Deploy e2ee email

[Mike Dewhirst]

Chemintro makes significant use of email, eg., to notify users when AICIS moves the goalposts for one or other of their chemicals.

Email is generally insecure and the chemical industry has always been properly sensitive about trade secret security.

We will now deploy end-to-end-encrypted¹ (e2ee) email between Chemintro and all users.

Our research has rejected some systems as being too fragile and/or too complex. We have now decided on Protonmail (servers in Switzerland) as offering the most efficient and robust e2ee mechanism as follows:

• Chemintro sends all mail, TLS encrypted, directly to Protonmail's e2ee mail server
• Protonmail delivers the encrypted² mail to the recipient

¹ Email metadata such as sender, recipient, subject line, and timestamps are typically not encrypted, as these are required for routing and delivery
² TLS encrypted rather than e2ee in the last leg if the recipient is not a Protonmail subscriber. Therefore, users needing e2ee must use a Protonmail address for receiving their Chemintro notifications. Subscription is free for a single Protonmail address.