :bank: Vault | AES-256-GCM + Argon2id (64 MiB / 3 iters / 4 threads) |
| :satellite: Transport | Mutual TLS + DANE (TLSA 3 1 1) + DNSSEC |
| :mag: Key discovery | WKD + Autocrypt Level 1 |
---
## Download
> [!TIP]
> All downloads are served over HTTPS with cryptographically signed version verification.
### Desktop
Linux packages: DEB, RPM, tar.gz
| Format | Download |
|:---|:---|
| DEB (Ubuntu/Debian) | [icd360s-mail.deb](https://mail.icd360s.de/downloads/mail/linux/icd360s-mail.deb) |
| RPM (Fedora/RHEL) | [icd360s-mail.rpm](https://mail.icd360s.de/downloads/mail/linux/icd360s-mail.rpm) |
| tar.gz | [icd360s-mail-linux.tar.gz](https://mail.icd360s.de/downloads/mail/linux/icd360s-mail-linux.tar.gz) |
### Mobile
-3DDC84?style=for-the-badge&logo=android&logoColor=white)
Android flavors: F-Droid, Samsung, Huawei, Google Play
| Flavor | ARM64 | ARMv7 | x86_64 |
|:---|:---|:---|:---|
| Universal | [Download](https://mail.icd360s.de/downloads/mail/android/universal/app-arm64-v8a-universal-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/universal/app-armeabi-v7a-universal-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/universal/app-x86_64-universal-release.apk) |
| F-Droid | [Download](https://mail.icd360s.de/downloads/mail/android/fdroid/app-arm64-v8a-fdroid-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/fdroid/app-armeabi-v7a-fdroid-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/fdroid/app-x86_64-fdroid-release.apk) |
| Samsung | [Download](https://mail.icd360s.de/downloads/mail/android/samsung/app-arm64-v8a-samsung-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/samsung/app-armeabi-v7a-samsung-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/samsung/app-x86_64-samsung-release.apk) |
| Huawei | [Download](https://mail.icd360s.de/downloads/mail/android/huawei/app-arm64-v8a-huawei-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/huawei/app-armeabi-v7a-huawei-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/huawei/app-x86_64-huawei-release.apk) |
| Google Play | [Download](https://mail.icd360s.de/downloads/mail/android/googleplay/app-arm64-v8a-googleplay-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/googleplay/app-armeabi-v7a-googleplay-release.apk) | [Download](https://mail.icd360s.de/downloads/mail/android/googleplay/app-x86_64-googleplay-release.apk) |
---
## Building from Source
```bash
git clone https://github.com/ICD360S-e-V/mail.git
cd mail && flutter pub get
flutter run -d macos # or: windows, linux
```
Platform requirements
| Platform | Requirements |
|:---|:---|
| All | Flutter 3.41+, Dart 3.6+ |
| Android | Java 17, Android SDK |
| iOS/macOS | Xcode 15+ |
| Linux | `libgtk-3-dev`, `libsecret-1-dev`, `libjsoncpp-dev` |
| Windows | Visual Studio 2022 with C++ workload |
---
## About ICD360S e.V.
[ICD360S e.V.](https://icd360s.de) is a registered German nonprofit (*eingetragener Verein*). Every active member receives a free, secure `@icd360s.de` email account with E2E encryption and cross-platform access.
> [!CAUTION]
> The live service at `mail.icd360s.de` is available **exclusively to members**. This repository contains the open-source code — the operational service is private.
---
[:scroll: Security Policy](SECURITY.md) · [:wheelchair: Accessibility](ACCESSIBILITY.md) · [:handshake: Contributing](CONTRIBUTING.md) · [:page_facing_up: License](LICENSE)
**[ICD360S e.V.](https://icd360s.de)** · Amtsgericht Memmingen, VR 201335
[kontakt@icd360s.de](mailto:kontakt@icd360s.de) · [Impressum](https://icd360s.de/impressum/) · [Datenschutz](https://icd360s.de/datenschutz/)