Skip to main content

Email

Email is the most universal Legacy Identity Provider (LIDP). It allows senders to zap users using standard internet email addresses.

Identifier Format

Emails must be rigorously normalized before hashing to ensure consistent ID generation across clients and providers.

  1. Stripped of leading/trailing whitespace.
  2. Fully lowercased.
  3. Depending on the IA's strictness, "plus-addressing" aliases (e.g., user+spam@gmail.com) may be resolved to the base address.
  • Raw Format: user@example.com
  • Resolved URI: email:user@example.com

Privacy Model: Hashed (Strict)

Email addresses are extremely sensitive Web2 identifiers. Zapf treats Email as a High Privacy identity.

The raw email address is never published in the content field of a Kind 35521 event. The d tag solely contains the SHA256 hash, meaning a user can only be discovered and zapped if the sender already knows their exact email address to compute the hash locally.

Verification Flow (OTP)

Identity Authorities verify Email ownership using a standard One-Time Password (OTP) flow. The IA sends a short-lived numeric or alphanumeric code to the user's inbox, and the user enters it to prove ownership.

No Evidence Sharing

[!WARNING] Because Email verification relies entirely on an ephemeral OTP flow controlled locally by the IA, it produces no portable Access Token.

This means that Evidence Sharing is impossible for Email identities. If a user proves their Email to zapf.app and receives an attestation, and later wants to use loki.ltd as their IA, they must execute a brand new OTP verification flow on the loki.ltd dashboard.

The s tag containing the Kind 35522 evidence event will still exist, but the evidence field within that attestation will generally be empty or null for Email identifiers.