Imagine a communication protocol mainly controlled by the GAFAM , with security so weak it can’t even protect message content, and features barely adequate for the 1980s.
Now picture this protocol being used by 4.48 billion people and in nearly every business.⁰
Once a technology is deeply entrenched, it’s hard to abandon, no matter how absurdly obsolete it becomes. This is email’s story. We’re all holding out for the moment we can finally abandon this outdated technology.
The time has come to fundamentally understand this technology in order to find a way to replace it.
Why is email outdated ?
Decentralized in theory, centralized in practice
Email was built to be decentralized: no central authority, just independent servers exchanging messages. But in reality, setting up your own mail server requires serious resources, money, time, and technical know-how. Worse, modern anti-spam filters make it almost impossible for self-hosted servers to avoid being blacklisted. ¹
This is why most people rely on free email providers like Google’s Gmail or Microsoft’s Outlook.
This monopoly of large platforms over our emails is a problem. Notably for our privacy : despite all their promises, email service providers have the technical ability to read all our emails. It’s also a problem of dependence on these platforms, making it increasingly difficult to create independent email services. ²
We can say it with certainty: email’s original decentralized vision is long dead.
Poor security, very poor privacy
By default, emails are not encrypted. This fact is rather alarming. It means all our emails are easily accessible to governments and corporations, which together pose a massive threat to our privacy.³
When you send an email to a recipient, you’re not just sending it to them, you’re sharing it with numerous untrusted actors who can store and analyze both the content and all associated metadata before it even reaches its destination.⁴
One solution is to use end-to-end encryption for emails, as offered by certain services. However, this approach is highly limited because it requires the recipient to also have encryption enabled, which is rarely the case.
Even if everyone agreed to encrypt email content, two major privacy issues would persist:
-
Email service providers could still access the emails, as they control the servers.
-
Metadata would remain exposed and could be analyzed on a large scale to infer information nearly as sensitive as the content itself
As we can sadly observe, with emails, data security and information confidentiality are not guaranteed at all. Moreover, protection against attacks is also not guaranteed. Security issues go beyond human vulnerabilities, such as viruses in attachments or social engineering attacks like phishing and extend to fundamental flaws in email protocols themselves, such as email spoofing⁵ or the lack of authentication security⁶ .
Lack of important features
Although this may not be as critical as the previous issues, it is essential for a modern messaging protocol to include certain key features. Email relies on protocols that all date back to the 1980s and have barely evolved since then⁷ ⁸ ⁹. This profound lack of modernity is very noticeable.
Email’s Replacement
It is clear that the question is no longer whether email as we know it will be replaced by another technology, but rather when, by what, and how.
However, there is another question we must answer first : Why do we still use emails ?
I certainly haven’t told you anything new by saying emails are obsolete, yet we all continue to use them on a massive scale. Is it simply because replacing such a widely adopted technology is difficult? In my view, if emails remain so deeply ingrained, it’s because there is still no credible alternative to date.
Of course, over the past few years, we’ve developed a vast array of messaging systems, more instant, secure, confidential, user-friendly, and feature-rich than ever. However, it would be a misunderstanding of how we use email to think that current messaging platforms like WhatsApp, Signal, or MS Teams (hell no!) could ever truly compete with it. Even though, for the most part, these solutions outperform email in many ways.
Email replaced part of traditional mail, while WhatsApp-like instant messaging apps have partly replaced oral communication. These two technologies are fundamentally different and cannot be interchangeable.
These differences lie primarily in the user interfaces implemented by clients :
| Feature | Instant messaging apps | |
|---|---|---|
| Message Format | Short, informal, chat-like | Long, formal, structured |
| Integration | Limited APIs, bots | Extensive |
| User Identity | Phone number/email | Domain-based email address |
| Offline Access | Limited | Full offline access |
| Message Editing | Edit/delete sent messages | No editing after sending |
All these differences make email far more suitable for formal messages, such as in a professional setting.
Based on the elements above, here’s what a credible alternative to email would notably need to be :
Designed for formal messages
This is certainly what defines a true alternative to email and not just another messaging app. A design tailored for formal and long messages notably includes:
-
A dedicated field for the recipient’s address
-
The ability to define a subject line
-
A text field for the content that occupies a large part of the screen
-
Formatting options (bold, lists, fonts, etc.)
-
The ability to add a predefined signature block
Non-editable messages
This feature is more important than one might think. Indeed, it is crucial, especially in a business context to be able to use a sent message or a reply as a legally valid document.
Identification by domain name
This is a key element that, among other things, helps verify the credibility of a contact. Indeed, the Internet identifier format¹⁰ , meaning "nom@domain" (e.g., john@example.com), is very practical for identifying a user. However, it offers more possibilities than a simple username, as it also allows verification that a contact has been authorized to create this address by the domain provider. For this, the domain provider used in the address does not need to have any privileged access to the client's email information.
Private & Secure
Privacy being a fundamental right, it should not rely on trust in unreliable actors. This is one of the main challenges for any potential alternative to current email. To effectively protect confidentiality and security, the following measures must be included:
-
Effectively combat security vulnerabilities
-
End-to-end encryption (E2EE) by default
-
Minimize metadata exposure in messages
-
Protection against trackers ¹¹
-
Publicly verifiable, open-source
-
No dependency on a single actor (see below)
(Fully) Decentralized
A communication method this important must not depend on a single provider that could control, monitor, or censor our messages. Current email protocols are already designed to be decentralized, but as we’ve observed, this decentralization is barely effective.
The successor to email must be truly decentralized. That means it must not simply rely on a few providers, as is currently the case. The current model of dependence on mail servers, which are difficult to set up and costly, is not suitable for a genuinely distributed network. In our future communication network, clients must either be direct nodes in the network or rely on a multitude of relays.
Decentralization must in no way compromise message security. Asymmetric cryptography must be implemented so that even a malicious actor within the network has no privileged access to messages or the metadata associated with them, such as the very existence of the message.
Nostr as an alternative to email
With significant development, Nostr could exhibit the necessary features to offer a credible alternative to email.
If you don't yet know what nostr is, I invite you to discover this technology, for example with this excellent explanation: nostr.how
The key point for an email alternative is to preserve the formal message structure. A new Nostr client would need to be developed with a design similar to current email clients. The interface should allow users to write a subject and a long-form message. Most importantly, this new application must be easy to use and accessible to all types of users, without requiring any prior knowledge of Nostr.
Nostr can already be used to send private messages, for example, by leveraging NIP-17, which enables encrypted messaging with minimal metadata exposure. Secure messaging implementations built on Nostr, such as White Noise , demonstrate that it is entirely possible to create a messaging system with very high security standards using this protocol.
As for identification using a domain name, this functionality was added with NIP-05 , which allows users to have an identifier similar to an email address, such as <<user@example.com>>. The domain provider must authorize the user to identify themselves with it but holds no additional control over the user or their messages.
NIP-17 already supports sending messages to multiple recipients simultaneously, adding a message subject, and managing replies. It thus provides a secure and suitable solution without requiring the implementation of a new NIP specific to our project.
A new Nostr client for email is one of several potential solutions that could help protect privacy while improving the experience for 56% of the global population ¹². I don’t think it’s an exaggeration to consider replacing outdated email protocols as one of the greatest digital challenges of our time.
As with so many problems, Nostr could be the solution. ¹³