Comment by emurlin

In this case, it's based on a per-user secret key and AES-256, which with some careful key and IV-derivation, allows you to have a deterministic (and reversible) address for any given domain name. The basic principle (applied to ids, which extends to domain names) is in this blog post: https://apeleg.com/blog/posts/2023/03/30/enumeration-timing-...

If you're willing / able to sacrifice reversibility, a more orthodox approach can be hash (or *MAC) based. For example, SHA-256(secret + domain-name). However, a key point of this project is attribution, to avoid the need of storing a large set of pre-generated addresses, for portability and for easy reverse aliases.

In terms of the actual SMTP bits, I'm currently relying on Cloudflare workers for receiving and delivering (just a nice and gratis API); however, extensibility within reason is a goal (in scope: provider-agnostic API; very probably not in scope: an SMTP client / server).