4thTech Enables Spam & Spoofing Resistant E2EE Web3 dMail framework (March 2022)

Published in
7 min readMar 8, 2022


The internet changed the way we live, it opened the gates to unlimited communication, but it failed greatly regarding email privacy, data ownership and identity security. Emails are getting spammed with junk mail while identities are being stolen with email spoofing. There is also the matter of privacy, which is under question if free eMail web2 services are used instead of privacy-dedicated email servers. To enable free eMail, the current Web2 eMail providers resort to adding based models that by nature enable mass surveillance and data mining to enforce intrusive ad campaigns. Furthermore, all data exchanged and created within these centralised structures lose privacy and ultimately disassociate ownership from the user. Now more than ever secure private email communication is becoming more and more important.

Current centralised eMail systems or other web2 data exchange services are not secure and do enable any privacy whatsoever. Did you know that nearly 85% of all emails are spam? According to Dataprot statistics that translates into an average daily volume of 122.33 billion messages globally. Tessian research suggests that throughout 2020, 1 in every 4,200 emails was a phishing email. Keeping your email un-infected and out of the millions of subscription services is close to impossible these days and cleaning the inbox has become a daily time-consuming task.

4thTech aims to; (1) enable a permissionless and non-custodial communication framework that enables 1000s of dMail & dChat dApps to evolve on Web3; (2) enable accompanied SDK framework; (3) contribute to the next Web3 adoption wave, and; (4) pioneer the future of encrypted, immutable and decentralized on-chain communication. With massive Web2 email and messaging security issues and vast Web3 communities emerging surrounding popular DeFi, NFT, Gaming and DAO platforms the need for secure on-chain social communication is increasing.

dMail Solution

The protocol leverages trust sourced from the blockchain to enable E2EE, immutable and non-custodial W2W data exchange in the form of; (1) dMail (i.e. decentralized email); (2) data file exchange (e.g. media or data files), and; (3) dNotary (i.e. data file on-chain file checksum verification). Compared to the dChat Protocol, where W2W message exchange happens on-chain, the dMail is data heavier due to attachments and sizable content. The key was combining L1/L2 security with decentralized storage where lite encrypted JSON files are stored to hold dMail metadata while link to dMail JSON metadata and checksum are recorded on-chain in the form of an L1/L2 transaction. Supported by TypeScript/JavaScript SDKs and plug-and-play white-labels, the protocol is made ready for security-enabled social scaling in the multi-chain universe.

dMail white-label UI

Architecture & dMail Process

  1. A JSON metadata file is created that includes dMail sender subject, content, attachment name, attachment URL, calculated hash (i.e., checksum) of data file content and Client B address.
  2. In the form of JSON metadata file, dMail sent from Client Wallet A gets encrypted with a public key of the receiver Client B.
  3. JSON metadata file URL & checksum are sent to Ethereum, Tolar, Edgeware, Solana, Moonbeam or Tron dMail Smart Contract (TestNets).
  4. Received Client B dMail is decrypted with Client B's private key.
  5. Attachments in the form of media & data files from Client A are encrypted with the public key of Client B.
  6. Received Client B attachments files are decrypted with Client B’s private key.

File encryption example:

// Symmetric encrypt
const symKey = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', symKey, iv);
const symEncrypted = Buffer.concat([
// Asymmetric encrypt - encrypt just symmetric key & iv
const key = new NodeRSA();
key.importKey(publicKey, 'pkcs8-public');
const symPrefix = `${symKey.toString('base64')}:${iv.toString('base64')}`;
const encrypted = key.encrypt(symPrefix, 'base64');// Join asymmetric and symmetric part
const data = Buffer.from(`${encrypted}:${symEncrypted}`);

Save to blockchain:

// Save data to blockcahin
const txDetails: TransactionDetails = await blockchainService.sendDocument(


As a result of extensive three years of legal and procedural GDPR research, the dMail protocol can be recognised as a GDPR-compliant application as no personal data is stored on-chain but resides off-chain. dMail records links to encrypted files and hashes of the encrypted content on the blockchain.

dMail Attachments

Attachment media and data are stored in the 30-day temporary repository. The dMail recipient is provided with the “link” of the saved location JSON metadata file. The JSON metadata file that includes the link is sent to the blockchain, and the dMail recipient can download the data file and decrypt it with his private key saved in the browser’s 4thTech wallet (FOURwaL).

