Alright, This section is slightly less formal, being written by me, the webmaster. I'm going to assume a basic understanding of database structure and that’s about it. There is really no "secret sauce"... okay there is a little, but nothing earth shattering more like just clever. It works like this:

Standard - Quite simply that form itself sends the data through our mail server... The end.

I suppose I can elaborate since you probably want more info if you clicked on this link. If you noticed that the page name ends in .php instead of .htm, that is because when you click submit, the page can check the captcha code (those little four random letters), and then send the message.

The way to keep it anonymous was easy... do nothing. We could check and store the IP addresses of people using the site, but we don't. We could pull info on what browser they use, but why? We could save a list of the email addresses entered, but we don't want to. All that such "data-mining" would do would destroy confidence in the system, and make us a target for less reputable types who'd love another email list. The only data we gather is the domain name to which the email was sent. So in our database we have a table that says things like: @gmail.com - 8954, @yahoo.com - 15489.

Certified - Certified was a little more fun to write. If you've ever looked into other anonymous email providers you'd note several things. Most require a user name and password. And that user name and password are tied to your credit card which is charged monthly. *scratches head in confusion*. At this point I don't see how anyone can still feel confident about the anonymity of that system. But that's just me. That is from a securtity standpoint.

From an operational standpoint, when you send an eNote, and want a reply, there were several options. Some providers put hidden html tags; this raises the risk alert of the email and may hinder delivery. Others put a large piece of gibberish code at the bottom of the email with one of those "DON'T DELETE THIS" signs, that you have to hope that the person from whom you want the reply, doesn't use a browser like I do that automatically clears it. Still another method is to stick that same gibberish code in the subject line. But then you have the same issue, the person replying cannot modify the subject line. The funniest method is that of including a hyperlink in the bottom of the text, and demanding that the recipient click on it so that they can then enter some gibberish passwords in order to be able to reply to you.

We did something different. When the eNote is sent, we use the date time stamp and do some modification thereon, to form six letter characters. These get tacked on to the sending email, getting something like Certified_ABCDEFG@enote.com. Our database then has a table with just two columns, the new combination email we just created, and your reply email. This table is live for up to 21 days, or until your email is replied to, and then we purge the row. Using this method we don't require a user name or logon, we don't need your records permanently on file, and from the user standpoint... they merely have to click reply and type.

We know that there is always an inherent insecurity in systems like Certified eNote, because one wonders how it can truly be anonymous if its "stored somewhere". That is why our data is stored only for the life of the email, and in such a small table. It makes it easy to use some pretty monstrous encryption.

Forgot my eKey - For any of you that wonder how we can provide this service, it works as follows. When you purchase an eKey (currently only possible using paypal), you provide an email address, whether false or real. We created an entirely different table with a different encryption scheme, that merely stores the eKey and the email address entered. Should you lose your eKey we can return it to the email address that purchased it. This table is also purged when the eKey is used.

So in general, if any of you actually read all of that... in the process of sending and receiving the reply to your Certified eNote, we will store two pieces of data for the life of your transaction (ie, until they reply). In one table, your email address and your eKey, in another un-relatable table, your reply email address and the scramble Certified_XXXXXX@enote. When you've been replied to, or when 21 days rolls up, or when your eKey is used the data is purged accordingly.

In the future I'd love to make pretty little shiny flowcharts to explain all of this... but frankly I've been a little busy. I will get around to it, but for now, any questions can be sent to Customerservice@enote.com. Just put "How this Works?" in the subject line.

ENOTE.COM