Email Validation Process

Tags:
Categories:

  4 minute read  

Email Validation Process

Youseddit’s email processing system provides a secure, privacy-first approach to establishing the provenance of email exchanges for use in verified quotes. This document explains the workflow for users submitting email source code.

Email Validation Workflow
sequenceDiagram title YouSeddit Email Processing Workflow participant User participant YP as YouSeddit Platform participant IPFS participant BC as Blockchain/Polygon %% Email Source Upload & Initial Processing User->>YP: Paste Email Source Code YP->>YP: Parse Email Headers (From, To, Date, Subject, Message-ID, etc.) YP->>IPFS: Store Full Email Source IPFS-->>YP: Return Source IPFS CID YP->>YP: Calculate Full Email Hash YP->>YP: Generate C2PA Manifest (Headers, UserID, Source CID) YP->>IPFS: Store C2PA Manifest IPFS-->>YP: Return C2PA Manifest CID YP->>BC: Record Initial Evidence (Full Hash, Source CID, C2PA CID, UserID) BC-->>YP: Return Transaction ID %% Quote Selection (Later) Note over User, YP: User selects a quote from the processed email source User->>YP: Select Quote Snippet YP->>YP: Calculate Snippet Hash YP->>BC: Add Snippet Hash to Evidence Record (using Full Hash or TxID) BC-->>YP: Confirm Snippet Hash Added %% Publication (Later) Note over User, YP: User decides to publish/make quote available User->>YP: Request to Publish Quote YP->>BC: Update Evidence Record (Set isPublished=true for Snippet Hash) BC-->>YP: Confirm Publication Status Update

Overview

The process is designed to:

  1. Verify that email content is properly encrypted and signed
  2. Confirm ownership of email addresses by all parties
  3. Create a verifiable attestation chain on the blockchain
  4. Maintain encryption of sensitive content
  5. Enable secure publication with consent of all parties

Email Processing & Provenance Score

Youseddit processes the raw source code of any email submitted via the web interface. While standard emails can be processed, the provenance and trustworthiness of the resulting quotes are significantly enhanced when the original emails utilize encryption and digital signatures (PGP/GnuPG or S/MIME).

Provenance Factors:

To quantify the trustworthiness of the email source, YouSeddit calculates a Provenance Score based on the following factors, primarily derived from analyzing the email source code:

  1. Initiator Email Encryption: Was the initial email in the thread encrypted using a recognized standard (PGP/GnuPG or S/MIME)?
  2. Initiator Email Signature: Was the initial email digitally signed using a verifiable key (PGP/GnuPG or S/MIME)?
  3. Responder Email Encryption: Was the response email encrypted using a recognized standard?
  4. Responder Email Signature: Was the response email digitally signed using a verifiable key?
  5. Header Integrity: Are standard email headers (From, To, Date, Message-ID) present and well-formed?

C2PA Metadata Attestation:

The calculated Provenance Score and the contributing factors are recorded within the C2PA manifest associated with the email source stored on IPFS. This provides a transparent record of the source’s technical verification level.

Furthermore, the C2PA metadata for each quote snippet includes:

  • A reference to the C2PA manifest of the full email source.
  • An indicator specifying whether the snippet is from the initiating email or a response.
  • If it’s a response, a reference linking it back to the initiating email’s evidence record.

Privacy Considerations

The system is designed with privacy as a core principle:

  • Zero Knowledge: YouSeddit never has access to decryption keys
  • Local Decryption: Initial decryption happens only on the journalist’s local machine
  • Consent-Based: All parties must provide explicit consent for attestation
  • Granular Control: Journalists control which quotes become searchable
  • GDPR Compliant: Personal data remains encrypted until explicitly published

Integration with C2PA

When quotes are published, they include C2PA manifests with:

{
  "assertions": [
    {
      "label": "youseddit.emailVerification",
      "data": {
        "threadHash": "0x8f41b8f5c4c5d3ae51e5434e7a654b0b2e0f12c6ea3d5348b4e2a4a4d2c2a2e",
        "senderVerified": true,
        "receiverVerified": true,
        "verificationType": "email_source_provenance",
        "verificationDate": "2025-04-02T15:23:19Z",
        "verificationStatus": "complete"
      }
    }
  ]
}

Benefits for Journalists

  • Source Protection: Sources’ identities remain protected through encryption
  • Verifiable Quotes: Provide irrefutable evidence of authentic quotes
  • Fast Verification: Streamlined process takes minutes to complete
  • Monetization: Option to sell verified quotes through the platform
  • Access Control: Full control over who can access full content

Benefits for Sources

  • Privacy Protection: Original email content is securely stored and not publicly accessible until publication is authorized.
  • Provenance Transparency: The calculated Provenance Score, stored in the C2PA metadata, clearly shows how the technical properties (headers, optional encryption/signing) of the original email contribute to its trustworthiness.
  • Publication Control: Sources maintain control over whether quotes derived from their emails are made public.
  • Monetization: Potential revenue sharing from quote licensing.

Common Questions

What if the source doesn’t respond to the validation request?

The journalist can still create a partial attestation showing they control the sender email. This creates a “one-sided” verification that’s noted in the blockchain record.

Can the email content be altered after validation?

No, any change to the content would change the cryptographic hash, invalidating the blockchain attestation. The system provides immutable proof of the original content.

What email clients are supported?

Youseddit processes the raw source code from any email client.

For the highest Provenance Score, using clients that support S/MIME or PGP/GnuPG encryption and digital signatures is recommended. Examples include:

  • Thunderbird (with relevant add-ons)
  • Apple Mail (with relevant plugins)
  • Outlook (with relevant plugins)
  • ProtonMail (built-in PGP)
  • Other clients supporting S/MIME or PGP/GnuPG standards

How is search privacy maintained?

When emails are indexed for search, access controls ensure that only search results from authorized content are displayed to users. Full content access still requires proper authorization through the smart contract.

Last modified July 6, 2025: Update deploy.yml (d65b9c1)