Everything You Need to Know About Email Encryption in 2026
4 months ago
- #encryption
- #privacy
- #email-security
- Emails are like digital postcards with zero confidentiality.
- Security vulnerabilities in PGP software were disclosed at gpg.fail in 2025.
- Email encryption is largely abandoned by cryptographers due to inherent flaws.
- Email is complex, involving store-and-forward messaging, identity anchoring, and mailing lists.
- SMTP lacks enforced TLS, and STARTTLS can be stripped by attackers.
- Encrypted email often fails due to user errors like unencrypted replies.
- Email metadata (subject lines, timestamps, etc.) is often sent in plaintext.
- DKIM provides non-repudiation, making emails verifiable but reducing privacy.
- Fixing email's privacy issues is a political, not technical, problem.
- Privacy tech companies like ProtonMail offer limited protection against sophisticated adversaries.