So you're acting as a trusted party to get delivery confirmations from Google? What if Google doesn't confirm delivery, but you decide to write to the blockchain anyway?
Also, won't Google servers return a cryptographically verifiable delivery confirmation? If so, couldn't this be used as the delivery proof directly instead?
Yes, we integrate with Gmail and communicate via the official Gmail API.
We only receive response statuses and act accordingly. Moreover, we think it's important for this functionality to make sense to insert the hash corresponding to the integrity of the email, and so make possible for our customers to "prove" they have indeed sent an email with a specific body/subject/...
Well, doesn't that mean that the security model is based on you acting as trusted third party and relying on you to only write truthful data to the blockchain?
In other words, the delivery proof is not based on trusting the blockchain mechanics, its based on trusting Gmelius Ltd.
EDIT: reply to your last comment. The whole idea is to propose a "hybrid" architecture that bridges the gap between a centralized technology such as the Email with the benefits of a decentralized one, the blockchain.
This hybrid process implies you will need to trust parties at some points, e.g., Google and Gmelius. However, the point here is to offer a means to store in a robust way the trace that a specific email communication existed at a point in time, including its context/content.
Also, won't Google servers return a cryptographically verifiable delivery confirmation? If so, couldn't this be used as the delivery proof directly instead?