Behind-the-scenes look at Lemon Email
We started the Lemon Email project with a goal to provide a service with additional security and privacy over regular email while retaining the ease of use and speed. Our current solution offers two integrated services, acting as a compromise between additional privacy & security for the really important emails while having a super fast regular email for everything else.
Our regular email service is what it sounds like — a fast and stable email that’s super easy to set up in your favorite app (you get an @lemon.email address for this). Our secure service email service offers additional privacy and security features — end-to-end encryption, decentralization via IPFS/Ethereum and additional privacy layers when emailing unsecure users (you get a special @private.lemon.email address by default but we do support custom domains for both services).
Regular Email
Email systems architecture has been developed and improved for 30 years. We’ve taken the latest, fastest and most proven components, and built a fast and stable system. The email service is fast, our system is easy to scale, completely containerized, and ready to support hundreds of thousands of users. We’re really proud of it and we’re currently working on open-sourcing some parts. It’s a complex system that deserves an article of its own (coming soon).
Private Email
Our private email service is more novel in its architecture. It’s built using cutting-edge decentralized technology. Our server acts as a relay to IPFS and Ethereum’s blockchain, where the emails are safely stored.
What happens behind-the-scenes when you click “Send”:
1. The email is encrypted locally. This ensures we can never read your data. If the recipient is a Lemon Email user, the email is encrypted using their public key. On the other hand, if the recipient is on an external service, like Gmail, you’ll need to specify a secret question and answer, known to the recipient. These are used as encryption and decryption keys.
2. The encrypted message is sent to our service. Here’s where the magic happens.
3. We encrypt the whole message, including the metadata, again.
4. The fully encrypted message is uploaded to decentralized storage (we use IPFS here), to ensure your data is preserved if our servers ever go down.
5. The IPFS location is saved to Ethereum’s blockchain as a special transaction, along with the recipient’s address. This permanently associates your emails to you, further safeguarding your data.
6. If the recipient is a Lemon Email secure user, the message has been sent at this point. Otherwise, if the recipient is using a classic email solution, an email is sent to his address letting him know that a secure email has been sent to him, along with a link to access it.
While all that’s happening, we’re watching the blockchain for transactions looking like our emails. When a new one is confirmed on the blockchain, we notify our user (whose address is in the transaction) that a new email has arrived.
When a user opens their inbox, we scan the blockchain for transactions with their address and list the last 10. We then fetch those 10 emails from IPFS and send them to the user, where they are decrypted using their passphrase.
In essence, our server acts as a proxy, or a wrapper, in an effort to provide the benefits of decentralization, while making the experience for the user as accessible as sending regular emails.
Going 100% decentralized
With complete decentralization as another goal, we’ve recently published a DApp. It’s a frontend-only web hosted on decentralized storage, that interacts directly with Ethereum. The frontend code has an integrated IPFS node allowing it to communicate with other IPFS nodes directly (i.e. without our server as a middle-man). We’ve made it completely open-source.
Complete decentralization does mean waiving some accessibility. You’ll need to set up your own Ethereum account because your email address is connected to your personal Ethereum ID. You’ll also need to use the Chrome browser and have the Metamask extension installed to connect to Ethereum directly.
Get in touch
Got any questions? We’d love to hear from you! Also feel free to check out our website and follow this publication. We’ve got a few more behind-the-scenes articles lined up.
