E-Mail

UNITED-PAGES provides a REST-IMAP(RFC3501) interface. Via the API an UP-WEBSERVER can be triggered to send a new E-Mail, request received E-Mails and delete E-Mails.

This involves adding a digital signature to emails based on the UNITED-PAGES public key. A digital signature allows authentication, i.e. verify, that an email truly originates from the sender.

UNITED-PAGES enables development of an email client that is limited exclusively to signed emails.

Send signed E-Mails

Example E-Mail:

FROM	alice@a-provider.com
TO	bob@b-provider.com
CC	charly@c-provider.com
BCC	diana@d-provider.com
SUBJECT	United-Pages is cool
CONTENT	Hello, this is a signed email that you can trust, Regards Alice

From the entered data, the client generates a digital signature, i.e. a JSON data structure containing "from", "to", "subject", the current timestamp (RFC822 format) and a md5-hash of "content".

{ "from":"alice@a-provider.com",

"to":"bob@b-provider.com",

"subject":"UNITED-PAGES is cool",

"content_md5":"c3fdfad7d622c6430eff7290bfb64cc8'",

"date_rfc822":"Tue, 02 Dec 25 22:53:07 +0000" }

The digital signature will be encrypted from the E-Mail-Client (eg UPbook) with the Private-Key of the sender and passed within the body of a POST-request (up_sign).

POST

https://www.united-pages.com/unit/mail/alice/a-provider.com

Authentication-Header

username: <E-Mail password of Alice>

password: <UNITED-PAGES password of Alice>

Body

{ "from":"alice@a-provider.com",

"to":"bob@b-provider.com",

"cc":"charly@c-provider.com",

"bcc":"diana@d-provider.com",

"subject":"UNITED-PAGES is cool'",

"content":"Hello, this is a cerified email that you can trust, Regards Alice",

"up_sign":"........................" }

The UP-SERVER attaches the signature as file named "UP.sign" and sends the email via IMAP . Furthermore, the subject is prefixed with "[UP]", a naming convention to make it easier to find and sort signed emails.

Access to a mailbox via IMAP requires the resp. E-Mail password. Since the passwords for E-Mail- and UNITED-PAGES-account may differ the username of the Authentication-Header is 'misused' for the password of the E-Mail-Account. The username/E-Mail can be extracted from the URL.

Receive signed E-Mails

E-Mail-Clients can request all signed emails

GET

https://www,united-pages.com/unit/mail/bob/b-provider.com

AuthenticationHeader

username: <E-Mail password of Bob>

password: <UNITED-PAGES password of Bob>

The UP-WEBSERVER of the receiver (alice@a-provider.com) retrieves each E-Mail from the resp. Mailbox (via IMAP) that fulfills the following requirements:
- according to the naming convention the Subject starts with '[UP]'
- the E-Mail contains an attachment file 'UP.sign'
- 'UP.sign' can be decrypted with the PublicKey of the sender
- the values of the digital signature match with the E-Mail

The response contains the IMAP message identifiers:

{"14":
{"subject":"[UP]UNITED-PAGES is cool",
"from":"alice@a-provider.com",
"to":"bob@b-provider.com",
"date":"Mon, 8 Dec 2025 09:51:01 +0000",
"message_id":"...",
"size":2683,
"uid":713,
"msgno":15,
"recent":0,
"flagged":0,
"answered":0,
"deleted":0,
"seen":1,
"draft":0,
"udate":1765187463,
"content":"..."},
"15":
{"subject":"[UP]...","to":"bob@b-provider.com","...}} ... }

Delete signed E-Mails

The E-Mail-Client can delete (selected) emails where each one is referenced via its IMAP uid (s.o.).

DELETE

https://www,united-pages.com/unit/mail/bob/b-provider.com?_uid=710,713,726

AuthenticationHeader

username: <E-Mail password of Bob>

password: <UNITED-PAGES password of Bob>