Notes about onion email addresses

doc/EN/usage_email.org

@@ -35,6 +35,8 @@ From https://motherboard.vice.com/read/email-encryption-is-broken:
 #+BEGIN_QUOTE
 /The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor/
 #+END_QUOTE
+
+A way to avoid these pitfalls altogether is to use onion addresses (see the section below) or [[./app_bdsmail.html][I2P addresses]] for email. These are not so convenient because they use long random strings which aren't memorable as addresses, but they do give a strong assurance that whoever recieves the message is the intended recipient and that emails can't be read passively during their transport across the internet.
 * Add a password to your GPG key
 If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.
 
@@ -219,5 +221,13 @@ ssh username@domainname -p 2222
 #+END_SRC
 
 Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
+* Using onion email addresses
+By default this system comes with the ability to send and receive emails using onion addresses as the domain name. On the *user control panel* if you select *Show your email address* then you should find one ending with /dot onion/. You will also see a QR code for that address, which provides a simple way to transfer it to a mobile phone if necessary.
+
+If you want to give your onion email address to someone else securely then you can use the QR code to transfer it to a phone and copy and paste the address into an encrypted chat app, such as Conversations. Of course they will probably also need to be running Freedombone or some system capable of handling onion email addresses.
+
+When sending email from an onion address it's not strictly necessary to use GPG/PGP. Tor handles the transport security by itself. You can still use it though if you prefer to have an extra layer of message security. You can also still use onion email addresses even if your ISP blocks the typical email ports (25 and 465).
+
+If you don't make your onion email address public then it should be fairly resisent to spam, since spammers won't be able to randomly guess onion addresses (there are far too many), whereas it's a lot easier for them to do that with conventional domain names.
 * Using I2P for email transport
 For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the [[./app_bdsmail.html][bdsmail app]]. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.

website/EN/usage_email.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 13:30 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="How to use email on Freedombone"
+<!-- 2018-04-15 Sun 10:21 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="How to use email on Freedombone"
  />
-<meta  name="keywords" content="freedombone, email" />
+<meta name="keywords" content="freedombone, email" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,7 +236,6 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
@@ -155,58 +246,58 @@ for the JavaScript code in this tag.
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 </colgroup>
 <tbody>
 <tr>
-<td class="left"><a href="#sec-1">Things to be aware of</a></td>
+<td class="org-left"><a href="#orgd5f2e56">Things to be aware of</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-2">A technical note about email transport security</a></td>
+<td class="org-left"><a href="#org48a61cb">A technical note about email transport security</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-3">Add a password to your GPG key</a></td>
+<td class="org-left"><a href="#org1b10215">Add a password to your GPG key</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-4">Publishing your GPG public key</a></td>
+<td class="org-left"><a href="#org1ef897d">Publishing your GPG public key</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-5">Mutt email client</a></td>
+<td class="org-left"><a href="#org8a05b94">Mutt email client</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-6">Thunderbird/Icedove</a></td>
+<td class="org-left"><a href="#org2924dea">Thunderbird/Icedove</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-7">Android apps</a></td>
+<td class="org-left"><a href="#org787310f">Android apps</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-8">Subscribing to mailing lists</a></td>
+<td class="org-left"><a href="#org7d93f5a">Subscribing to mailing lists</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-9">Adding email addresses to a group/folder</a></td>
+<td class="org-left"><a href="#org351d48f">Adding email addresses to a group/folder</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-10">Ignoring incoming emails</a></td>
+<td class="org-left"><a href="#org8827ad0">Ignoring incoming emails</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-11">Using I2P for email transport</a></td>
+<td class="org-left"><a href="#orga30bcb7">Using I2P for email transport</a></td>
 </tr>
 </tbody>
 </table>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Things to be aware of</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-orgd5f2e56" class="outline-2">
+<h2 id="orgd5f2e56">Things to be aware of</h2>
+<div class="outline-text-2" id="text-orgd5f2e56">
 <p>
 Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register.
 </p>
@@ -220,9 +311,9 @@ So if you want to use your own email address hosted on your own system you do ne
 </p>
 </div>
 </div>
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">A technical note about email transport security</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org48a61cb" class="outline-2">
+<h2 id="org48a61cb">A technical note about email transport security</h2>
+<div class="outline-text-2" id="text-org48a61cb">
 <p>
 Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are <a href="https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks">possible attacks against STARTTLS</a> in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
 </p>
@@ -236,23 +327,26 @@ From <a href="https://motherboard.vice.com/read/email-encryption-is-broken">http
 <i>The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor</i>
 </p>
 </blockquote>
+
+<p>
+A way to avoid these pitfalls altogether is to use onion addresses (see the section below) or <a href="./app_bdsmail.html">I2P addresses</a> for email. These are not so convenient because they use long random strings which aren't memorable as addresses, but they do give a strong assurance that whoever recieves the message is the intended recipient and that emails can't be read passively during their transport across the internet.
+</p>
 </div>
 </div>
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Add a password to your GPG key</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-org1b10215" class="outline-2">
+<h2 id="org1b10215">Add a password to your GPG key</h2>
+<div class="outline-text-2" id="text-org1b10215">
 <p>
 If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 gpg --edit-key username@domain
 passwd
 save
 quit
-exit
+<span class="org-keyword">exit</span>
 </pre>
 </div>
 
