Security

Five layers of proof.
No vendor trust required.

Every email sent through AUBOSmail is bound to an immutable, third-party-verifiable record. Below is exactly how it's built — every layer documented, every check you can run yourself.

01
Canonical JSON

At send time, the Block document is serialized via JCS — deterministic key ordering, no whitespace, fixed number formatting. The same input always produces the same bytes.

RFC 8785 (JCS)spec ↗
02
Content hash

SHA-256 over the canonical bytes. Embedded in the X-AUBOSmail-Content-Hash header AND a plaintext footer line, so it survives even if HTML is stripped. DKIM signs both.

SHA-256 + DKIMspec ↗
03
WORM snapshot

Canonical JSON, rendered HTML/AMP/text, full RFC 5322 message, and DKIM signature stored in Cloudflare R2 with Object Lock. Even AUBOSmail with admin creds cannot edit or delete.

R2 Object Lock (S3 Compliance mode)spec ↗
04
Append-only ledger

send_proofs table is INSERT-only. UPDATE and DELETE are revoked from service_role at the database level. Every send adds one row with content_hash, DKIM signature, recipient hash, sent_at, and a Merkle leaf.

Postgres (Supabase)
05
Bitcoin anchor

Daily Merkle tree of all leaves; root signed with Ed25519 + published to /proof/roots/<date>; root hash committed to Bitcoin via OpenTimestamps. Anyone can verify the chain without trusting us.

OpenTimestamps + Ed25519spec ↗
Verify in your browser

Don't trust us. Verify.

Every send has a public proof page at aubosmail.com/proof/<send_id>. Click "Verify in browser." The page runs four checks locally using Web Crypto:

  1. Content hash — fetches canonical JSON from R2, recomputes SHA-256, compares to send_proofs.content_hash.
  2. DKIM signature — fetches the original RFC 5322 message, looks up the sender's _domainkey via DNS-over-HTTPS, verifies the body signature.
  3. Merkle proof — recomputes merkle_leaf = sha256(content_hash ‖ recipient_hash ‖ sent_at), walks the proof path to the daily root.
  4. Bitcoin anchor — checks the OpenTimestamps proof for the daily root. The Bitcoin block timestamp must precede the claimed sent_at.

All four green = the email was sent at the time and content claimed, signed by the sender's domain, and has been publicly anchored on Bitcoin since the next-day Merkle root was published. AUBOSmail itself cannot fake or alter this record.

Compliance

Built for global send.

The compliance gate fires at POST /v1/send — before the message is rendered. It checks:

  • Recipient jurisdiction — classified at import time. EU/UK/CA/AU recipients require explicit consent for marketing-style sends. Personal-provider addresses (Gmail/Outlook) are flagged but not blocked.
  • Suppression list — bounces, complaints, unsubscribes propagate across the tenant's campaigns within seconds.
  • Sender authentication — DKIM/SPF/DMARC must be green on the From: domain. Auto-provisioned via Cloudflare API in ~90 seconds.
  • Anti-phishing — lookalike-domain blocker on signup; URL safety check on outbound links; Tier-A content-addressed assets (image URLs are SHA-256 of bytes, can't be swapped).
  • Audit log — every action INSERT-only, REVOKE UPDATE/DELETE from service_role. Tamper-evident.
Subprocessors

Who else touches your data.

SubprocessorPurposeRegionData
Cloudflare R2WORM proof storage (Object Lock)US / EUEmail content + RFC 5322 message
SupabaseManaged Postgres (operational data)US-East-2User accounts, send metadata, analytics
Cloudflare DNSDNS auto-provisioning + DDoS protectionGlobalDNS records (no PII)
KamateraVPS hosting (MTA + API + dashboard)US-TX (Dallas)In-flight email content (transient)
Twilio / Msg91SMS OTP delivery (business signup)US / INPhone number + 6-digit OTP
OpenTimestampsBitcoin timestamping (free, decentralized)GlobalDaily Merkle root hash (no PII)
Postal MTASelf-hosted SMTP delivery (open-source, on Kamatera)US-TXIn-flight email content (transient)

Need a DPA, SOC 2, or custom security review?

We're happy to walk through architecture in detail, sign DPAs, share questionnaires, and accommodate enterprise security needs.

Talk to security →