Email Encryption Issues

The cluster discusses why email lacks end-to-end encryption, its inherent insecurity due to plaintext transit and interoperability needs, and challenges like PGP key management and protocol inertia.

📉 Falling 0.5x Security

4,981

Comments

Years Active

Top Authors

#4800

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

108

2012

186

2013

752

2014

398

2015

317

2016

331

2017

324

2018

370

2019

296

2020

396

2021

383

2022

293

2023

265

2024

155

2025

242

2026

Top Contributors

tptacek (101) upofadown (62) e12e (39) mike-cardwell (31) dane-pgp (30)

Keywords

e.g POP3 IM STLS MITM STS BONUS DNSSEC HTTPS MIME email encrypted encryption unencrypted emails server mail secure connection pgp

Sample Comments

drdaeman • May 15, 2015 • View on HN

What's the point if email's still plaintext in transit?

cmsj • Apr 12, 2013 • View on HN

Email isn't private unless it's encrypted :)

facepalm • Jan 1, 2017 • View on HN

Because encrypted email hasn't really worked out?

bitexploder • Jan 9, 2019 • View on HN

Because it is a giant pain in the rear. Email is never going to be an end to end secure protocol. Period. It’s never going to be transparent. S/MIME could have gotten the world there but email has too much inertia. Ultimately you have to figure out how to trust keys, that turns out to be the hard part. Use Signal.

potatoman22 • Mar 23, 2021 • View on HN

Emails aren't encrypted because they have to be interoperable.

gregjor • Apr 11, 2024 • View on HN

People rarely use encryption for email so it's not a top-level feature. If you want to communicate securely with someone use Signal or WhatsApp -- email is the wrong medium. You could send encrypted paper mail too, but that would be equally cumbersome. Choose a medium and tools that already support encryption. It's a bad fit for email, and so got relegated to the obscure settings because almost no one will use it.

sneak • Jan 27, 2024 • View on HN

Email isn’t end to end encrypted.

Ar-Curunir • Aug 29, 2020 • View on HN

lol yes, because signed and encrypted email hasn't been tried.

rgbrenner • Aug 9, 2013 • View on HN

email is not encrypted... they'll just have your hosting provider or ISP copy your email when it's received/sent

andreasvc • May 12, 2014 • View on HN

Uh no it's not perfectly secure because if you don't use e2e encryption you only get opportunistic TLS and you can't control whether your mail will be transported over unencrypted connections. Furthermore, the contents of the email arrives unencrypted at every mail server. So you're basically agreeing with exactly what I said ...