Security: SMTP was designed in a time of less pervasive security threats. It lacks built-in encryption and authentication mechanisms, making it vulnerable to eavesdropping, spoofing, and spam. While extensions like TLS/SSL and authentication methods exist, they are not universally implemented or enforced.

Efficiency: SMTP is a "chatty" protocol, meaning it involves multiple back-and-forth exchanges between the client and server. This can lead to latency and increased resource consumption, especially for large emails or bulk sending.

Deliverability: SMTP doesn't have mechanisms to guarantee email delivery. Emails can get lost, delayed, or filtered as spam. While techniques like SPF, DKIM, and DMARC help, they are not foolproof.

Features: SMTP is primarily designed for sending emails. It lacks features for managing email content, tracking delivery status, or handling complex email workflows. Possible Improvements:

Mandatory Encryption: Enforcing TLS/SSL encryption for all SMTP connections would protect email content from interception.

Stronger Authentication: Implementing more robust authentication mechanisms would prevent spoofing and ensure that emails originate from legitimate senders.

Enhanced Deliverability: Developing mechanisms to track email delivery, provide feedback on delivery failures, and reduce spam filtering would improve deliverability.

More Efficient Communication: Exploring alternative protocols or extensions that reduce the "chattiness" of SMTP could improve efficiency.

Integration with other technologies: Integrating SMTP with other technologies like REST APIs or message queues could enable more complex email workflows and features.

It's important to note that some of these improvements are already being addressed through extensions and best practices. However, there is still room for improvement in making SMTP a more secure, efficient, and reliable technology.

~~That said, it looks like Delta Chat doesn't actually use SMTP, having scanned through the website. Though I'm honestly unsure either way as it was only a scan.~~

Never mind:

Delta Chat doesn't use its own proprietary protocol. Instead, it cleverly leverages the existing email infrastructure for message delivery. Here's how it works:

Core Protocol: IMAP/SMTP - Delta Chat primarily uses the standard Internet Message Access Protocol (IMAP) for receiving messages and Simple Mail Transfer Protocol (SMTP) for sending them. These are the same protocols your regular email client uses.

Encryption: Autocrypt & OpenPGP - To ensure secure and private communication, Delta Chat implements end-to-end encryption using the Autocrypt standard and the OpenPGP standard. This means your messages are encrypted in such a way that only the intended recipient can decrypt and read them.

Secure Key Exchange: SecureJoin - Delta Chat also utilizes the SecureJoin protocol for secure key exchange. This helps to prevent man-in-the-middle attacks and ensures that only authorized parties can establish secure communication. In essence, Delta Chat works by:

Sending encrypted messages as emails: When you send a message in Delta Chat, it's actually sent as an encrypted email to the recipient's email address.

Receiving encrypted messages as emails: Delta Chat constantly checks your email inbox for new encrypted emails that are meant for you.

Decrypting and displaying messages: When a new encrypted email arrives, Delta Chat decrypts it and displays it to you in the chat interface. This approach has several advantages:

Decentralization: No central server is required to store your messages, making it more resistant to censorship and single points of failure.

Openness: It leverages existing email infrastructure, making it interoperable with any email provider.

Security: End-to-end encryption ensures that your messages remain private and secure.

If you're interested in learning more about the technical details, you can check out the cryptographic analysis of Delta Chat available on the Cryptology ePrint Archive: https://eprint.iacr.org/2024/918

[+] amzd -8 points 3 days ago (9 children)

I asked specifically for relevant issues and you just link general issues with smtp that have no impact on Delta Chat?

SMTP is not secure

Delta Chat sends encrypted messages over it so that’s irrelevant.

SMTP is not efficiency

Your phone can run LLMs, it can send a couple packets. Also this “chattyness” can be seen as an advantage as it is extremely robust and works on any network however inconsistent.

SMTP doesn’t have a way to ensure stuff is delivered

Yeah duh? It’s decentralized. You can’t ensure that the recipient doesn’t take down their server?…

Etc. I feel like I’m wasting my time replying to all these because it seems you didn’t even take the time to read them yourself.

[–] [email protected] 12 points 3 days ago (3 children)

I feel like I’m wasting my time replying to all these because it seems you didn’t even take the time to read them yourself.

I'm here trying to learn about Delta Chat and why you think it's a good app given the drawbacks of the approach they've taken. Over the years there's been an incredible amount of messengers pop up, 90 million from Google alone and none have opted for SMTP. There's surely a reason for that. From what I've learned, mostly thanks to Gemini, because holy fuck the Delta Chat website feels like something from 20 years ago and is purposely vague, the solution that Delta has gone for is just to add more layers. Again, something that the world has repeatedly opted against. I'm trying to understand why it's considered a good idea in this case and why so many teams and startups have decided not to use this methodology until now?

Jesus Christ, being curious shouldn't feel like a chore.

[–] JubilantJaguar 4 points 3 days ago (1 children)

It's considered a good idea because it runs over omnipresent, already-existent, distributed infrastructure. In other words, for this particular chat app, you don't even need to create an account. That is at very least an interesting and noteworthy feature.

[–] [email protected] 1 points 2 days ago (1 children)

So if you don't need to create an account, how do you know you're talking to who you think you're talking to?

I can see this being valuable as a Lemmy style service where I'm sharing information and reading information but want to be anonymous. But not a good service if I want to talk to my mom about a sensitive subject and protect my privacy.

[–] [email protected] 2 points 2 days ago

So if you don't need to create an account, how do you know you're talking to who you think you're talking to?

You use your email provider's credentials to log into the app, which then creates an IMAP folder called delta-chat which houses all those conversations.

You'd verify it's your mom by starting a chat with "[email protected]" she'd verify it's you by making sure it's coming from "[email protected]"

load more comments (1 replies)

load more comments (6 replies)

load more comments (10 replies)