First Look: Bitmessage – Email for the Paranoid

Bitmessage LogoToday’s environment of heavy Internet surveillance has spawned all sorts of secure options, but one of the more difficult-to-secure services is email. We use it often, but the nature of centralized email servers is often too open for those that wish to keep conversations private. Even in cases where the email services appear secure, we’ve seen the central authorities shut down in the face of apparent government involvement. While the options are currently very thin, one that is gaining attention is Bitmessage. I’ll take look at this new messaging tool and what promises to be a new way of sending messages.

Getting Bitmessage is easy if you use Windows. You just download the client application and run it. The application will automatically connect you to the greater Bitmessage network. If you have used the Bitcoin tool, you’ll be familiar with how Bitmessage operates. To start, you’ll probably want to create an address, so you’ll head to tab “Your Identities” tab. Click “New” and follow the the process. What gets generated is an address such as this (it’s actually my valid address, go ahead and message me):


The random numbers and characters are what you think of as your email address. While, that isn’t as easy as, you can be sure, at least, that spammers aren’t going to have an easy time guessing it. This is the address you want to give to those wishing to message you. Bitmessage lets you create a number of addresses, if you were thinking one would be only for friends, one would be public, and so on.

Bitmessage showing a new message

To send your first message, click on the “Send” tab and fill out the message fields much like you would in any mail client. As a first address, use BM-orkCbppXWSqPpAxnz6jnfTZ2djb5pJKDb. Bitmessage provides this as an echo service that will immediately reply to your message. It’s a great way to see what it looks like when a new message comes in. That’s the entire process.

The client is very bare-bones, offering email as what appears to be text-only. Images can’t be embedded, links are not converted and no active content (such as HTML or Javascript) is parsed. This may change in the future, but it makes sense as a secure tool.

Bitmessage Portable ModeOf course there are more advanced features here. In the Windows client you have the ability to run in a “portable” mode. This keeps all of your configuration, messages and settings local to the client’s binary. If you change computers often, this is incredibly useful. If you wanted to be a better citizen and become a part of the greater network, you can forward ports to the IP address of the computer running Bitmessage.

A common email function is that of mailing lists. Bitmessage implements mailing lists by way of a signature tab and these too can be decentralized. If you wanted to make a mailing list that keeps the author’s identity hidden, this appears possible.

Right now, the client is simple and other operating systems require compilation, so this is very early in the application’s lifespan. If you are looking for a more secure email alterative, this tool is worth a look.

While using Bitmessage,  I have come to understand more of how it functions:

1. Messages sent over the network without the target client running, stay on the system for 2.5 days. When the message stays un-sent, the sender will retry again[1].

2. Attachments are not support in the Windows client, but the client does have the option to parse HTML, allowing for embedded and attached images. Some on the system seem to have a problem with rendering HTML because of the tracking possibilities[2].

3. Messages deleted from the Windows client are moved to a “Trash”, though this is simply part of the larger messages data file, and not easily found. When you purge the “Trash”, Bitmessage appears to recreate the entire message database without what you’ve previously deleted.

Bitmessage is a decentralized  and trustless open source email system. Windows, OS X, and Linux clients are available. The makers of Bitmessage appear to be looking for an independant security auditor.

1. I’m told the retry interval gets larger as each retry happens. Presumably the sender gives up at some point.
2. Adding attachments is done by manually adding HTML code or base64 encoded information. The Windows client can not do it natively.