PurelyMail: Addressing Security, Features, And Optimizations

PurelyMail is an amazing email service, but like any platform, it has areas for improvement. This article compiles a list of security concerns, optimization suggestions, and feature requests to enhance the user experience and overall service quality of PurelyMail.

Security Concerns

Security should be a top priority for any email service, and PurelyMail is no exception. One major concern revolves around the handling of sensitive information such as 2FA secret keys, 2FA recovery keys, and app passwords. Currently, these critical pieces of data are fully visible on the user's profile after creation. This practice raises significant security red flags, particularly regarding how these items are stored in the database. Ideally, upon generation and validation, this sensitive information should be displayed to the client-side only and then securely stored using a technology akin to "PostgresSQL Vault." This method employs an API to manage access, ensuring the API remains secret yet secure for backend use. Platforms like Supabase facilitate this approach effectively on self-hosted instances.

Furthermore, the generation of backup and application keys appears to be less secure than necessary. These keys, often composed of short strings of 4-digit numbers or lowercase letters, could be more robust to prevent unauthorized access. Implementing stronger, more complex key generation algorithms is crucial for bolstering overall security. Addressing these vulnerabilities promptly will significantly enhance user trust and protect sensitive information from potential threats.

Another critical area for improvement is encryption in transit. While services like Zoho offer encryption during data transmission, PurelyMail should also prioritize this security measure. Exploring the implementation of proxies or tunnels to ensure Transport Layer Security (TLS) encryption, ideally version 1.4 or higher, during email transmission is essential. This will protect data while it is being sent between servers, adding an extra layer of security against eavesdropping and data breaches. By adopting these measures, PurelyMail can assure its users that their communications are secure and private.

Optimization Suggestions: Enhancing User Experience

Beyond security, several optimizations can significantly enhance the user experience on PurelyMail. These improvements range from minor tweaks to more significant feature additions, all aimed at making the platform more versatile and user-friendly.

Whitelabeling and Theme Options

One notable enhancement would be the introduction of whitelabeling or theme options for the login and webmail portals. Whitelabeling allows businesses to customize the interface with their branding, providing a more professional and cohesive user experience. Similarly, theme options enable users to personalize the look and feel of their email interface, enhancing overall satisfaction. In addition to visual customization, incorporating more business-centric features like shared CalDav and To-Do lists would make PurelyMail an even more attractive option for businesses and teams. These collaborative tools are essential for streamlining workflows and improving productivity, addressing a critical need for many users.

Private Enterprise Offerings

Another optimization opportunity lies in PurelyMail's business model. Currently, there is no clear option for users to leverage the platform for private, enterprise-level offerings with dedicated support. Implementing a structure where users can be charged a flat rate plus associated cloud costs (such as AWS) would open up a new revenue stream and cater to businesses needing robust, supported email solutions. This approach not only broadens PurelyMail's market appeal but also provides a valuable service for businesses that require more personalized support and infrastructure. By offering this option, PurelyMail can position itself as a viable alternative to more expensive enterprise email services.

DNS Management and Mailing Tasks

Improving DNS management is another area where PurelyMail can streamline user experience. Currently, there is no option to download a zone file under the DNS entries generated for a domain. Providing a downloadable zone file would simplify the process of adding DNS records to services like Cloudflare, making it easier for users to manage their domain settings. This small addition can save users time and reduce the complexity of DNS configuration.

Additionally, PurelyMail could benefit from a clearer plan for handling larger mailing tasks. Currently, there is no dedicated solution for users who need to send marketing emails, client lists, or high-traffic OTP and password reset emails. Implementing a system that supports whitelisted marketing campaigns, potentially after Know Your Customer (KYC) verification, would address this need. Services like Didit.me offer reliable KYC solutions and provide a certain number of free ID, face, and liveness checks per month, which could be integrated into PurelyMail's system. By accommodating larger mailing tasks, PurelyMail can cater to a broader range of users with diverse communication needs.

Transparency and SMTP Relay Setup

Enhancing transparency regarding security practices is crucial for building user trust. Currently, there is no readily available information about security audits, encryption at rest, or minimal information gathering policies. Providing clear and accessible audits would reassure users that their data is being handled with utmost care. This transparency can be a significant competitive advantage, particularly in a market where data privacy is increasingly valued.

Furthermore, PurelyMail could improve its SMTP relay setup process. Currently, there is no straightforward menu or guide for setting up PurelyMail as an SMTP relay, similar to services like Amazon SES. Clear pricing on usage for SMTP relay services is also lacking. Simplifying the setup process and providing transparent pricing would make PurelyMail a more attractive option for users needing reliable SMTP services. This would streamline integration with other applications and services, making PurelyMail a more versatile tool.

CalDav and Task List Management

Improving the management of CalDav and task lists is another area for optimization. Currently, there is no dedicated management tool for these features within the online interface. Implementing a user-friendly management tool for CalDav and task lists would enhance the overall organization and productivity for users. This addition would align PurelyMail with modern productivity standards, making it a more complete solution for managing communications and tasks.

Email Deliverability

Finally, addressing deliverability issues, particularly with services like ProtonMail, is essential. Some users have reported poor deliverability to ProtonMail addresses, potentially due to the lack of forced TLS 1.4-1.6 encryption upon sending. Ensuring compatibility with modern encryption standards is crucial for reliable email delivery. Addressing these deliverability concerns will ensure that users can communicate effectively with contacts on various email platforms, improving the overall reliability of PurelyMail.

Feature Requests: Expanding PurelyMail's Capabilities

In addition to security enhancements and optimizations, several feature requests could significantly expand PurelyMail's capabilities and attract a broader user base. These features range from quality-of-life improvements to more substantial additions that would position PurelyMail as a leader in the email service market.

A detailed list of feature requests has been compiled elsewhere, encompassing a variety of suggestions that could further improve PurelyMail's functionality and user experience. These requests cover various aspects, including user interface enhancements, additional integrations, and advanced email management tools. By considering and implementing these feature requests, PurelyMail can continue to evolve and meet the changing needs of its users.

Conclusion

PurelyMail has the potential to be a leading email service provider by addressing the security concerns, implementing the optimization suggestions, and considering the feature requests outlined in this article. Prioritizing security enhancements is crucial for building user trust and protecting sensitive information. Streamlining user experience through optimizations like whitelabeling, DNS management, and improved SMTP relay setup will make the platform more versatile and user-friendly.

Expanding capabilities with new features and maintaining transparency about security practices will further solidify PurelyMail's position in the market. By continuously striving for improvement, PurelyMail can provide a secure, reliable, and feature-rich email service that meets the needs of a diverse user base. For further reading on email security best practices, consider visiting the Electronic Frontier Foundation (EFF), a leading nonprofit organization defending civil liberties in the digital world.