Status (22 August 2024)
Release 6: Improved protection against Business Email Compromise (BEC)
- All sub-domains that are not allowed to send emails are now protected by securing their respective MX, SPF, DKIM and DMARC records.
- DANE records have been refreshed. The main change was the 211 rollover record.
Release 5: Improved operational resilience and set a new standard
- We now have two mail servers for improved operational resilence.
- The primary MX is "secure.hard.email" and the secondary MX is "reliable.hard.email".
- Both use (a) completely different cloud service providers, (b) data centres in two different countries and continents, (c) different operating systems, (d)different open source software versions and (e) different backup arrangements.
- This reduces the chances of both servers going down in a cyber attack or insider threat.
Release 4: Improved "Forward Secrecy" and re-established the bleeding edge
- The whole stack has been brought to the bleeding edge of technology. This includes the latest Ubuntu (Development Branch), Linux Kernel 6.9rc, OpenSSL 3.2, and all other updates.
- Aligned with the Dutch NCSC IT Security Guidelines for TLS, I disabled the "aDH" Anonymous Elliptic-curve Diffie-Hellman key exchange.
- Temporarily, I have reintroduced TLS1.2 as some of the tools used for testing break. Of course, with Forward Secrecy only. Once testing is completed, I will go back to TLS 1.3 only..
Release 3: An Innovative Minimalist Approach to Cybersecurity
This morning (21 Aug 2023), I engaged the services of a professional hacker from Eastern Europe to test the security of my server, located at https://hard.email. This server represents an academic proof of concept that has advanced to Release 3 of enhancements, with the overarching goal of surpassing the best in the world.
In Release 1, we demonstrated the potential to rival Soverin, which is the world's premier mail server, in my opinion.
In Release 2, we substantiated both qualitative and quantitative improvements when compared to the world's leading providers, including Soverin, Protonmail, and Tutanota.
Now, in Release 3, the time has come to distinguish ourselves from these industry leaders, as well as the rest of the field, through innovation. I have adopted a 'Minimalist Approach' to achieve superior cybersecurity. Traditional online services such as Sucuri and tools commonly employed by penetration testers like Zap have been rendered ineffective. They have all been rendered obsolete.
Let's see what Sergey can uncover through his hacking efforts. I will keep you updated.
Release 2: Comparison with the World's best
The academic proof-of-concept at "Hard.Email" is consistently improving upon the top three competitors.
Release 1: OSINT result - At par with the best
In an extremely competitive environment, I would consider Protonmail, Tutanota and Soverin to be the world's best email services. My objective is to do better than Soverin.net. That's all.
Features of the academic proof-of-concept
Bleeding Edge Stack
Built with absolutely the latest hypervisor, operating system, Linux kernel, webserver, vpn and mail transfer agent. Anything newer simply does not exist.
Zero Trust Architecture
Our email service operates on a zero-trust model. There is complete separation between the mail transfer agent and mail access.
Reasonably Quantum Safe Cryptography
Rest easy knowing that our handpicked encryption protocols are made reasonably quantum-safe through additional layers of security, safeguarding your communications from future threats.
Entirely Made from Open Source
We believe in transparency and trust, which is why our entire email service is built using open-source technologies.
Based on "CrowdHacking"
Join our community of security experts and enthusiasts to collectively improve the email service through crowdhacking.