Protonmail taken down by extremely powerful ddos attack

article link

ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday 3 November by what the company describes as an “extrememly powerful DDoS attack”.

In terms of scale of the attack, our IPs were targetted, then our datacenter in Switzerland, then the ISP that provides data to our datacenter. So the attack is very powerful and ongoing.

This is a problem i believe the safe network can solve from day 1; DDOS resilient encrypted mail app. For now bitmessage is the best alternative imo.


How does someone without your credentials write to your SAFE drive?
And how many PUTs a day would it cost to write 100 messages? I suppose 100.

From the messaging thread/rfc we found out that the messages do not cost resource/coin to send. One is just limited to a maximum of unread/unclaimed messages in the “outbox”.


I am a protonmail user and I continue to love and support the project. However, it shows how much something like SAFE is needed.


They don’t, they write to their outbox (Structured Data - so no PUT once created) and you receive a notification.

And how many PUTs a day would it cost to write 100 messages? I suppose 100.

None, because the messages you send sit in your SD outbox until the recipient decides to read/accept it.

At least that’s my understanding of the plan, but it is not implemented or even RFC yet, so subject to change.



1 Like

Okay, so you all are talking about SAFE messaging.

I was commenting on this:

Sure, SAFE messaging does work differently.

Likely to use messaging to implement email.

Basic safe “email” will fit in a message and anything over a certain size & attachments are stored in a chunk

1 Like

How would DDoS work in this case?
You still need to have your email servers work in order to be able to get your messages on SAFE…
(Again, I am referring to the OP’s comment about “DDOS resistant email”).

email: messages distributed by electronic means from one computer user to one or more recipients via a network.

Didn’t mean to imply using existing email network.

1 Like

Okay, so the topic is about offline P2P messaging inside of the SAFE network.

1 Like

You could just as well argue that email is a generic term and SMTP email is what you mean.

Email is just short for electronic mail after all.

1 Like

Anything goes, I have no stake in how we’re going to name things. I was just trying to clarify the scope.

Protonmail and other email apps shouldn’t be compared with apps like Bitmessage or SAFE Messaging which are normally referred to as instant messaging.

If I need to receive email from MasterXchange that notifies me they’ll close on Nov 15, how can Bitmessage address that need?

Yes, they all should protect data and aim to be DDoS-resistant, but it’d be helpful to readers if precise terminology was used. If anything else, this offline P2P messaging could be also called SAFE IM archiving. But if everyone wants to market it as the SAFE email, fine. It’s not going to work well for them and the audience, though.

1 Like

So if i am understanding you correctly, you think that client A and client B both need to be open at the same time to send and receive messages between each other and you think that those messages are not saved.

If client A and client B can send and recieve messages without needing them both open simultaneously, then i would say that its possible to recieve those notifications like email.

Client A and client B do not need to be open at the same time to send and recieve messages through bitmessage, once message is received at client B, message is saved on drive. If however client B does not acknowledge the message sent from client A (open the client) within 2 days of the message being sent then message will be erased from the bitmessage network. Client A(sender) also does not need to keep bitmessage client open in order to wait until reciever has aknowledged the message.

Before those details, realize that MasterXchange has no idea what your SAFE ID is.
Secondly, they don’t even know who’s a SAFE user and who might want to receive SAFE IM.
In case they knew which of their customers use SAFE and what their messaging ID’s are, they would have to be willing to contact some customers via email and others via SAFE IM.
Long story short, they are both messaging solutions, but archived SAFE IM can’t replace a DDoS-ed Protonmail.
That’s why if you tell people “I have a solution for your email system” and then introduce something that’s completely unrelated to email, you’ll probably end up wasting their time.

Whatcha picking at @janitor?

I agree that free SAFE messaging is not the end-all, and I honestly don’t know the details of how a SAFE version of email will work. But I also don’t doubt that (whether it costs something or not) that an email replacement which is DDoS proof/resistant is workable on the network, which I think is really the point of the thread to begin with.


Bitmessage (or safe mail) is defintely not “completely unrelated” to email. If i had an exchange, i could replace E-mail with bitmessage for pretty much everything. The exchange would require all users to ofcourse use Bitmessage but i don’t see how it wouldn’t work.

Support, account verification, withdraw verification, 2FA, news…etc

Really? Cool! How does that happen?

One way we could do is take same concept from I2Pbote, the messages are stored in cache level(all users store small chuck of unknown data, however data does not last more than 7 days.), and when user goes online, the mail release from the cache and send to the user.

And your $300K investment in the stock exchange would appeal to 37 customers.

By now SAFE DNS is not really DNS, NFS is not really NFS, and now there’s support for introducing email that not really email.
If this continues soon it will be possible to write a SAFE Enterprise Solutions Guide with all these apps (NFS, DNS, structured data, email, etc.) not a single one of which works the way people would expect from the app titles. It’s as if instead of using terms that correctly describe the technology (ex: archived IM instead of email), you want to appear to Google Search Engine rather than to human readers.

I already said I am not against that, I just stated my own opinion.

1 Like