@@ -262,25 +356,24 @@ Having a password on your GPG key will prevent someone from reading your email <
 </div>
 </div>
 
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">Publishing your GPG public key</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-org1ef897d" class="outline-2">
+<h2 id="org1ef897d">Publishing your GPG public key</h2>
+<div class="outline-text-2" id="text-org1ef897d">
 <p>
 If you havn't already then you should publish your GPG public key so that others can find it.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 gpg --send-keys username@domainname
-exit
+<span class="org-keyword">exit</span>
 </pre>
 </div>
 </div>
 </div>
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Mutt email client</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-org8a05b94" class="outline-2">
+<h2 id="org8a05b94">Mutt email client</h2>
+<div class="outline-text-2" id="text-org8a05b94">
 
 <div class="figure">
 <p><img src="./images/mutt.jpeg" alt="mutt.jpeg" width="80%" align="center" />
@@ -292,7 +385,6 @@ Mutt is a terminal based email client which comes already installed onto the Fre
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
 </div>
@@ -313,124 +405,124 @@ Some useful keys to know are:
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 
-<col  class="left" />
+<col  class="org-left" />
 </colgroup>
 <tbody>
 <tr>
-<td class="left">"/"</td>
-<td class="left">Search for text within headers</td>
+<td class="org-left">"/"</td>
+<td class="org-left">Search for text within headers</td>
 </tr>
 
 <tr>
-<td class="left">*</td>
-<td class="left">Move to the last message</td>
+<td class="org-left">*</td>
+<td class="org-left">Move to the last message</td>
 </tr>
 
 <tr>
-<td class="left">TAB</td>
-<td class="left">Move to the next unread message</td>
+<td class="org-left">TAB</td>
+<td class="org-left">Move to the next unread message</td>
 </tr>
 
 <tr>
-<td class="left">d</td>
-<td class="left">Delete a message</td>
+<td class="org-left">d</td>
+<td class="org-left">Delete a message</td>
 </tr>
 
 <tr>
-<td class="left">u</td>
-<td class="left">Undelete a mail which is pending deletion</td>
+<td class="org-left">u</td>
+<td class="org-left">Undelete a mail which is pending deletion</td>
 </tr>
 
 <tr>
-<td class="left">$</td>
-<td class="left">Delete all messages selected and check for new messages</td>
+<td class="org-left">$</td>
+<td class="org-left">Delete all messages selected and check for new messages</td>
 </tr>
 
 <tr>
-<td class="left">a</td>
-<td class="left">Add to the address book</td>
+<td class="org-left">a</td>
+<td class="org-left">Add to the address book</td>
 </tr>
 
 <tr>
-<td class="left">m</td>
-<td class="left">Send a new mail</td>
+<td class="org-left">m</td>
+<td class="org-left">Send a new mail</td>
 </tr>
 
 <tr>
-<td class="left">ESC-m</td>
-<td class="left">Mark all messages as having been read</td>
+<td class="org-left">ESC-m</td>
+<td class="org-left">Mark all messages as having been read</td>
 </tr>
 
 <tr>
-<td class="left">S</td>
-<td class="left">Mark a message as spam</td>
+<td class="org-left">S</td>
+<td class="org-left">Mark a message as spam</td>
 </tr>
 
 <tr>
-<td class="left">H</td>
-<td class="left">Mark a message as ham</td>
+<td class="org-left">H</td>
+<td class="org-left">Mark a message as ham</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-b</td>
-<td class="left">Toggle side bar on/off</td>
+<td class="org-left">CTRL-b</td>
+<td class="org-left">Toggle side bar on/off</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-n</td>
-<td class="left">Next mailbox (on side bar)</td>
+<td class="org-left">CTRL-n</td>
+<td class="org-left">Next mailbox (on side bar)</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-p</td>
-<td class="left">Previous mailbox (on side bar)</td>
+<td class="org-left">CTRL-p</td>
+<td class="org-left">Previous mailbox (on side bar)</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-o</td>
-<td class="left">Open mailbox (on side bar)</td>
+<td class="org-left">CTRL-o</td>
+<td class="org-left">Open mailbox (on side bar)</td>
 </tr>
 
