near.email
Developer DocsBack to app

How near.email works

Secure, private email for the NEAR ecosystem

In Short

  • Your emails are end-to-end encrypted — only you can read them
  • Your NEAR account is your email: alice.near = alice@near.email
  • No passwords, no registration — just connect your wallet
  • Server runs in a Trusted Execution Environment (TEE) — even operators can't access your data

What is near.email?

near.email is a blockchain-native email service for the NEAR ecosystem. Every NEAR account automatically has a corresponding email address: if your account is alice.near, your email is alice@near.email.

New to NEAR? NEAR blockchain uses human-readable account names like alice.near or company.near instead of long hex addresses. You control your account with a wallet secured by a seed phrase.

You can send and receive emails to/from any regular email address (Gmail, Outlook, etc.) while enjoying the security benefits of blockchain-based identity and end-to-end encryption.

near.email is built on NEAR Outlayer — a platform for verifiable off-chain computation with TEE attestation. This means every operation is cryptographically proven to run correct code inside a hardware-protected environment.

How Your Emails Stay Private

End-to-End Encryption

Every email is encrypted with a key derived from your NEAR account. When you sign a transaction with your wallet, you prove ownership of your account, and only then can the system decrypt your emails.

Technical detail: We use ECIES (Elliptic Curve Integrated Encryption Scheme) with secp256k1 curves. Each email is encrypted with a unique ephemeral key, and only your account's derived private key can decrypt it.

Trusted Execution Environment (TEE)

The email server runs inside Intel TDX — a hardware-isolated environment that even the server operators cannot access. The code running inside is open source and verifiable.

Every request is attested: Each API call returns a cryptographic proof (TEE attestation) that can be independently verified. This proves that the exact published code processed your request inside a secure enclave.

To compromise this system, an attacker would need to: break Intel TDX hardware security (which has been audited by Google and Microsoft security teams with all found issues patched). No known practical attack exists against current TDX implementations.

What this means: Even if someone gains physical access to the server, they cannot read your emails or extract encryption keys. You can verify the attestation to confirm that untampered code ran your request. Learn more about TEE attestation verification.

Your Wallet = Your Identity

No passwords to remember or leak. Your NEAR wallet cryptographically proves who you are. If you control alice.near, you automatically own alice@near.email.

No phishing risk: Unlike traditional email where attackers can steal passwords, your NEAR keys stay in your wallet and are never transmitted.

NEAR MPC Network

Encryption keys for your emails are derived using NEAR Chain Signatures — a decentralized Multi-Party Computation (MPC) network run by independent validators including Pagoda, Luganodes, and InfStones.

No single point of failure: The full private key never exists in one place. Validators jointly sign using threshold cryptography — even if some nodes are compromised, the key remains secure. The network is expanding to 40+ nodes with 27 required for any signature.

What this means: To compromise key derivation, an attacker would need to simultaneously compromise a majority of independent, geographically distributed validator nodes — practically impossible.

What the Server Can and Cannot See

Cannot See

  • ✗ Email content (subject, body)
  • ✗ Attachments
  • ✗ Your private keys
  • ✗ Decrypted data of any kind

Can See (metadata)

  • ✓ Sender/recipient addresses
  • ✓ Timestamp of emails
  • ✓ Encrypted blob size
  • ✓ Your NEAR account ID

Note: Metadata visibility is similar to traditional email services. The key difference is that your actual email content is always encrypted and inaccessible, even to us.

Comparison with Other Email Services

FeatureGmailProtonMailnear.email
Provider can read emailsYesWith passwordNo (TEE)
Password can be stolenYesYesNo password
Verifiable server codeNoNoYes (attestation)
Government subpoenaFull accessEncryptedEncrypted
Account recoveryPhone/emailRecovery phraseWallet seed
Send to regular emailYesYesYes

Key difference from ProtonMail: ProtonMail encrypts your emails, but you must trust that their servers do what they claim. near.email uses TEE attestation — you can cryptographically verify that the correct code ran.

Technical Flow

1

Receiving External Email

When someone sends email to alice@near.email from Gmail/Outlook, our SMTP server receives it inside the TEE, immediately encrypts it with alice.near's public key, stores only the encrypted blob, and deletes the original. The plaintext email never touches persistent storage.

2

Sending Email

You compose an email normally. If the recipient is a NEAR account (bob@near.email), the email is encrypted and stored directly — no external servers involved, no trace left outside. If sending to Gmail/Outlook, the TEE sends it via SMTP and keeps an encrypted copy in your Sent folder.

3

Reading Email

When you connect your wallet and request emails, you sign a message proving you own your account. The TEE decrypts emails using your derived key and re-encrypts them for secure transmission to your browser. Without your NEAR account, no one can access your emails — not even us.

Key point: The server only stores encrypted data. If the database is stolen, attackers get useless encrypted blobs. Only your NEAR wallet can decrypt your emails.

Size Limits

Due to blockchain and encryption overhead, there are limits on email and attachment sizes:

LimitBlockchain ModeHTTPS Mode
Send: per file5 MB5 MB
Send: total (body + attachments)7 MB7 MB
Download attachment1.1 MB18 MB
Max response size1.5 MB25 MB

HTTPS Mode uses a Payment Key from OutLayer Dashboard for higher limits. It's faster and supports larger attachments while maintaining the same security guarantees.

Payment Keys: Alternative Access Method

near.email supports two access methods with identical security guarantees. Both use the same TEE-protected code and encryption. The difference is how you authenticate and pay.

Blockchain Mode

  • • Sign each request with wallet
  • • Pay gas fees per transaction
  • • Max 7 MB send (with attachments)
  • • Max 1.1 MB attachment download
  • • No prepayment needed

HTTPS Mode (Payment Key)

  • • No wallet popups needed
  • • Prepaid USD balance (cheaper)
  • • Max 7 MB send (with attachments)
  • • Max 18 MB attachment download
  • • Same TEE security

How to Get a Payment Key

  1. 1Go to OutLayer Dashboard → Payment Keys
  2. 2Create a new key and add USD balance (minimum $0.10)
  3. 3Copy the key (format: owner:nonce:secret)
  4. 4In near.email, click your avatar → Configure Payment Key → Paste and save

Typical cost: ~$0.001 per email operation. A $1 balance lasts for hundreds of emails.

Frequently Asked Questions

Can you read my emails?
No. Emails are encrypted before storage, and the encryption keys are derived inside a TEE that we cannot access. Even with full database access, we would only see encrypted blobs.
What if I lose access to my NEAR account?
Your emails can only be decrypted with your NEAR account keys. If you lose your seed phrase, you lose access to your emails permanently. This is the tradeoff for true ownership — no "forgot password" recovery exists.
Can governments force you to hand over my emails?
We can only provide encrypted data — the same data any attacker would get in a breach. Without your NEAR private key, the emails cannot be decrypted. We literally cannot comply with decryption requests even if we wanted to.
Is the code open source?
Yes. The WASI module running inside the TEE is open source and can be verified. The TEE provides attestation proving that the published code is what's actually running.
Can I send emails to regular email addresses?
Yes. You can send to and receive from any email address (Gmail, Outlook, etc.). Emails to external addresses are sent via standard SMTP. Emails stored on our side remain encrypted.
Is it free? How much does it cost?
Blockchain mode: You pay NEAR gas fees (~0.001 NEAR per operation, fractions of a cent).

HTTPS mode (Payment Key): ~$0.001 per operation from your prepaid USD balance. A $1 balance lasts for hundreds of emails.

There are no subscription fees or monthly charges.
What is a Payment Key?
A Payment Key is a prepaid API key that allows you to use HTTPS mode instead of blockchain transactions. Benefits: no wallet popups, larger attachment downloads (18 MB vs 1.1 MB), cheaper than gas fees. Same security guarantees as blockchain mode. Create one at OutLayer Dashboard. Typical cost is ~$0.001 per operation.
How can I verify that the code is really secure?
Every request returns a TEE attestation — a cryptographic proof from Intel hardware that specific code ran inside a secure enclave. You can verify this attestation independently using our verification guide. The WASI module source code is open source and the attestation proves that exact code (by hash) processed your request.
What is NEAR Outlayer?
NEAR Outlayer is the platform that powers near.email. It provides verifiable off-chain computation with TEE attestation for the NEAR ecosystem. Developers can build secure applications where users can cryptographically verify what code ran on their data.
How is this different from ProtonMail?
Both encrypt your emails, but the trust model differs:

ProtonMail: You trust that their servers run the code they claim. There's no way to independently verify this.

near.email: Server runs in a hardware-protected TEE (Intel TDX). Every request returns a cryptographic attestation proving exactly what code ran. You can verify this independently — no trust required.

Additionally, near.email uses your blockchain wallet instead of a password, eliminating phishing and credential theft risks.

Trust Model Summary

With near.email, you trust:

  • Intel TDX hardware — that it correctly isolates the TEE (audited by Google & Microsoft)
  • NEAR MPC Network — independent validators for key derivation
  • Open source code — which you can audit and verify via attestation
  • Standard cryptography — ECIES, AES-GCM (widely audited algorithms)

You do not need to trust the operators, hosting provider, or database administrators.

What would it take to compromise near.email?

An attacker would need to accomplish at least one of these extremely difficult tasks:

  • Break Intel TDX — no known practical attack exists; all found vulnerabilities have been patched
  • Compromise 27+ of 40 MPC validators — simultaneously, across independent organizations worldwide
  • Break ECIES/secp256k1 cryptography — would require breaking Bitcoin's security too
  • Steal your NEAR wallet keys — but that's your responsibility, not ours
Go to near.email

Powered by NEAR Outlayer