Bangmail

Overview

Address Formatuser!domain
TransportSSH
EncryptionAES-256-GCM via BANGMAIL_KEY
Message FormatJSON
Storage ModelEphemeral — unread messages only

Address Format

//[user]![domain]

egneo!neoapps.dev

egalice!example.org

eganon!onion.site

Server Key

BANGMAIL_KEY is a text string used for encryption and decryption.

Set viaenvironment variable
Shared externallynever
Purposeencrypts stored messages at rest
Requiredserver won't run without it

Message Encryption

AlgorithmAES-256-GCM
Key derivationSHA-256 from BANGMAIL_KEY (or raw)
Nonce / IVrandom 12 bytes per message
Client-sideoptional pre-encryption before transport

Sending a Message

Client opens an SSH session to target domain on port 2222 (default)
Client runs a remote command over SSH: bangmail-receive [recipient]
Client streams the encrypted message payload over stdin

The server reads the stream, validates the command, and stores the message encrypted in the user's queue.

CLI — Send

bangmail send "neo!neoapps.dev" \
          --subject "yo" \
          --body "meet me at the base" \
          --from "sarah!sarah.dev"

Message Format

{
  "from": "sarah!sarah.dev",
  "to": "neo!neoapps.dev",
  "timestamp": 1721290001,
  "subject": "hello there",
  "body": "Encrypted or plaintext body",
  "nonce": "base64-encoded-12-bytes"
}

Receiving Messages

Client SSHes into their own server and runs bangmail-fetch [username]
Server decrypts and streams all unread messages as a JSON array
Messages are deleted from server immediately after delivery

CLI — Fetch

bangmail fetch "sarah!sarah.dev" > inbox.json

Message Retention

At restAES-256-GCM encrypted
After readdeleted immediately
TTLoptional (e.g. 24h expiry)

/var/lib/bangmail/inbox/[user]/msg-[timestamp].bmail

Authentication

SSH authnot required for inbound messages
Rate limitingoptional — key or IP based
Security modelencryption layer, not transport

bangmaild

The server daemon. Exposes an SSH server on a configurable port and handles all message I/O.

Listens onconfigurable port (default 2222)
Acceptsbangmail-receive [username]
Acceptsbangmail-fetch [username]
Storagereads/writes encrypted files to inbox
Cleanupdeletes messages after delivery

Philosophy

No Tracking No analytics, no read receipts

No Persistent Inbox Read-once then destroy

Decentralized Anyone can run a domain

No Central Server Each domain self-hosts

Encrypted by Default AES-256-GCM via BANGMAIL_KEY

Simple No complex protocols or APIs

SSH-Native Uses hardened existing transport

Feature Summary

Feature	Status
SSH-based messaging	✓ implemented
Text-based encryption key	✓ BANGMAIL_KEY
Read-once inbox	✓ implemented
No user accounts	✓ implemented
No server-side identity	✓ implemented
Client-side persistence	✓ implemented
Simple message format	✓ implemented