Definitely. Alias is for increasing privacy, so we need strong guarantees.

The current plan for increasing privacy:

1️⃣ Open-source, so you can verify the code

2️⃣ Emails are stored as Private DMs, so encrypted

3️⃣ Your data is stored on nostr, so you can anytime move

I see 2 biggest problems now:

1️⃣ Smtp receives the emails in plain text

2️⃣ If your private key is compromised, your email history is compromised

The 2️⃣nd is a general nostr problem, so probably we get to use a solution, or I will think about one, if the base is ready.

The 1️⃣st seems kind of the toughest on the trust side, because you have to trust the smtp server relaying your mails onto nostr. As the rest is already happening behind private messaging/data storage on nostr.

I want to solve first the 1️⃣st problem.

Until that, if I release, source code can be verified, and smtp code will be small, so easy to verify.

Also I don't plan to read/associate or scan emails. This means spam filtering has to be solved on the user side, as usual on nostr. And because smtp code will be small, it will be easy for you to verify that no reading or so happening there.

But I want to minimize the trust further, but not yet know how. Maybe somehow I shall host the smtp servers for the users, therefore, they always control how their emails are relayed.