Self-hosted, federated mail and identity -- secure by design.

Email is one of the internet's foundational technologies: federated, open, and owned by no one. We think it should stay that way. infodancer builds the infrastructure to make running your own mail and identity practical for small operators -- individuals, families, and small organizations who would rather not hand their communication to a large provider.

We write Go. We prefer simple, auditable code over clever code. Security is a design requirement, not a feature. We use standard protocols where they serve us, and we design new ones where they do not.

maildancer -- the mail server suite. SMTP, POP3, and IMAP, with privilege-separated delivery and retrieval, SPF/DKIM/DMARC, Redis-backed greylisting, and at-rest encryption. No network-facing process holds the keys to mail data, and no single process holds credentials for more than one user at a time. The former standalone daemons (smtpd, pop3d, imapd, session-manager, mail-deliver, mail-session, mail-remote, queue-manager, msgstore, auth, webadmin) were consolidated into this one module in 2026; their old repositories are archived with full history preserved.

Next-generation messaging -- two published wire protocols for end-to-end-encrypted mail, where the server never sees plaintext:

• scmp -- Secure Client Messaging Protocol (client to server). The client encrypts before handoff.
• sdmp -- Secure Domain Messaging Protocol (server to server). Sender stores, recipient pulls.

These are specifications meant for third-party implementation, not only our own.

Identity -- a three-tier OIDC stack: a leaf identity provider per mail domain, a federation broker (webauth), and a relying-party library (oidclient) for downstream apps. The website is always a dumb relying party; it never talks to an upstream directly.

Reusable libraries -- small, focused Go modules shared across our services and sites:

• oidclient -- OIDC relying-party library
• authz -- local role store and resolver (authorization decoupled from authentication)
• logging -- structured logging for Go services
• ui -- shared design tokens, CSS, and template partials

• Federated and open. No single owner, no lock-in.
• Secure by design. Privilege separation, encryption at rest and end-to-end, TLS required, no legacy footguns on by default.
• Reject early, never bounce. Validate during the protocol conversation, not after the fact.
• Correct before clever. Implement the protocol, test it, then optimize.
• Small operator first. Simple configuration, low operational burden.

Cross-cutting design documents -- the security model, at-rest encryption design, OIDC federation, queue design, and the next-gen protocol specs -- live in infodancer.

Active development, pre-1.0. Not yet production-ready for general use. Issues and pull requests welcome.