By Jason Paryani - 07 Jul 2014
Hello, I’m Jason, a new member of the Sandstorm team. Today I’m excited to announce that I’ve extended Sandstorm to support e-mail, and ported Mailpile Alpha II to demonstrate. Mailpile is available on the Sandstorm app list right now, so go ahead and try it out.
You may know Mailpile from their successful Indiegogo campaign last year. They’ve been working hard to create a web mail app that is designed to be self-hosted, which makes it a perfect fit for Sandstorm. It’s worth noting that Mailpile itself is, like Sandstorm, still in alpha. It is still somewhat rough around the edges, and may not quite be ready to replace your regular e-mail client yet. We will be updating our port as Mailpile matures, and we’re also looking at porting some other web mail apps so that you can choose the one that’s right for you.
We know that switching people over to using Sandstorm for e-mail will take time. So, we are starting with a design that makes it safe and easy to try out Sandstorm without committing.
When you launch an e-mail application on Sandstorm, it is assigned a random e-mail address at your server, like “JBuaKxjkwiJq7oksS@alpha.sandstorm.io”. Any e-mail sent to that address is delivered to the app. The idea is not that you’d actually use this address publicly, but rather that you should set up e-mail forwarding from your real address to this address. For example, GMail allows you to set up such forwarding while still keeping a copy in your GMail inbox, and even lets you do the forwarding conditionally based on a filter. Additionally, most domain registrars have the ability to set up basic e-mail forwarding, so if you have your own domain, it’s easy to set up an address that redirects to a Sandstorm app.
When you send e-mail from a Sandstorm app, we allow you to set the “From” header either to your app’s random address or to your verified Sandstorm login address. In the future, we’d like to add the ability to attach additional verified addresses to your account. Either way, the message’s envelope return address is always the app’s address. As a result, the mail recipient may see that the message was sent “via” your server.
For more details on how to write an app that uses e-mail, and how to set up your Sandstorm server to support e-mail, check out the docs:
A key feature of Mailpile is its support for PGP / GPG encryption and signatures. Unfortunately, this is not yet supported by our Sandstorm port, as we need to do more work to get crypto right.
The simplest way we could support crypto would be to have you upload your private key into the app, to be stored on the server. This is not a good idea! In an ideal world, your private key would live only on a physical token or smart card and never even touch the storage of a real computer. Barring that, you should at least keep your key only on systems you own. If you run your own Sandstorm server, then uploading your key might be OK, but for anyone using a shared server, it’s not a good idea. We want a solution that works for everyone.
Therefore we are looking into how we can make crypto available to Sandstorm apps without sending your key to the server. We are hopeful that the nascent WebCrypto API might solve this problem, but at present the standard is still under development and there is apparently some controversy over its design. In the meantime, browser-extension-based approaches like Google’s End-To-End provide an intriguing alternative, although Chrome’s decision to kill off NPAPI may make it impossible to access hardware tokens or your local GPG agent in this way.
In any case, this is something we’ll be investigating further in the future.