Metadata-free communication

Email reimagined for a world
that stopped trusting email.

AfterMail routes every message through a five-hop mixnet, strips all identifying metadata, and delivers through a protocol that has never heard your name. Familiar interface. Zero trace.

Join the Waitlist How It Works
5 Mixnet hops per message
0 User identifiers stored
3 Independent protocol layers
Metadata ceiling — none.

The Problem

The architecture was
the promise.
Until it wasn't.

End-to-end encryption was supposed to be enough. It isn't. The message content is protected. Everything else — who sent it, when, from where, to whom, how often — is logged, analyzed, and in many jurisdictions, legally compelled.

The encryption got stronger. The gap didn't close.

  • ERR
    Metadata is the surveillance surface Your provider knows every person you communicate with, every timestamp, every device, every location. That record exists even when the message doesn't.
  • ERR
    Compliance means cooperation Encrypted providers comply with lawful requests and log exactly what's needed to respond. Proton disclosed 3,572 accounts in 2024. The encryption held. The institution didn't.
  • ERR
    The interface lies about the architecture Email looks like a private conversation. It behaves like a permanent, addressable, server-side record. The familiarity obscures the exposure.
  • ERR
    Privacy tools require abandoning email entirely Signal, SimpleX, Briar — they solve the problem but demand a new paradigm from the recipient. Friction is where security dies at adoption.

Three layers.
One surface.

AfterMail is not a privacy feature bolted onto an email client. It is a layered architecture — network anonymization, identifierless messaging, and a familiar interface — designed from the routing layer up. Each layer independently defeats a class of surveillance.

01 / NETWORK
Nym Mixnet

Traffic anonymization

Every packet is encrypted, padded to uniform size, and routed through five independent mix nodes before delivery. No single node knows both sender and destination. Timing correlation attacks — the method that breaks most private networks — are defeated at the packet level. Resistant to global passive adversaries.

Five-hop routing by default
Sphinx packet format — uniform size, timing destroyed
No node sees sender and destination simultaneously
No clearnet fallback
02 / MESSAGING
SimpleX Protocol

Identifierless delivery

SimpleX has no user IDs, no phone numbers, no email addresses. Connections are established via one-time invitation codes. Messages are delivered through disposable, single-direction queues. No global identifier connects your conversations to each other — or to you. XFTP extends these guarantees to file transfers.

No persistent user identifiers
One-time connection codes with disappearing context
Single-direction per-connection queues
End-to-end encryption on every queue
03 / PRODUCT
AfterMail Interface

Familiar by design

An email-familiar interface over the Nym and SimpleX stack. Compose, send, receive. Inbox, sent, archived. The cognitive model you already have — without the surveillance architecture beneath it. At-rest encryption via passphrase-derived keys with biometric surface, remote wipe, and multi-device sync routed entirely through Nym.

Email-familiar UX with zero legacy architecture
Passphrase-derived at-rest encryption, never transmitted
Biometric surface — Face ID / Touch ID
No server-side content storage

Access Tiers

Free
$0
No credit card. No trial period.

Full access to the AfterMail architecture. The security model does not degrade by tier. Every user gets five-hop routing and identifierless delivery.

  • Five-hop Nym mixnet routing
  • SimpleX identifierless delivery
  • Passphrase-derived at-rest encryption
  • Message storage limits apply
  • Single device
Join Waitlist
Pro
$12
Per month, billed annually.

Unlimited everything. For individuals and teams who need AfterMail as infrastructure, not a secondary channel.

  • Everything in Free
  • Unlimited message storage
  • Multi-device sync via Nym
  • XFTP file transfers with full guarantees
  • Priority routing
  • Remote wipe
Join Waitlist
Sovereign
Contract
Private deployment. Air-gap capable.

Private deployment for defense, government, and organizations where the infrastructure itself must be owned. FedRAMP-aligned. No shared nodes.

  • Private Nym node deployment
  • Air-gap capable configuration
  • DoD / FedRAMP-aligned architecture
  • Admin Active/Inactive control only — no message access
  • Custom SLA and dedicated support
Contact Us

Waitlist

Be among the first to communicate without a record.

AfterMail is in development. Join the waitlist to be notified at launch, receive early access, and help shape the product.

Your email is used once — to notify you. Then discarded.

Co-Founder

The architecture is built.
The team isn't.

AfterMail is looking for a technical co-founder with a background in distributed systems, cryptography, or defense/FedRAMP. The stack is defined. The thesis is published. What's needed is someone who has solved hard infrastructure problems at scale and wants to build something that matters.

hello@aftermail.co →

Read the thesis: "The Architecture Held. The Promise Didn't."
Published May 5, 2026 — reports.vordan.co

About

"The promise of private communication has always lived one layer above where the actual exposure occurs."
AfterMail was built on a specific observation: privacy tools kept improving their encryption while the surveillance surface — the metadata layer — went unaddressed. We built the architecture to address it.

Built by Vordan.
Grounded in the reporting.

Vordan is a practitioner-focused governance and accountability publication. Since April 2026, it has tracked the accountability gap across cybersecurity, AI governance, post-quantum cryptography, and digital sovereignty — written for the people building and defending systems.

AfterMail is Vordan's first product. It emerged directly from the reporting: months of documenting how privacy providers comply, how metadata becomes the exposure surface, and how architectural gaps survive policy fixes. The doctrine is Accountable by Design: governance built in before deployment, not retrofitted after failure. Applied to communication infrastructure, that doctrine produces AfterMail.

Founded by Dominick Costa, a New York-based GRC practitioner and operations leader with 20 years running systems at scale.

Read the Accountability Report →

Threat Model

Threat 01

Network traffic analysis

An adversary observing traffic correlates senders and recipients by timing and packet volume, even without reading content.

Mitigated — Nym mixnet
Threat 02

Server-side metadata logging

A provider logs who communicated with whom, when, from which IP, how often. Disclosed under legal compulsion.

Mitigated — SimpleX + Nym
Threat 03

Account-based identity linkage

User accounts tie communications to a real-world identity. A single legal request retrieves an entire history.

Mitigated — no accounts exist
Threat 04

Device seizure and recovery

Physical or remote access to a device allows recovery of messages, keys, and contact graphs.

Mitigated — passphrase keys + remote wipe
Threat 05

Global passive adversary

A state-level adversary observing all internet traffic simultaneously attempts correlation attacks at scale.

Mitigated — Nym timing destruction
Out of scope

Endpoint OS compromise

If the device running AfterMail is fully compromised at OS level, no communication layer can protect message content.

Out of scope — by design
Exposure surface Gmail / Outlook Proton Mail Signal AfterMail
Message content Exposed Protected Protected Protected
Sender / recipient identifiers Exposed Exposed Phone number None exist
Communication graph Exposed Exposed Phone numbers Not constructible
Timestamps and frequency Exposed Exposed Registration date Destroyed — Nym
IP address / location Exposed VPN mitigates Sealed sender Hidden — Nym routing
Network traffic analysis Vulnerable Vulnerable Vulnerable Defeated — mixnet
Legal compulsion disclosure Full metadata Account + IP metadata Registration + last seen Queue ID only

Contact

Get in touch.

For co-founder inquiries, early access, Sovereign tier discussions, or press — reach out directly.

Site aftermail.co Vordan reports.vordan.co LinkedIn linkedin.com/in/dominick-costa Email hello@aftermail.co

The Sovereign tier is
for organizations that
need to own the stack.

Private Nym node deployment. Air-gap capable. DoD and FedRAMP-aligned architecture. Admin controls limited to Active/Inactive — no message access at any level.

Sovereign tier discussions are handled directly and confidentially.

Start a conversation