Mail Satellite - Outlook-look-alike!

[valmar]

I created a similar but more sophisticated web email client that you might want to check out: www.smampi.com (Free to use)

Also available as an app for Google Chrome: https://chrome.google.com/webstore/d...akhbhffcncehfo

Edit: Sorry for bumping the old thread. - Didn't want to create a new one so I thought my post would fit in here pretty well.

[Sherry]

[Moderator:]

valmar, would you please send a PM to Edwin to see if you should be given Service Representative status. Thank you.

Welcome to the EMD Forums

[robert@fm]

^ Given the age of the two threads he's revived, valmar should at least be given Thread Necromancer status.

[valmar]

Ahahahaha, I'm terribly sorry.
I didn't see that the thread is that old :-)

I should've created a new one, I guess. - Just thought that my post would fit pretty well into this thread since it related to it.

- The Necromancer

[rblon]

Using a "web based email client" seems to me a bit of a security no-go, as I guess you have to provide the login details of your email account.

[valmar]

Yes, that's correct.
You must enter your email login data to use this kind of service.
However, the data itself is stored safely encrypted to the Smampi database.
If you don't trust these kind of services, this web application probably is nothing for you.
Nowadays though, in the times of Facebook and such, where everyone seems to move their data "into the cloud" (e.g. "friend finder"), most people do not seem to have a problem with that.

[rblon]

Indeed, I wouldn't advise people to use "friends finder". Even then, I do think there is a difference between giving your email account credentials to Facebook or to Smampi. The fact that you encrypt (and decrypt...) these details doesn't really matter in this respect.

[valmar]

Well, it does matter if the web app ever gets hacked and the database content stolen.

Regarding privacy, you're right. If I wanted, I could easily decrypt the passwords (which I don't - as stated in the terms and and condictions - as well as the privacy policy).
(Besides that there is no reason why I should do that).

However, In early stages of development, I had plans to work around this by encrypting the login data with the user's Smampi account password. That way, only the user himself would be able to decrypt the login data since he is the only one who knows his Smampi account password (which is being stored as a SHA-256 hash to the database).

The downside of this approach was that once a user uses the password recovery function (which generates a new Smampi account password for him/her), all the encrypted login data becomes invalid and the user will have to re-enter them.

[rblon]

I can think of many reasons why a certain group of people want to access other peoples email box. Going from semi-legal to outright illegal. The problem here is trust.

I see your reasoning regarding encrypting using the password, but this doesn't solve the trust problem.

[valmar]

Yes, you're absolutely right.
Either you trust this service or not.
Quite simple :-)