P2P, secure, encrypted email system: FlowingMail

The future of emails: ALWAYS encrypted automatically, NEVER transit through a central server like Gmail, Yahoo or NSA, addresses cannot be forged

The future of emails: always encrypted, decentralized, verified addresses

FlowingMail is an easy to use P2P secure and encrypted email system.

Decentralized: no central server is involved in the transmission of the mail. The mails don't transit through GMail, Yahoo, NSA, etc...

Encrypted: all the messages are always automatically encrypted, without user intervention nor complicated setup operations

Verified: the addresses of the senders and recipients cannot be forged

The most used email systems rely on a central server that receives, stores and forward the messages.

The recent news about PRISM and the closure of Lavabit shown that users cannot rely on such systems for private communications and for an uninterrupted service.

When a central server is involved in the communication then it’s easy to identify the parties that have to be searched, closed down or threatened in order to retrieve the messages that are sent through the network.

The FlowingMail protocol is loosely based on BitTorrent, with some ideas coming from the BitMessage protocol.

The FlowingMail messages are automatically signed and encrypted: only the receiver is able to decrypt the messages.

Messages and public keys are announced using a variant of the Kademlia DHT, while the encrypted emails are transferred in way similar to the BitTorrent fashion.

Check http://flowingmail.com for more information

The team


Paolo Brandoli (si.linkedin.com/in/paolobrandoli/)

I’m an Italian, 43 years old C++ software developer.

During the first 13 years of my life I was a weird human being, during the last 30 I was a software developer.

More than 20 years of experience in C++, I wrote code for Windows, OSX, Linux, BSD, OpenSolaris, Android, iOS.

I developed systems that analyze millions of call data records per day from telecommunication equipments, mixed imaging C++/Java libraries for Android, certified metrological and medical systems.

Lately I developed a TCP-IP sniffer (able to intercept, decode, store and retrieve emails, internet pages and VOIP communications) and an encrypted VOIP application for Android & iOS (sold directly to enterprise customers without passing through the app stores, http://digicrypt.info).

I’m the author of the open source project Imebra (DICOM medical imaging file parser/generator)

Mike Vorobyev (si.linkedin.com/pub/mike-vorobiev/11/86a/84b/)

I'm Russian, 39 years old C++ software developer.

More than 13 years of experience in C++, I wrote code for Windows, Linux.

Expert in Windows Internals, large scale financial systems, multithreading.

I worked on real-time gateway data exchange for trading, real-time data stream conversion for financial institutions, systems used by government and big institutions for managing digital signature and long term archiving of digital documents.

One of my latest projects is http://theprecisioninstrument.com ( employees monitoring software )

What We Need & What You Get


The goals of this project are:

  • beta version of the FlowingMail protocol by December 2013
  • produce a reference API, a series of command line tools that test, validate and use the FlowingMail protocol by February 2013
  • produce a FlowingMail client application for Windows, Linux and Mac by June 2014
  • produce a FlowingMail client application for Android by October 2014
  • play with the FlowingMail protocol and fine tune the clients and continuously improve the protocol
  • install FlowingMail nodes around the world to help the FlowingMail network
  • develop an SMTP to FlowingMail gateway that convert normal emails to FlowingMail & viceversa before they leave your premises.

The ultimate goal is to boost the adoption of FlowingMail as an email protocol, so all the software will be released under an open source license (Apache or BSD license) while the protocol will be in the public domain


  • December 2013: beta version of the protocol ready
  • June 2014: Desktop clients ready
  • October 2014: Android client ready
  • December 2014: SMTP to FlowingMail gateway ready

What we need

The 100.000 USD will be spent for:

  • pay full time development for 2 software developers for one year
  • rent for the office and expenses
  • rent for bandwidth and servers around the globe
  • taxes :-(

What if we don’t reach the goal?

Well, plan B is to work on the protocol until we run out of money, then try a new fundraising and hope that the work done will convince more people to donate for the development.

The protocol specifications will be in the public domain to allow anyone to pick up our work and continue the development.

Features of the FlowingMail protocol

Different keys for encryption and signatures

FlowingMail uses two different pairs of RSA private/public keys for encryption and signature. This allow to periodically change the encryption key which will be redistributed automatically to other peers.

Addresses cannot be forged

FlowingMail addresses are a human readable representation of 160 bit hashes (SHA-1) of the public key used to verify the signature. Nodes that announce wrong keys (because the SHA-1 hash is wrong) are banned by other nodes.
The encryption public key can have expiration date and is signed using the signing private key.

Nodes don't need to be always online

Public keys and available mails are always available on the network, even when the recipient node is offline

A variant of the Kademlia DHT stores:

  • the public keys
  • the list of available mails for the recipients
  • the list of nodes that store a specific mail message torrent file
  • the list of nodes that store specific blocks of an email message

Mails are signed by the sender

Mails are signed using the signing RSA private key and encrypted using the recipient RSA encryption public key.

High speed

All the communication between the DHT nodes and the mail transfers happen over UDT protocol (UDP Based Data Transfer), which provides high speed data transfer (with guarantee of delivery) or partial reliability on message delivery.

The transmission of the mails happens in a bittorrent-like fashion: the nodes download the least distributed blocks of the mail from the sender and make it available to the recipient.

Features of the FlowingMail Clients


  • written in C++
  • available for Windows, Linux, OSX
  • runs as a service or daemon (runs even when nobody is logged in)
  • can send and receive attachments, pictures, edit and display formatted text
  • rules for organizing the incoming and outgoing messages
  • use NAT-PMP, Internet Gateway Device Protocol, UDP hole punching to forward UDP ports to the NAT device
  • drafts folder
  • search
  • address book
  • automatic update (optional)


  • written in C++ and Java
  • runs as a service (can send/receive even when the application is not open)
  • can send and receive attachments, pictures, edit and display formatted text
  • rules for organizing the incoming and outgoing messages
  • use NAT-PMP, Internet Gateway Device Protocol, UDP hole punching to forward UDP ports to the NAT device
  • drafts folder
  • search
  • address book
  • automatic update (optional)


Can I use other BitMessage clients to read the mails?

No: FlowingMail is not compatible with BitMessage.

Can I use BitTorrent clients to read the mails?

No: While FlowingMail takes a lot of concepts from BitTorrent, it is not compatible with BitTorrent

Which language do you use to program the API & the clients?

C++ and C++/Java for Android

What if I turn off my device? Will I receive the mails sent while it was turned off?

Yes, your mails are stored on other peers (encrypted) for up to 7 days. The sender also stores the sent mail and will re-announce it after 7 days if you weren’t able to download it.

Can I send/receive attachments?

You can send anything that you can send in a regular e-mail, including attachments, HTML formatted emails, etc.

How does an user’s address look like?


Are the mails encrypted?

Yes, the mails are signed and encrypted

When a client boots for the first time then it creates two private/public key pairs: the public keys are distributed to other peers and are used to encrypt the messages and to verify the sender’s signature, while the private keys are kept secret and are used to decrypt the received messages and to sign the outgoing ones.

Why so much time to develop the clients? Once the protocol API is read it should be a walk in the park!

Well...no. When the beta versions of the client get out of the door then the number of users will increase dramatically and the FlowingMail protocol may crack under pressure: in this case some resources must be dedicated to fix the FlowingMail protocol to address the issues.

If the source code is available to everybody, what do the perks offer? Can’t I build the clients by myself from the source code?

Yes, you can build the clients all by yourself from the source code.

The perks allow non-technical users to download the installation packages of the clients and tools, so they don’t need to install compilers, libraries, build and dependency managers, etc...

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
Benjamin Franklin

Team on This Campaign: