INK Public

INK EMAIL

DECENTRALIZED ENCRYPTED
EMAIL ECOSYSTEM

Presentation — May 7, 2026

THE PROBLEM 02

The Broken Inbox

0%

of all email traffic is spam

The business model

Your inbox is a product, not a service

Free email is ad-funded. Every message is scanned, profiled, and sold. You are not the customer. You are the inventory.

Gmail earns ~$12B/year from ads in your inbox. Providers profit from spam, not from fighting it.

Promo tabs, smart sorting, nudges. Designed to keep you in the feed. Email became an ad marketplace.

121B emails processed daily by Gmail alone

4B phishing emails sent daily worldwide

85% of the email market controlled by three companies

THE PROBLEM 03

The Breach Epidemic

0.0B

credentials stolen by infostealer malware in 2025

The real cost

A glass cube sold as titanium

Corporations have devalued your data and private conversations to raw material. Breaches are not accidents. They are a cost of doing business.

Your correspondence, contacts, and metadata sit on servers you do not control, protected by policies you did not write, under jurisdictions that do not answer to you.

You were told the walls were strong. In reality, you live in a glass cube. Everyone can see in. You just can't see out.

3B Yahoo accounts compromised. Largest breach in history

60K US State Dept emails stolen via Microsoft Exchange

16B leaked credentials discovered from infostealer malware

THE PROBLEM 04

Surveillance by Design

0.0M+

user accounts disclosed to US authorities since 2014

The excuse

"For the children" and "fighting terrorism"

Your fundamental right to privacy has been stripped away under the banner of protecting children and national security. The same companies that cite these causes exploit child labor in their supply chains.

We care about children and fighting terrorism too. At the very least, we don't exploit their labor like Google or Apple. And we still protect your data and your constitutional rights.

Privacy is not a loophole. It is a basic human right. The Fourth Amendment exists for a reason. Architecture that cannot surveil is the only architecture that never will.

+557% growth in Google data disclosure over the last decade

+927% growth in Apple data disclosure over the last decade

32% of Microsoft requests come with secrecy orders

THE PROBLEM 05

The Self-Hosting Trap

"After self-hosting my email for twenty-three years I have thrown in the towel. The oligopoly has won."
Carlos Fenollosa

The blind spot

Those who protect us are left unprotected

Self-hosted email is essential for enterprises, military, law enforcement, and government agencies that handle classified or sensitive communications daily.

Yet privacy-focused products are somehow afraid to serve the very institutions tasked with protecting the public. As a result, these agencies depend on infrastructure they cannot audit, control, or trust.

We don't pick sides. We build architecture. If it protects a journalist, it protects a detective. Encryption does not have a political opinion.

Zero self-hosted solutions offer built-in post-quantum E2EE

85% of email market controlled by three providers

24/7 operations burden: DNS, SPF, DKIM, DMARC, spam, updates

THE PROBLEM 06

The Web3 Email Mirage

"Decentralized email" became a buzzword. Projects raised millions, launched tokens, and promised a revolution. They delivered spam, speculation, and shutdown notices.

Dmail 4.9M wallets, $28M peak market cap. Shut down May 15, 2026. Token crashed 99.8%. The team admitted decentralized infra costs grew faster than users.

Mailchain Raised $4.6M. Down to 4 employees by 2024. Shut down May 5, 2026. Even the honest approach with no token couldn't find product-market fit.

EtherMail Raised $7.3M from Tim Draper and others. "Read-to-Earn" model flooded inboxes with ads. Token down 99.8%. Trust score: 17/100.

Skiff Built solid IPFS-based storage. Raised $14.2M. But was designed as a startup for acquisition, not a long-term system. Acquired by Notion in 2024, shut down within months.

THE ORIGIN 07

"We needed email that was private not by promise or policy, but by architecture. Where the server is physically unable to read what it stores."

Nothing on the market worked that way.
So we wrote our own.

Independently funded · No investors · No compromises · Privacy-first jurisdiction

THE DEMAND 08

"It turned out we weren't the only ones who dream of email like this."

An email that feels nothing like an ad platform or a security tool. Private by architecture, not policy. Precisely configurable, without the bloat.

Decentralization that's actually usable. Lightweight and hard to notice. Just like traditional email, but with a completely different architecture underneath. Not web3 slop. Utility.

What started as an internal utility became a product worth opening to the world.

THREE PILLARS 09

THE SOLUTION 10

INK

Decentralized encrypted email ecosystem

E2EE PQC Post-quantum encryption. We cannot read your emails.

Zero-Knowledge Server handles only ciphertext. Keys never leave your device.

Decentralized On-chain email delivery. No central point of failure or seizure.

Open Source AGPL-3.0 client. Verify every line of security-critical code.

Privacy not by policy, but by architecture.

ARCHITECTURE 11

Zero-Knowledge Architecture

All encryption and decryption happens on your device. The server never sees plaintext, keys, or passwords. It stores only ciphertext it cannot read.

Client Device Plaintext lives here. Private keys generated and stored locally. Nothing leaves unencrypted.

›

Local Encryption XChaCha20-Poly1305 + ML-KEM-768. Each message encrypted with a unique key before it leaves the device.

›

Encrypted Transit TLS 1.3 tunnel. Double-encrypted: E2EE payload inside a transport layer.

›

Server Storage Ciphertext only. RAM-only servers in Iceland. No disk persistence.

Zero knowledge means zero trust required. The server is physically unable to comply with data requests because it has no data to give.

ARCHITECTURE 12

What the Server Knows

Architecture-enforced defense against 5 threat classes: passive surveillance, server compromise, insider threats, legal compulsion, and quantum adversaries.

Server Stores

Encrypted ciphertext blobs

Public keys (X25519, Ed25519, ML-KEM)

Encrypted private key bundles

Account metadata (tier, quotas)

Delivery routing information

Server Cannot Access

Plaintext email content

Private encryption keys

Password (OPAQUE, never transmitted)

Contacts, labels, folders

Search index or message graph

CRYPTOGRAPHY 13

Cryptographic Stack

Eight battle-tested primitives. Each chosen for a specific role. No proprietary algorithms, no security through obscurity. Every component is a published standard with public audits and formal proofs.

ML-KEM-768 Post-Quantum Key Encapsulation. NIST-standardized lattice KEM.

X25519 Classical ECDH key agreement. Hybrid mode with ML-KEM.

XChaCha20-Poly1305 AEAD cipher. 256-bit key, 192-bit nonce. Encrypts every message.

Argon2id Memory-hard KDF. Resists GPU/ASIC brute-force.

HKDF-SHA256 Deterministic subkey derivation. Unique per-context keys.

Ed25519 + ML-DSA-65 Hybrid signatures. Classical + post-quantum lattice.

SHA-256 Merkle tree hashing for Key Transparency.

BLAKE2b Fast cryptographic hash for integrity verification.

Every primitive is an industry standard. No custom cryptography. If one component is compromised, the rest still hold.

CRYPTOGRAPHY 14

Hybrid Post-Quantum Encryption

Dual key encapsulation protects against both classical and quantum threats.

ML-KEM-768 Post-quantum key encapsulation mechanism

X25519 Classical elliptic-curve Diffie-Hellman

HKDF-SHA256 Combined shared secret derivation

XChaCha20-Poly1305 Authenticated encryption of message content

Today’s encryption. Tomorrow’s protection.

AUTHENTICATION 15

OPAQUE: Zero-Knowledge Auth

The server never sees your password. Not even during login.

Blind Client blinds password with random scalar

›

Evaluate Server evaluates OPRF on blinded input

›

Unblind Client unblinds result to derive export key

›

AKE Authenticated key exchange produces shared session key

RFC 9497 · Asymmetric PAKE · No password hashes stored server-side

AUTHENTICATION 16

Account Creation

01 Password Entry Client-side only. Never transmitted.

02 OPAQUE Registration Zero-knowledge credential created with server.

03 Export Key Derivation OPAQUE yields a key to encrypt the private keys.

04 Keypair Generation X25519, Ed25519, ML-KEM-768, ML-DSA-65 generated locally.

05 Key Encryption Private keys encrypted with the export key.

06 Upload Only encrypted bundles + public keys sent to server.

But all the user does is:

Open INK

›

Create login & password, bind TOTP / backup codes

›

Use email

PROTOCOL 17

Message Lifecycle

1 Compose

›

2 Session Key

›

3 Encrypt Body

›

4 Wrap Key

›

5 Sign

›

6 Transmit

›

7 Decrypt

Encrypt XChaCha20-Poly1305 with random session key

Wrap Session key encrypted per-recipient via hybrid PQ KEM

Sign Hybrid Ed25519 + ML-DSA-65 signature over ciphertext + metadata

PROTOCOL 18

Communication Flows

INK ↔ INK Full E2EE

Recipient’s public key fetched from key directory. Session key encrypted with hybrid ML-KEM-768 + X25519. End-to-end with forward secrecy via ephemeral keys.

INK → External Ephemeral Relay

Message encrypted and placed on an ephemeral relay. Recipient gets a link. Content decrypts in-browser via URL fragment key. Link expires after read or TTL.

External → INK Gateway Re-encryption

Inbound SMTP received by gateway. Message immediately encrypted with recipient’s public key. Plaintext purged from RAM. Never touches disk unencrypted.

Every path encrypted. No plaintext at rest. No exceptions.

INFRASTRUCTURE 19

RAM-Only Infrastructure

Data never touches a hard drive. Not once. Not ever.

Volatile Memory Only All encryption keys, session data, and billing metadata exist exclusively in RAM. Even payment processing is ephemeral. Reboot = complete erasure.

Iceland Jurisdiction No backdoor obligations. No mandatory data retention. No Five Eyes membership.

