Consumers, organizations, governments, and specific individuals are being targeted relentlessly by phishing attacks that result in stolen money and confidential data, or planted malware. Email technology offers no effective means to stop phishing2, so it’s been a runaway success for the attackers, and a disaster for millions of victims. Accepting this state of affairs—now that’s crazy.
Furthermore, a majority of email users are plugged into other messaging services, discussion sites, and groupware apps. At least 90 million3 have replaced email where possible with Slack and MS Teams. We no longer need an Internet-wide messaging system that makes everyone on it accessible by everyone else without consent or limits.
But email is a foundational Internet application4; the concept is too important to let SaaS vendors or social networks define its future. Therefore the open source community must act to replace it, and act now.
So I’ve drafted a protocol, TMTP, and published implementations of both client and server as open source. TMTP is simple, preserving the soul of email, while dramatically reducing its vulnerabilities. It also addresses major user experience gaps in email, which were solved long ago by web-based discussion apps.