E-Mail

Send noreply

Every registered UP user can trigger E-Mails that are sent from noreply@<upwebserver> to a E-Mail receiver that does not necessarily have to be a UP user.

Example:

The sender joe.doe@goohoo.com is registered at united-pages.com (since goohoo.com is not yet a UP provider). The receiver joe.bloggs@hoogoo.com is not a UP user.

Joe can trigger an E-Mail (with an optionally attached file) via the following curl-command:

Signed E-Mails

UNITED-PAGES provides a REST-IMAP(RFC3501) interface. Via the API an UP-WEBSERVER can be triggered to send a new E-Mail, request received E-Mails and delete E-Mails.

This involves adding a digital signature to emails based on the UNITED-PAGES public key. A digital signature allows authentication, i.e. verify, that an email truly originates from the sender.

UNITED-PAGES enables development of an email client that is limited exclusively to signed emails.

Send signed E-Mail

Example E-Mail:

FROM

alice@a-provider.com

TO

bob@b-provider.com

CC

charly@c-provider.com

BCC

diana@d-provider.com

SUBJECT

United-Pages is cool

CONTENT

Hello, this is a signed email that you can trust, Regards Alice

From the entered data, the client generates a digital signature, i.e. a JSON data structure containing "from", "to", "subject", the current timestamp (RFC822 format) and a md5-hash of "content".

{ "from":"alice@a-provider.com",

"to":"bob@b-provider.com",

"subject":"UNITED-PAGES is cool",

"content_md5":"c3fdfad7d622c6430eff7290bfb64cc8'",

"date_rfc822":"Tue, 02 Dec 25 22:53:07 +0000" }

The digital signature will be encrypted from the E-Mail-Client (eg UPbook) with the Private-Key of the sender and passed within the body of a POST-request (up_sign).

POST

https://www.united-pages.com/unit/mail/alice/a-provider.com

Authentication-Header

username: <E-Mail password of Alice>

password: <UNITED-PAGES password of Alice>

Body

{ "from":"alice@a-provider.com",

"to":"bob@b-provider.com",

"cc":"charly@c-provider.com",

"bcc":"diana@d-provider.com",

"subject":"UNITED-PAGES is cool'",

"content":"Hello, this is a cerified email that you can trust, Regards Alice",

"up_sign":"........................" }

The UP-SERVER attaches the signature as file named "UP.sign" and sends the email via IMAP . Furthermore, the subject is prefixed with "[UP]", a naming convention to make it easier to find and sort signed emails.

Access to a mailbox via IMAP requires the resp. E-Mail password. Since the passwords for E-Mail- and UNITED-PAGES-account may differ the username of the Authentication-Header is 'misused' for the password of the E-Mail-Account. The username/E-Mail can be extracted from the URL.

Receive signed E-Mails

E-Mail-Clients can request all signed emails

GET

https://www,united-pages.com/unit/mail/bob/b-provider.com

AuthenticationHeader

username: <E-Mail password of Bob>

password: <UNITED-PAGES password of Bob>

The UP-WEBSERVER of the receiver (bob@b-provider.com) retrieves each E-Mail from the resp. Mailbox (via IMAP) that fulfills the following requirements:
- according to the naming convention the Subject starts with '[UP]'
- the E-Mail contains an attachment file 'UP.sign'
- 'UP.sign' can be decrypted with the PublicKey of the sender (alice@a-provider.com)
- the values of the digital signature match with the E-Mail

The response contains the IMAP message identifiers: