On Sat, Jan 01, 2022 at 12:03:32PM -0500, Keith Moore wrote:
> I think there's room to add mail encryption to SMTP. The protocol
> extensions can be worked out, and major MSPs would probably find them
> attractive to their customers. I believe that doing so would raise the bar
> for some kinds of attacks and malicious behavior. But there's no way to
> please everybody, and maybe no way to really provide the privacy that many
> of us would like to provide.
There are (multiple) mail encryption extensions to SMTP. Hop-by-hop
using TLS, end-to-end encryption/authentication using S/MIME,
end-to-end encryption/authentication using PGP, etc. Major MSP have
adopted some of these already (TLS and S/MIME integrity protection are
used by GMail, for example).
The real problem is the "no way to please everybody", which means that
these deployments are all optional and certainly not universal.
- Ted
