Using email addresses as ENS names

File this under “things to explore after we get DNSSEC integration working”. I’m not 100% sure this will work, but I’m throwing it out there for feedback. If we decide this is a bad idea, that’s cool too.


Most of the digerati have their own domains (e.g., virgil.gr), or will be willing to get their own .eth name. But in web2, we are usually identified by our email address, and it would be a win for UX if we could bring that same functionality to web3/ENS.

If your mailserver has ethereum-compatible DKIM signatures, I think there’s a way to do it. It’d go something like this:

  1. You go to a registration page, presumably on ens.domains, but you could use any frontend you want. (Akin to how there’s two frontends for uniswap, uniswap.exchange and uniswap.ninja)
  2. Using Metamask, you submit a request to have your email address, [email protected], be controlled by your metamask ethereum address, 0x12345.
  3. You send an email from [email protected] to a special address, say [email protected] In this email’s subject line you include the address 0x1234, the same address as in Step 2.
  4. A script watching the mailbox [email protected] sees the request, and does the following:
    a) it verifies the DKIM signature.
    b) If correct, and looks for a matching HTTP session with 0x12345. If so, it uses javacsript to fill-in the DKIM signature.
  5. The user submits a second request using Metamask including the DKIM signature for the email address [email protected].
  6. There’s now an ENS record for name [email protected] to be controlled by address 0x12345.

Caveats:

  • The mail-server of example.com will have to sign its DKIM signatures using algorithms that can be verified on-chain.
  • The mail-server of example.com will always be take away your name by submitting a new proof for your email address to be associated with a new ethereum address. This obviously gives an email address of an ENS name a backdoor. But I’m not sure whether this is qualitatively different than the existing situation for DNS names. If you own example.com, and if for whatever reason your registrar or the .com registry really didn’t like you, either one could always take away your ENS name of example.com. With email address, the agents who could take away your name is simply expanded to include whoever controls the DKIM keys of your mail server.
  • AFAIK, corporations often don’t protect their DKIM keys very carefully because of their limited utilty in anti-spam.

That’s all I got.

I’ve briefly pondered something similar before, on learning about DKIM.

Why does the user need to sign the DKIM signature using Metamask, though? Isn’t it enough to receive a signed message claiming an address as the canonical one for an email?

The other question is - what next? Once someone’s “claimed” their email and associated it with an Ethereum address, what can we do with it?