this post was submitted on 12 May 2024
3 points (61.5% liked)
Privacy
833 readers
5 users here now
Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.
Rules
- Don't do unto others what you don't want done unto you.
- No Porn, Gore, or NSFW content. Instant Ban.
- No Spamming, Trolling or Unsolicited Ads. Instant Ban.
- Stay on topic in a community. Please reach out to an admin to create a new community.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
TL;DR you can send emails from .onion addresses if you want, but no clearnet server is going to accept them.
So when you send an email, you can actually put whatever you want in the
from
header. I could send an email that says from "made.this.up@website.doesnotexist". The protocol doesn't care.Do you know who does care? The email server you're sending messages to, because spammers and scammers love to try and send email with fake
from
addresses.So, there's an entire verification system in place that involves looking up public keys from the website that the email claims to be from. (this is a gross over simplification. Look up SPF, DKIM, and DMARC for more info). The problem is you can't even reach
.onion
sites from the clearnet to do the lookups. So no email servers would be able to validate your address is legitimate and so would drop it as spam.The receiving servers do not generally care what’s in the FROM field. They care that the sending server they are connected to is authorized and has their SPF, DKIM, and DMARC shit together. It’s not for the receiving server to control the email aliases of individual senders. Some rare over-zealous servers will look at the FROM field and expect the domain to match but if I encounter that, the collateral damage is what it is. I can always still decide from there whether it’s worthwhile to go through extra hoops.
That mismatch between DMARC verification domain and the domain of the "from" header is called DMARC Alignment. Any modern spam filter is going to mark unaligned messages as spam. Especially if one of the domains is completely non-routable like .onion.
And even if you sent the email and it got through with your .onion address, no one would be able to reply to you because the replying mail server can't even look up the MX record for your .onion domain.
I’m fine with all that. I’ve mostly abandoned #email anyway because I do not accept the terms Google has imposed on the world. I send most messages by postal mail when recipients have only exclusive and restrictive receiving options.
The inability of the recipient to reply to an onion address using their normal service is actually part of the idea. I would not want a gmail user to be able to use gmail to reply, for example. While Google drags people into their walled garden, I’m happy to exert pressure in the opposite direction.
(edit)
If I were to send a msg to gmail user in a way that they could simply reply from Google, then I become part of the problem by reinforcing the use of Gmail and helping Google get fed. That’s not going to happen. It’s a non-starter.