moparisthebest
/
mail
mirror of https://github.com/moparisthebest/mail
1
0
Fork 0
Code Issues Releases Wiki Activity
747 Commits 2 Branches 66 Tags 9.2 MiB
JavaScript 80.6%
CSS 10.4%
HTML 8.6%
Shell 0.4%
Go to file
Tankred Hase 1e37d52e34 update security in readme 2014-01-16 12:12:13 +01:00
res add channel push script 2013-11-14 10:49:38 +01:00
src toggles unread/read when clicking the circle 2014-01-16 11:37:43 +01:00
test Merge pull request #3 from whiteout-io/dev/imap-redesign 2014-01-15 05:23:41 -08:00
.gitignore create release zip files via grunt job 2013-11-12 20:02:46 +01:00
.jshintrc integrate and test openpgp.js 2013-10-11 21:30:03 +02:00
.travis.yml update readme and change deps to https github tarballs 2014-01-15 17:07:14 +01:00
Gruntfile.js switching between offline and online state works 2013-12-10 22:20:41 +01:00
LICENSE.txt update readme and list libraries 2014-01-16 11:04:39 +01:00
README.md update security in readme 2014-01-16 12:12:13 +01:00
package.json update readme and change deps to https github tarballs 2014-01-15 17:07:14 +01:00

README.md

mail-html5 Build Status

Whiteout Mail is an easy to use email client with integrated OpenPGP encryption written in pure JavaScript. Download the official version under whiteout.io.

Privacy and Security

  • We take the privacy of your data very seriously. Messages are encrypted end-to-end using the OpenPGP protocol. This means that only you and your correspondents can read your mail.

  • The client talks directly via IMAP/SMTP to your mail server. Your messages and private PGP key are stored encrypted on your computer and are never sent to our our servers.

  • The app is deployed as a Chrome Packaged App with auditable static versions in order to prevent problems with host-based security. It uses raw TCP sockets to communicate with the mail server.

  • Mail server SSL certificates are pinned under src/ca/ in order to protect against SSL stripping and other man in the middle attacks.

  • Content Securit Policy (CSP) is enforced to prevent against injection attacks.

  • The code is still under heavy development and is not yet recommended for production use. That being said, we have done multiple code audits and penetration tests (which will be published regularly once all reported vulnerabilities are fixed).

Reporting bugs and feature requests

  • We will launch a bug bounty program later on the compensate security researchers. If you find any security vulnerabilities, don't hesitate to contact us security@whiteout.io.
  • You can also just create an issue on GitHub if you're missing a feature or just want to give us feedback. It would be much appreciated!

Testing

You can download a prebuilt bundle under releases or build your own from source:

npm install && grunt

This builds the Chrome Packaged App bundle DEV.zip which can be installed under chrome://extensions in developer mode.

Run the unit tests locally:

npm test

License

Copyright © 2013, Whiteout Networks GmbH. All rights reserved.

The code is open for inspection and peer review by the security community.
The code is currently not licensed under an open source license. If you're
interested in contributing or getting a license, please get in touch with
us (info@whiteout.io).

Many of the libraries we use are licensed under an open source license. Here are some of the libraries we use (for a complete list please take a look at the code):

  • OpenPGP.js: An implementation of OpenPGP in Javascript
  • Inbox: Simple IMAP client for node.js
  • Nodemailer: SMTP client for node.js
  • Forge: An implementation of TLS in Javascript
  • node-shims: A basic set shims of commonly used node APIs for use in the browser