Commercialization

Having re-read the interview with Frank&Thomas, I stumbled over the ‘not yet’ for the commercialization.
Having said that email is insecure by design, this might be the part where commercialization can start:

  • consulting about building an enclosed, secure, internal mail environment
  • creating such a service using roundcube, nextcloud, imap (only for RC access), smtp

Email is still popular because it is decentralised and therefore allows you to communicate with the whole world. There are already better tools in Nextcloud for secure communication and file sharing. For example, Nextcloud Talk combined with file sharing.

I mean, why would you use email to send links to files, or even duplicate files just to attach them to an email?

Because you want to send it to someone outside of your organisation who doesn’t have an account on your Nextcloud server. If that person was part of your organisation, they would have an account on your Nextcloud server and there would be no reason to use email at all.

…and for communicating with people who don’t have an account on your super-secure-end-to-end-encrypted-internal-email-solution, it won’t help either, because your server would have to send the message to an external email server, which means most of the security issues with email would be back in play.

Frank and the Nextcloud developers have repeatedly said that they don’t want to maintain a mail server. However, you can of course use Nextcloud Mail or Roundcube with your own self-hosted internal mail server, and as long as you configure it securely and only use it internally, nobody outside your organisation can read your emails.

Of course, they could reinvent the wheel and build a fully end-to-end encrypted email solution like Protonmail that you could host on-premises and integrate with Nextcloud. However, this would require a server component and dedicated client applications for all platforms, which is not likely to happen. And even a solution like this wouldn’t make sending emails to other email providers any more secure.

So again, I don’t think it would be worth the effort, because for internal (and external) communication there are already better tools available in Nextcloud, and for external communication via Email it wouldn’t really help that much.

Indeed. But fortunately Nextcloud AIO now (since v7.8.0 Beta) integrates a mail server as a community container. See all-in-one/community-containers/stalwart at main · nextcloud/all-in-one · GitHub

3 Likes

We don’t know anything yet. I suppose they work on a better integration, that roundcube can easily connect to a carddav addressbook, recognize appointments, ics-files and automatically create an event in your caldav calendar.

Not sure from the development side, you could go in a direction that roundcube and the mail client benefit from common modules. Or they just share experience, the Nextcloud people for a more modern interface and the roundcube people for more specific knowledge about mail content.

Making mail better and more secure is difficult. You have open protocols that everyone supports, and changing that is very hard. You can avoid sending data directly, but people can still pass malicious data through a cloud service, if the mail is not encrypted, such links can be read or modified, …

1 Like

Oh nice, Stalwart. It has JMAP support :slight_smile: Unfortunately, JMAP clients still seem to be rare. But I’ll have to do a test installation sometime. I’m currently using Mailcow, which is also nice, but feels like complete overkill for the few mail accounts I host myself, and I don’t even use the groupware part of it because I don’t like SoGo and, you probably guessed it, I have Nextcloud for that :wink:

1 Like

It wasn’t that difficult to add automatic pgp encryption for zero access, with choice of all mail, by alias, or as a filter action to roundcube. A working caldav calendar plugin, that’s been a bit more difficult.