 <tr>
-<td class="left">r</td>
-<td class="left">Reply to an email</td>
+<td class="org-left">r</td>
+<td class="org-left">Reply to an email</td>
 </tr>
 
 <tr>
-<td class="left">L</td>
-<td class="left">Reply to a mailing list email</td>
+<td class="org-left">L</td>
+<td class="org-left">Reply to a mailing list email</td>
 </tr>
 
 <tr>
-<td class="left">]</td>
-<td class="left">Expand or collapse all threads</td>
+<td class="org-left">]</td>
+<td class="org-left">Expand or collapse all threads</td>
 </tr>
 
 <tr>
-<td class="left">[</td>
-<td class="left">Expand of collapse the current thread</td>
+<td class="org-left">[</td>
+<td class="org-left">Expand of collapse the current thread</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-k</td>
-<td class="left">Import a PGP/GPG public key</td>
+<td class="org-left">CTRL-k</td>
+<td class="org-left">Import a PGP/GPG public key</td>
 </tr>
 
 <tr>
-<td class="left">v</td>
-<td class="left">View current email in different formats, such as HTML</td>
+<td class="org-left">v</td>
+<td class="org-left">View current email in different formats, such as HTML</td>
 </tr>
 
 <tr>
-<td class="left">CTRL-u</td>
-<td class="left">View long URLs</td>
+<td class="org-left">CTRL-u</td>
+<td class="org-left">View long URLs</td>
 </tr>
 
 <tr>
-<td class="left">q</td>
-<td class="left">Quit</td>
+<td class="org-left">q</td>
+<td class="org-left">Quit</td>
 </tr>
 </tbody>
 </table>
@@ -453,9 +545,9 @@ There is one irksome thing about email within mutt, and that's if you get sent a
 </div>
 </div>
 
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Thunderbird/Icedove</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-org2924dea" class="outline-2">
+<h2 id="org2924dea">Thunderbird/Icedove</h2>
+<div class="outline-text-2" id="text-org2924dea">
 <p>
 Another common way in which you may want to access email is via Thunderbird (also known as Icedove on Debian).  This may be especially useful if you're trying to convert former Windows users who may previously have been using some version of Outlook.
 </p>
@@ -465,9 +557,9 @@ The following instructions should be carried out on the client machines (laptop,
 </p>
 </div>
 
-<div id="outline-container-sec-6-0-1" class="outline-4">
-<h4 id="sec-6-0-1">Initial setup</h4>
-<div class="outline-text-4" id="text-6-0-1">
+<div id="outline-container-orged0c1fb" class="outline-4">
+<h4 id="orged0c1fb">Initial setup</h4>
+<div class="outline-text-4" id="text-orged0c1fb">
 <p>
 Install <b>Thunderbird</b> and <b>Enigmail</b>.  How you do this just depends upon your distro and software manager or "app store".
 </p>
@@ -493,12 +585,9 @@ The settings should be as follows, substituting <i>mydomainname.com</i> for your
 </p>
 
 <ul class="org-ul">
-<li>Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password
-</li>
-<li>Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password
-</li>
-<li>Username: myusername
-</li>
+<li>Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password</li>
+<li>Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password</li>
+<li>Username: myusername</li>
 </ul>
 
 <p>
@@ -526,15 +615,14 @@ Select "<b>yes</b>" to change default settings.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-6-0-2" class="outline-4">
-<h4 id="sec-6-0-2">Import your GPG keys</h4>
-<div class="outline-text-4" id="text-6-0-2">
+<div id="outline-container-orgc277e0c" class="outline-4">
+<h4 id="orgc277e0c">Import your GPG keys</h4>
+<div class="outline-text-4" id="text-orgc277e0c">
 <p>
 On the Freedombone export your GPG public and private keys.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 gpg --list-keys username@domainname
 gpg --output ~/public_key.gpg --armor --export KEY_ID
@@ -547,7 +635,6 @@ On your laptop or desktop you can import the keys with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">scp -P 2222 username@domain:/home/username/*.gpg ~/
 </pre>
 </div>
@@ -569,7 +656,6 @@ Remove your exported key files, both on your laptop/desktop and also on the Free
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">shred -zu ~/public_key.gpg
 shred -zu ~/private_key.gpg
 </pre>
@@ -577,9 +663,9 @@ shred -zu ~/private_key.gpg
 </div>
 </div>
 
