Registering to different services is an inevitable part of surfing the "web". Every time we register to a new website information goes to an entity. We assume that the entity will protect our identity and that they will not use it for malicious intent. This is not the case. If we look at the news we see that daily there are incidences of data breaches. where user credentials get exposed. What's more dangerous is that attackers can compile multiple breaches, if a user logs into 2 services with the same email and if there is a data breach. Hackers can use your email as a primary key and do a SQL join on the two databases to get combined information on the user and derive a full profile.
One way to avoid this issue is to use a disposable or use a separate email for each service. However, this has 2 problems
- Emails are temporary and will be destroyed therefore the communications such as sending password reset links etc will not be possible.
- Users will need to log into each account for an update if we use Netflix, prime, and Disney that's 3 separate emails and passwords.
Third-party entities can often set up mail forwarding manually for a fee. Which can be quite cumbersome for a user.
MailSafe aims to tackle the issue of privacy, convenience and the right to transparent use of emails, giving back the power to end-user and ensures that the data is handled "ethically" in an unethical environment.
What it does
MailSafe is a web application where users can generate email aliases with multiple domains and forward the emails to a single email ID
Suppose a user called Mr. Will has an email id --> firstname.lastname@example.org and he needs to register for an account in Netflix, he can come to MailSafe and make a custom email alias like
mrObama@swiftmegaminds.tech and link it to
email@example.com . Next Mr Will can use
mrObama@switfmegaminds.tech to register the account and all the emails that we receive on the alias email gets forwarded to the main account. Therefore incase of a breach our real email is safe from an attacker
How we built it
The MailSafe Project has 3 components.
- NodeJS REST API
- DjangoREST API
- React frontend
All apps have separate repositories for better separation of concerns. As the backend is A REST API the frontend can use both the Django and node backends without much hassle. The Node backend was used for initial proof of concept testing. After which we moved to Django for better security. The forward email service was used for the generation of an alias. And Postman was used for testing. The backend is containerized using Docker and Travis-CI has been configured for the builds
Challenges we ran into
During the Sprint we had to shift to several different ideas. Eventually, just before the end of the second week, we started our work on the MailSafe application. Certain concepts were quite new like the making of RESful API. Token-based authentication. Use of POSTMAN for testing. Connecting react with backend.
Accomplishments that we're proud of
The project was made in a really short period as we decided on the idea quite late
What we learned
- RestFul API design
- Django Rest Framework
- Travis CI
What's next for MailSafe
The mailSafe can become a full service if we can set up our mail forwarding SMTP server. There are several basic quality of life improvements which we would like to implement as this is right now is a proof of concept state.