Netnol Mail is a zero-knowledge, quantum-resistant email service built for an unbreakable inbox. Messages are encrypted so that only you can access them — no inspection, no interference, no breaches. Email designed to be truly private, intrusion-proof and leak-proof.
The Netnol Mail architecture is decoupled into specialized services to ensure security, scalability, and cryptographic integrity:
- Server: High-performance SMTP server responsible for receiving raw traffic and queueing data for processing.
- Worker: Distributed task processor that manages the logic between the mail queue and the core infrastructure.
- System: The central API core governing identity, ZKP verification, and public key management.
- Client: Cross-platform interface where all client-side encryption and decryption occur, ensuring zero-trust.
Netnol Mail implements a hybrid cryptographic stack designed to neutralize both current and future threats, ensuring that data is never persisted in a vulnerable state:
- Kyber1024 (KEM): A lattice-based Key Encapsulation Mechanism providing post-quantum resistance, ensuring that secret exchanges remain immune to advanced quantum computing attacks.
- AES-256-GCM: High-performance symmetric encryption with integrated authentication (GCM), used to secure message bodies and sensitive metadata.
- Ephemeral Key Generation: The system generates random keys in runtime for each encryption session. These keys are encapsulated using the recipient's asymmetric public key; immediately after use, the clear-text version of the ephemeral key is purged from memory.
- Read-Only Architecture: The key derivation and attachment process occurs in an isolated environment where the generated private key is never written to disk, serving only to seal the cryptographic package before permanent deletion.
-
Authentication in Netnol Mail is anchored to the Netnol ID, the user’s immutable and sovereign identity root. Through a single login, the client locally decrypts access keys to provide a consolidated dashboard of all attached Organizations and inboxes. This aggregation occurs strictly on the client side; on the back-end, isolation is absolute. An Organization is mathematically incapable of detecting the existence of other organizations linked to the same ID. By utilizing Zero-Knowledge Proofs (ZKP), the server validates identity without ever touching passwords or private keys, rendering individual accounts deliberately irrecoverable by any third party.
-
All Netnol Mail instances operate on a unified Master Management Key (MMK) engine, with permission policies varying by plan. Upon registration, an Individual Organization is automatically pre-created. In this mode, the MMK operates in a restricted state, making it impossible to add any user other than the owner. While the owner can manage multiple inboxes, domains, and storage, all resources remain permanently tethered and limited to their specific ID.
In Team and Enterprise plans, the MMK expands to allow administrators to attach inboxes to third-party IDs and manage external members. Since the technical foundation is identical, transitioning between plans (upgrade/downgrade) is a seamless reconfiguration of resource limits and MMK sharing permissions, requiring no data migration. Each Organization, including the personal one, maintains its own independent billing cycle, allowing a single user to manage personal and corporate contexts with total administrative autonomy and cost segregation.
Netnol Mail is licensed under the AGPLv3. The primary motivation for this choice is to ensure that the project remains subject to public audit at all times. In a security-critical environment, transparency is not just a preference but a technical requirement; by keeping the source code open, we allow the global security community to verify our cryptographic implementations and Zero-Knowledge claims.
Made with 💕 by Netnol