MailSafe

Protect you emails from data breaches and reverse lookups

Comment

Inspiration

Registering to different services is an inevitable part of surfing the "web". Every time we register to a new website information goes to an entity. We assume that the entity will protect our identity and that they will not use it for malicious intent. This is not the case. If we look at the news we see that daily there are incidences of data breaches. where user credentials get exposed. What's more dangerous is that attackers can compile multiple breaches, if a user logs into 2 services with the same email and if there is a data breach. Hackers can use your email as a primary key and do a SQL join on the two databases to get combined information on the user and derive a full profile.

One way to avoid this issue is to use a disposable or use a separate email for each service. However, this has 2 problems

  • Emails are temporary and will be destroyed therefore the communications such as sending password reset links etc will not be possible.
  • Users will need to log into each account for an update if we use Netflix, prime, and Disney that's 3 separate emails and passwords.

Third-party entities can often set up mail forwarding manually for a fee. Which can be quite cumbersome for a user.

MailSafe aims to tackle the issue of privacy, convenience and the right to transparent use of emails, giving back the power to end-user and ensures that the data is handled "ethically" in an unethical environment.

What it does

MailSafe is a web application where users can generate email aliases with multiple domains and forward the emails to a single email ID

For Example: Suppose a user called Mr. Will has an email id --> will@mlh.com and he needs to register for an account in Netflix, he can come to MailSafe and make a custom email alias like mrObama@swiftmegaminds.tech and link it to will@mlh.com . Next Mr Will can use mrObama@switfmegaminds.tech to register the account and all the emails that we receive on the alias email gets forwarded to the main account. Therefore incase of a breach our real email is safe from an attacker

How we built it

The MailSafe Project has 3 components.

  • NodeJS REST API
  • DjangoREST API
  • React frontend

All apps have separate repositories for better separation of concerns. As the backend is A REST API the frontend can use both the Django and node backends without much hassle. The Node backend was used for initial proof of concept testing. After which we moved to Django for better security. The forward email service was used for the generation of an alias. And Postman was used for testing. The backend is containerized using Docker and Travis-CI has been configured for the builds

Challenges we ran into

During the Sprint we had to shift to several different ideas. Eventually, just before the end of the second week, we started our work on the MailSafe application. Certain concepts were quite new like the making of RESful API. Token-based authentication. Use of POSTMAN for testing. Connecting react with backend.

Accomplishments that we're proud of

The project was made in a really short period as we decided on the idea quite late

What we learned

  • RestFul API design
  • Django Rest Framework
  • NodeJs
  • Docker
  • Travis CI
  • React
  • Postman

What's next for MailSafe

The mailSafe can become a full service if we can set up our mail forwarding SMTP server. There are several basic quality of life improvements which we would like to implement as this is right now is a proof of concept state.

Share this project:

Updates