Proton Mail gets a feature that verifies email addresses via blockchain
Proton is introducing a security feature for its email service that allows email addresses to be verified to prevent spoofing. The function uses the blockchain to check whether the public key of the intended recipient matches.
The so-called Key Transparency function must be there according to Proton ensure that users do not accidentally send an email to a spoofed email address. Here, the mail client checks whether the public key stored in the Proton server matches the one in the Key Transparency directory, which is stored on a private blockchain.
Because the database is decentralized, it cannot be compromised by third parties. This ensures that the service encrypts the email with the correct public key, and not with that of a user of a spoofed email address. If the latter is the case, users will see a warning when composing the email and it will not be possible to send the email.
Proton states that the public keys are not stored directly in the directory, but are hashed. The company also emphasizes that this feature has nothing to do with cryptocurrency. The feature is currently in beta testing. Proton CEO Andy Yen explains to Fortune that it may eventually be necessary to switch to a public blockchain ‘to ensure that verification is reliable’.
Proton Mail had been using the PGP encryption protocol for years to encrypt the contents of emails end-to-end. E-mails that are sent are automatically encrypted with a public key of the recipient, and can only be decrypted with the recipient’s private key. However, this protocol is not resistant to man-in-the-middle attacks, says Yen. It cannot be determined whether the public key actually belongs to the intended recipient. By the way, the company has already the Address Verification function released, where users can manually check the public keys of contacts, but now this must be done automatically.
If the public key does not match, a red warning icon will appear next to the receiver instead of a blue lock