-<div id="outline-container-sec-6-0-3" class="outline-4">
-<h4 id="sec-6-0-3">Using for the first time</h4>
-<div class="outline-text-4" id="text-6-0-3">
+<div id="outline-container-org651a746" class="outline-4">
+<h4 id="org651a746">Using for the first time</h4>
+<div class="outline-text-4" id="text-org651a746">
 <p>
 Click on the Thunderbird menu, which looks like three horizontal bars on the right hand side.
 </p>
@@ -614,9 +700,9 @@ Get into the habit of using email encryption and encourage others to do so.  Rem
 </div>
 </div>
 
-<div id="outline-container-sec-6-0-4" class="outline-4">
-<h4 id="sec-6-0-4">Making folders visible</h4>
-<div class="outline-text-4" id="text-6-0-4">
+<div id="outline-container-orge19cc4d" class="outline-4">
+<h4 id="orge19cc4d">Making folders visible</h4>
+<div class="outline-text-4" id="text-orge19cc4d">
 <p>
 By default you won't be able to see any folders which you may have created earlier using the <i>mailinglistrule</i> script.  To make folders visible select:
 </p>
@@ -632,23 +718,22 @@ Make sure that "<b>show only subscribed folders</b>" is not checked.  Then click
 </div>
 </div>
 
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Android apps</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org787310f" class="outline-2">
+<h2 id="org787310f">Android apps</h2>
+<div class="outline-text-2" id="text-org787310f">
 <p>
 Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead <a href="./app_mailpile.html">install Mailpile</a> and access your email via the webmail interface.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">Subscribing to mailing lists</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org7d93f5a" class="outline-2">
+<h2 id="org7d93f5a">Subscribing to mailing lists</h2>
+<div class="outline-text-2" id="text-org7d93f5a">
 <p>
 To subscribe to a mailing list log in as your user (i.e. not the root user).
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
 </div>
@@ -658,15 +743,14 @@ Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>A
 </p>
 </div>
 </div>
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Adding email addresses to a group/folder</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-org351d48f" class="outline-2">
+<h2 id="org351d48f">Adding email addresses to a group/folder</h2>
+<div class="outline-text-2" id="text-org351d48f">
 <p>
 Similar to adding mailing list folders you can also add specified email addresses into a group/folder.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
 </div>
@@ -676,15 +760,14 @@ Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>A
 </p>
 </div>
 </div>
-<div id="outline-container-sec-10" class="outline-2">
-<h2 id="sec-10">Ignoring incoming emails</h2>
-<div class="outline-text-2" id="text-10">
+<div id="outline-container-org8827ad0" class="outline-2">
+<h2 id="org8827ad0">Ignoring incoming emails</h2>
+<div class="outline-text-2" id="text-org8827ad0">
 <p>
 It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
 </div>
@@ -694,9 +777,29 @@ Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>B
 </p>
 </div>
 </div>
-<div id="outline-container-sec-11" class="outline-2">
-<h2 id="sec-11">Using I2P for email transport</h2>
-<div class="outline-text-2" id="text-11">
+<div id="outline-container-org6796124" class="outline-2">
+<h2 id="org6796124">Using onion email addresses</h2>
+<div class="outline-text-2" id="text-org6796124">
+<p>
+By default this system comes with the ability to send and receive emails using onion addresses as the domain name. On the <b>user control panel</b> if you select <b>Show your email address</b> then you should find one ending with <i>dot onion</i>. You will also see a QR code for that address, which provides a simple way to transfer it to a mobile phone if necessary.
+</p>
+
+<p>
+If you want to give your onion email address to someone else securely then you can use the QR code to transfer it to a phone and copy and paste the address into an encrypted chat app, such as Conversations. Of course they will probably also need to be running Freedombone or some system capable of handling onion email addresses.
+</p>
+
+<p>
+When sending email from an onion address it's not strictly necessary to use GPG/PGP. Tor handles the transport security by itself. You can still use it though if you prefer to have an extra layer of message security. You can also still use onion email addresses even if your ISP blocks the typical email ports (25 and 465).
+</p>
+
+<p>
+If you don't make your onion email address public then it should be fairly resisent to spam, since spammers won't be able to randomly guess onion addresses (there are far too many), whereas it's a lot easier for them to do that with conventional domain names.
+</p>
+</div>
+</div>
+<div id="outline-container-orga30bcb7" class="outline-2">
+<h2 id="orga30bcb7">Using I2P for email transport</h2>
+<div class="outline-text-2" id="text-orga30bcb7">
 <p>
 For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the <a href="./app_bdsmail.html">bdsmail app</a>. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.
 </p>