💡 Note: The current staging data exchange file size is limited to 20MB. All exchanged attachments data files are deleted after 30-days.

dNotary, on-chain data verification protocol

Notarisation can be described as a fraud prevention process that enables data file (e.g. document) authenticity and guarantees that the data file has not been changed in the course of a transaction between parties. Usually, the physical notary acts as an intermediary and provides the needed trust factor between parties.

As a by-product of the dMail Protocol, the dNotary leverage the power of blockchain to facilitate source and time confirmation for any data files exchanged within the 4thTech ecosystem. dNotary uses a checksum to check for potential data changes during the dMail data exchange. If one byte of the exchanged data changes, the checksum changes and invalidates the transmission. There are several checksums calculated and stored to assure integrity. Checksum stored on the blockchain is validating JSON metadata which includes all the details of the transaction. If the checksum of the JSON metadata is validated then the service is also checking the integrity of the digital file(s) within the transaction. If the validation of the digital file(s) is confirmed then the receiver can download data files with the confidence that no one has manipulated them.

On-chain data notarisation process;

(1) user account is created within the wallet;
(2) user account verification using 4thTech dID within the UI platform (option);
(3) on-chain checksum and timestamp verification of the received data file, using 4thTech dNotary within the 4thTech UI platform.

Checksum calculation

calculateChecksum(data: BinaryLike): string {
return crypto.createHash('sha256').update(data).digest('hex');

How to test 4thTech dMail?

Step 1: Download your 4thTech Google Chrome or Mozilla Firefox wallet
Step 2: Create and back up your wallet. To create your wallet, set up your password.
Step 3: Log into the 4thTech UI Staging
Step 4: Top up your account with TestNet tokens (more information)
Step 5: In order to send dMails to friends and colleagues you will need to know your wallet address and the receiver’s wallet address (i.e. FOURwaL). Your wallet address works like your phone number or email address. It is uniquely yours!

💡 Note: FOURwaL is a 4thTech native wallet, specially designed to support dMail & dChat, other wallets won’t work! We are currently deploying support for other wallets, but it's not jet operations. 4thTech UI platform currently supports Ethereum, Edgeware, Tolar HashNet & Solana, while UI staging supports Kovan, SI-Chain, Solana TestNet, Moonbase, Tron TestNet Nile & Shasta and Evmos TestNet.

Step 6: Tap on the New tab located in the dMail menu folder, fill in the request form, attach the files and press Send.

💡 Note: 4thTech dMail currently supports up to 20Mb of attachments data file size.

Step 7: You can follow the dMail send a transaction in the blockchain explorer of the chosen network by pressing the transaction Explorer link. When you receive a dMail, you can check it in your Inbox folder.

💡 Note: Check the file authenticity by clicking on the submenu dNotary details. If the Checksum Match is green, then the received file is authentic.

💡 Note: Remember to download the received dMails and attachment files to your computer's local storage as library storage is limited to up to 30-days. After 30-days, dMails and attachment files will be deleted.


All content provided herein, including but not limited to text, graphics, logos, and images (the “Content”), is the property of Block Labs Luxembourg S.a r.l., a legal entity established under the laws of the Grand Duchy of Luxembourg, registered with R.C.S. Luxembourg under N B263508 at the following address: 41, rue du Puits Romain, z.a. Bourmicht (Atrium Business Park), L-8070 Bertrange, Luxembourg (the “Company” or “we”). It is protected by copyright and other laws that protect intellectual property and proprietary rights. You are granted a non-exclusive, non-transferable, revocable license to access and use the Content for the sole purpose of obtaining information about the 4thTech technology and other educational purposes. We have done our best to ensure that the Content is accurate, updated, complete, and provides valuable information, but neither do we guarantee nor take any responsibility for its accuracy and/or completeness. The Content is not intended as, and shall not be understood or construed as legal, financial, tax, or any other professional advice, sale or offer for sale of any securities, and/or crypto-assets. The Company is not engaged in rending of and/or is not licensed to render any of the crypto-asset services and/or financial services, such as investment or brokerage services, capital raising, fund management, or investment advice.




L1 Secured W2W E2EE Immutable dMail & dChat Technology