Physical Seizure = Zero Server confiscation yields only ciphertext on encrypted volumes. Keys were only in RAM. Now gone.

Volume encryption keys exist only in volatile memory. Power off = cryptographic erasure.

INFRASTRUCTURE 20

Key Transparency & Forward Secrecy

Key Transparency

Trust-on-first-use for initial key exchange

Merkle tree with hybrid Ed25519 + ML-DSA-65 signed roots

Consistency proofs detect silent key replacement

Auditable by any client at any time

Forward Secrecy

Ephemeral X25519 keypair per message

Keypair destroyed immediately after use

Configurable message TTL — ciphertext permanently deleted on expiry

Forward secrecy via ciphertext deletion, not key deletion

Key compromise ≠ historical exposure

Even a compromised key cannot unlock past conversations.

PRODUCT 21

Two inboxes. One interface.

Traditional Mailbox you@ink.email

SMTP Compatible Works with any provider

Full E2EE for INK↔INK. Standard SMTP for the rest of the world. Drop-in replacement for Gmail, Outlook, or any provider.

+

Decentralized Mailbox you.eth / blockchain address

On-chain routing Zero server dependency

Web3 domains as email addresses. IPFS-based delivery. Data never stored on INK servers. Only routing metadata.

Not “or/or.” It’s “and/and.” Traditional compatibility + full decentralization.

PRODUCT 22

Key Delegation Protocol

Your private key, split across unrelated systems. No single point of failure.

Private Key

→

Device Lost Key is not lost. Only one share was on the device

Device Stolen Attacker gets a useless fragment. Random noise without the rest

Digital Inheritance Trusted party holds a share. Combine with others to recover access.

Recovery Key 256-bit key generated at setup. Independently encrypts a backup of your private keys. Displayed once, stored offline. Lost password ≠ lost account.

Threshold K-of-N: need 2 of 3 shares to reconstruct. Partner protocol by our cryptographic partners.

FEATURES 23

Product Features

Private by architecture, not policy. Precisely configurable, without the bloat.

◆ Temporary Email Disposable addresses generated on the fly. Auto-expire after a set time or single use. No trace left behind.

◆ Email Aliases Up to 30 aliases per account. Maintain separate identities, all routed to a single encrypted inbox.

◆ Custom Domains Up to 10 domains per account. Full DNS management, catch-all support, and per-domain encryption policies.

◆ Password Emails E2EE for anyone. Sender sets a password → Argon2id derives the key locally → recipient gets a link → decrypts in browser. Password never touches the server.

◆ Email Migration One-click import from Gmail, Yahoo, Outlook, and IMAP providers. Preserve your full email history.

◆ Stealer Protection App-level defense against credential-stealing malware. Memory-safe key isolation and session binding.

◆ Offline Mode Read, compose, search, and manage folders without a connection. Syncs automatically on reconnect.

◆ Encrypted Calendars Fully encrypted calendars with secure sharing. Zero metadata leakage. Events visible only to participants.

8 features. Zero compromises. Every plan.

COMPARISON 24

Competitive Comparison

	INK	Tuta	Proton	Ether	Mbox
Zero-access encryption
E2EE PQC
No-backdoor jurisdiction
ZK auth (OPAQUE)
Forward secrecy
Key rotation & recovery
Decentralization
RAM-only servers
Stealer protection
Temporary email
Open source client
Password emails

6 features unique to INK. Zero compromises.

OPEN SOURCE 25

Open Source Model

If code touches your plaintext, keys, or password: it’s open.

AGPL-3.0 Client

All cryptographic operations Key generation & management Encryption & decryption UI & user-facing logic

Source-Available Server

Routing & storage Federation protocol Abuse detection Enterprise: full source access

Why not fully open?

Cloud Appropriation Prevents cloud providers from repackaging INK as a managed commodity service.

AI Code Laundering Source-available reduces automated code ingestion and relicensing by AI models.

Competitive Integrity Federation routing and abuse detection represent years of R&D investment.

Licensing boundary = trust boundary. If code touches your keys, it's open.

PRICING 26

DROP $0

Try it out for free

5 GB storage
1 email address
Community support

BOTTLE $8/mo

For personal use

60 GB storage
10 custom domains
Priority support

BUCKET $12/user/mo

For teams

1 TB storage
Admin console
Team management

Ocean For special enterprises

Self-host on your infra Full internal control Personal engineer

Fiat payments via partners · Crypto payments via self-hosted service

PLATFORM 27

Platform Availability

Any modern browser

Windows · macOS · Linux

iOS 16+ · Android 10+

Same encryption, same interface, every platform.

ROADMAP 28

Q3 2026

FIDO2 / WebAuthn hardware keys

Q4 2026

Independent security audits

Q1 2027

Open self-host program

INK exists to evolve, serve the community, and protect the right to private communication.

INK EMAIL 29

Your own email, finally.

ink.email