January 6, 2026
You’ve got mail… and a tunnel
Show HN: SMTP Tunnel – A SOCKS5 proxy disguised as email traffic to bypass DPI
Sneaking the internet through ‘fake emails’ has HN cheering and side-eyeing
TLDR: A new tool disguises internet traffic as email to dodge network snooping. The community is split: some applaud the clever trick, while others say mail is often blocked and question why not use HTTPS on port 443 instead—raising a practical vs. ingenious debate over real-world bypassing of censorship.
The newest “Show HN” claims it can smuggle your web traffic by disguising it as friendly email chatter. In simple terms: it makes your browsing look like normal mail, hoping to slip past deep packet inspection (DPI—think network bouncers) by mimicking a real mail server and encrypting everything with TLS. Community vibes? Split and spicy. Some are clapping—“Clever,” says one—arguing this trick could also work with other STARTTLS (email-starts-encrypted) services. Others throw shade fast: one skeptic notes SMTP (the mail protocol) is “probably the most filtered” thing on home internet, so hostile networks might just block or slow it to a crawl. The big debate: why not just hide traffic in HTTPS on port 443 like everyone else? One commenter questions exactly that, arguing a well-crafted 443 tunnel can look like regular web browsing anyway.
Cue jokes and memes: folks riffed on “You’ve got mail… and a secret tunnel,” and imagined offices where everyone’s “emailing Netflix.” Supporters love the multi-user setup and auto-reconnect; critics warn any surge of “email” volume could set off alarms. It’s classic HN drama: ingenious hack vs. practical roadblocks. The repo’s here if you want to peek under the hood: GitHub.
Key Points
- •SMTP Tunnel Proxy disguises TCP traffic as SMTP email sessions to bypass DPI, providing a local SOCKS5 proxy for applications.
- •Security uses STARTTLS to negotiate TLS 1.2+ encryption, with per-user pre-shared keys authenticated via HMAC-SHA256.
- •The handshake mimics real SMTP servers (e.g., Postfix), then switches to a binary streaming protocol for high-speed tunneling and supports multiplexing.
- •Deployment is streamlined via a one-line installer on a Linux VPS that configures TLS certificates, firewall, users, and a systemd service.
- •Clients are supported on Windows, Linux, and macOS, with easy launcher scripts, manual setup options, and detailed proxy configuration for browsers.