Openmsg was built as an alternative to email by someone who was fed up of spam. It is an open, cross-platform, decentralized messaging protocol that anyone can implement. All you need is a domain name and a database. Developers can build their own clients and servers in any programming language.

See:
Overview
Setup
Roadmap
Guides
References

The Openmsg protocol is designed from the ground up to be spam-free. One user cannot connect with another without explicit permission. For example, if user A wants to connect with user B, they need to know not only user B's Openmsg address but also possess a one-time passcode that was issued by user B. Without a valid passcode, any connection attempt will silently fail—user B won’t even be notified. That means: no spam messages, no spam requests, no noise. A Pass Code only needs to be provided once, after which the Users are connected and can exchange messages.

Openmsg is an open protocol — anyone is free to implement it. While most examples on this site use PHP and MySQL for simplicity, the protocol itself is platform-independent and can be implemented in any programming language of your choice.

The protocol is fully decentralized — there’s no central server or authority. Anyone with a domain name and a database can run their own server node, giving them complete control over their messaging system while still being able to communicate with others using the same protocol.

A key feature of the protocol is built-in end-to-end encryption. When two users first connect, they securely exchange both encryption keys and authorization codes for ongoing communication.

• Authorization codes verify permission to exchange messages between the users.
• Encryption keys ensure that all messages are encrypted end-to-end, keeping content private.

Each message is accompanied by a unique hash generated by the sender, based on the message content and timestamp. This allows the recipient’s server to verify that the message is authentic and recent. Once a message hash has been used, it cannot be reused, preventing replay attacks.

Openmsg is designed to prevent spoofed or forged messages—even in the event of an authorization code leak. If authorization codes are exposed in a data breach, they cannot be used by another server or domain to impersonate the original sender. This is because of a core security feature: When a message is received, the receiving server always verifies its authenticity by contacting the sender’s original server directly. The message is only accepted if the expected server confirms that it actually sent it. This ensures that even if someone has the correct authorization codes, they cannot spoof a message unless they are operating from the legitimate sender’s domain.

Setting up a server is simple—all you need is a database and a few files. You can setup the protocol on any domain in just a few steps:

• Set up the database tables (we provide PHP code to create the necessary tables in just a few clicks)
• Download the PHP files and upload to your server
• Tweak the configuration to match your server settings.

If you're not using PHP, the provided code can be used as a reference and easily adapted to any programming language. Infomormation packages are sent using cURL / JSON.

Take a look at the Overview and then the Setup guide
See Next: Overview