Skip to content

Instantly share code, notes, and snippets.

@rebeccajae

rebeccajae/postmail.md

Last active January 30, 2019 05:12
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rebeccajae/d087bce1b7777aba3cbb1d44bc4fe1f2 to your computer and use it in GitHub Desktop.
Save rebeccajae/d087bce1b7777aba3cbb1d44bc4fe1f2 to your computer and use it in GitHub Desktop.
Download ZIP
PostMail Spec?
Raw
postmail.md

The PostMail Protocol Thing

PostMail is an HTTP-based email protocol I'm implementing because I'm sick of how stuck in the 90s email servers feel. I use HTTP POST and a little bit of DNS shenanigans to get compatibility and am working on a demo.

The Configuration

Any domain has a DNS record, a TXT record called POSTMAIL if PostMail is supposed to be supported. It should be set to the prefix of the current domain.

For example, example.com is configured to receive PostMail at postmail-sys.example.com. The TXT record should be set to postmail-sys

If the TXT record is nonexistent, assume the server does not support PostMail and fall back to previous designs.

The Compatibility

You can use a full domain for PostMail, however, standard email addresses are acceptable (within reason).

For a PostMail endpoint, postmail-sys.example.com by DNS TXT record, the email address test@example.com would resolve to the PostMail URL of https://postmail-sys.example.com/test.

The Method

Not any HTTP POST request to the PostMail endpoint is acceptable. It should be assumed that emails not signed with PGP keys that are not published on public key server will be discarded. Thus, all PostMails must be signed with a PGP key that has its public key published. This allows the recipient to identify the sender, as well as implementing key blacklisting services.

In the post request the Content-length header MUST be speficied and servers SHOULD abort any acceptance that results in more data being sent than expected.

All POSTs should be done over HTTPS using modern TLS security, however, anything is acceptable.

The Features

identify is an invalid endpoint for an inbox as in the examples, https://postmail-sys.example.com/identify could be used for a server to identify itself and its compatibilities for negotiation of security,

The Codes

All standard HTTP response codes apply. Any and all redirects will be treated as if the server is not accepting emails at this time and will cause the email client to revert back to standard email.

Why?

I felt like email was stuck in the 90s and with modern web tech we can make a better solution. I'll be making a minimum working example in the coming days for this, so keep your eyes peeled for PostMail stuff from me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment