01. Isolated

Dombox addresses are isolated. If you create an email address for example.com, only mails from example.com will be accepted by default. However, example.com can whitelist more domains. If that's the case, then the email address can accept mails from those whitelisted domains too.

A hacker can hack "example.com" and obtain your email address. But, without having access to the "example.com" DNS, it will be very hard to deliver mails to the email address.

02. Privacy-Focused

Millions of websites on the internet supports Gravatar in comments and profile. These websites need to build gravatar urls using your email address hash.

Most Gravatar urls are public and can be crawled. A Google search for your "email address hash" may reveal all your internet activities even if you never signed up for Gravatar.

Since Dombox addresses are isolated, the hash will be unique for each and every website. So Dombox offers higher privacy. Click here to learn more about the privacy issue we are talking about.

03. Double Opt-In

A study shows 23.6% of subscribers fails to verify their email address.

Good news is, Dombox addresses are Double Opt-In by default. Meaning, no email address verification is required in order to comply with country-specific anti-spam laws which requires user consent and keeping those consent records.

This is because, "Dombox addresses" needs to be created first. e.g. twitter.com cannot deliver mails to twitter.com@test123.domboxmail.com, unless the end user create that address first. So the consent is given during address creation.

04. Background Verification

While address verification is not required, it makes sense to verify a user during signup in order to prevent account creation abuse.

SMTP, the technology responsible for transmitting mails already supports email address verification via VRFY command since 1982.

With Dombox, You can verify an email address in less than a second by sending a verification request. You usually do that when a user submit the signup form. If the address is valid, we will respond with the dombox address creation time in unix timestamp format.

Compare the address creation timestamp with current timestamp. If the difference is not more than 5 minutes, then most likely it was created by the person who submitted the signup form. 

twitter.com connecting with its IP address [54.156.255.69]
220 mail.domboxmail.com Dombox SMTP Service Ready
HELO mail.twitter.com
250 Hello, nice to meet you, mail.twitter.com
MAIL FROM:<dombox-verify@twitter.com>
Fetching SPF record from MAIL FROM domain twitter.com.
"v=spf1 ip4:199.16.156.0/22 ip4:54.156.255.69 -all"
IP address [54.156.255.69] is ALLOWED to send mails for twitter.com.
250 OK
VRFY <twitter.com@test123.domboxmail.com>
250 ONLINE-1577836800
VRFY <amazon.com@test123.domboxmail.com>
MAIL FROM domain is not amazon.com.
So fetching SAD record from _sad.amazon.com.
"v=sad1 amazon.co.uk amazon.ca amazon.in -all"
MAIL FROM domain twitter.com not whitelisted in amazon.com SAD.
252 UNAUTHORIZED
VRFY <facebook.com@test123.domboxmail.com>
MAIL FROM domain is not facebook.com.
So fetching SAD record from _sad.facebook.com.
No SAD record found. Falling back to SPF record.
Fetching SPF record from facebook.com.
"v=spf1 ip4:66.220.144.128/25 ip4:69.171.244.0/23 -all"
IP address [54.156.255.69] is NOT ALLOWED to send mails for facebook.com.
252 UNAUTHORIZED
QUIT
221 Bye

05. Standardized

Dombox addresses follow a standardized address structure.

We don't use random strings in our addresses to make them unique. We use the Domkey user provided. So dombox addresses are Human-Friendly.

Put it this way, you can easily guess the dombox address for Quora.com without relying on any tools.

06. Unique

Dombox addresses are unique. At any point of time, a user can have only one address with an entity.

While Dombox addresses can be deleted by default, recreation always end up with the same address.

Dombox stands for "Domain-based Isolated mailbox". So Domboxmail is an Isolated Email Service, not a Disposable Email Service. Dombox addresses are not suited for creating throwaway accounts.

07. Disposable *

While we don't consider our service as "Disposable Email Service", we do offer the "disposable" feature, partially.

We don't want our users to be in a bad marriage forever. As of 2019, around 354 million registered domains out there. It's really hard to differentiate good domains from bad domains. So Dombox addresses are disposable by default.

* Dombox addresses are not disposable when the domain is our Exclusive Portal Partner.

08. Make Offline *

When a Dombox address goes offline, it offers the same function as deletion. However, we reject the incoming mails with an error like "550 INACTIVE ADDRESS".

Whereas, when the dombox address get deleted, we reject the incoming mails with an error like "550 INVALID ADDRESS"

* Dombox addresses cannot go offline when the domain is our Exclusive Portal Partner.

09. Subscribe with Dombox

"Subscribe with Dombox" button is our One-Click Newsletter Subscription button. It's similar to "Facebook Like" button you see on websites, but for newsletter subscriptions. [Refer Video]

"Subscribe with Dombox" is not a replacement for third-party services like mailchimp. It only makes the subscription process easier.

Subscription events will be encypted and then posted to the webhook endpoints provided by the "Dombox Domain" owner.


Watch Video

10. Pre-SignUp with Dombox

Budding entrepreneurs usually don't have enough money until they bring investors on-board.

While building their product, they can now accept pre-signups via our "Pre-SignUp with Dombox" button without spending a dime. [Refer Video]

Note: "Pre-SignUp with Dombox" is not a different product. It's the same as "Subscribe with Dombox". Only the button label is changed.

11. Sign In with Dombox

"Sign In with Dombox" is a privacy-focused alternative for "Sign in with Google" and "Sign in with Facebook".

Apple copied "Sign In with Dombox" as "Sign in with Apple". Learn more about what's going on between Dombox and Apple here.


Watch Video

12. Exclusive Portals

Exclusive Portals offers persistence. It works exactly like "Sign In with Dombox" except we revoke box deletion and offline privileges from the end user.

So unlike other disposable email services, Dombox is not suited for creating throwaway accounts.

Remember, Dombox is an Isolated Email Service, not a Disposable Email Service.

13. Sender Alias Domains (SAD)

When a dombox created for Google, the address will be google.com@domkey.domboxmail.com.

However, companies like Google owns hundreds of domains. There should be some flexibility. That's why we come up with a new DNS TXT record called "SAD record". SAD stands for "Sender Alias Domains".

Since our solution utilises DNS, all self-hosted Dombox mail servers can benefit from the SAD record.

14. Parent-Child Relationships

If you are Amazon, you want your users to create Domboxes for the parent domain amazon.com

Whenever we receive a "New Dombox" request, we will fetch the SAD record of the input domain. If "box" keyword found, we will create a box for that domain.

amazon.in can suggest us to create Dombox for the parent domain using the "box" keyword like this. _sad.amazon.in => "v=sad1 box:amazon.com -all"

15. Customizable

Wanna use your own domain instead of domboxmail.com for receiver domain?

Yes, you can. That's why we standardized our address structure.

Most likely, our software will be free for non-commercial use. So in the future, you can host our dombox mail system on your own servers.

16. Consistent

Our solution brings a way to prevent outgoing email spam at the source itself.

When end users create dombox address for an entity, the local part will always be the same. Only "Domkey" and "Receiver Domain" will be different.

So, If you are a business like Mailchimp, then ask the business owners to verify their "Dombox Domain" before sending out mails for those addresses.