How to fix email encryption

This probably sounds harsh, but I don’t believe it’s possible to build a good E2EE layer on top of an old protocol like SMTP. I believe it’s well explained in this article: Stop Using Encrypted Email

Ah, a “If everyone would just…” problem.

Using encrypted e-mail can be a tell. The pattern of to whom, when and how often — without reading any of the e-mail content — is enough to arouse suspicion

For a bit I used Actalis’s free S/MIME certificates, mainly for the “cool” factor of having the authenticated/verified badge when that would be funny/helpful.

I think that the asynchronous nature of email makes encryption/signatures a bit more difficult. I am not a cryptographer, but I couldn’t think of a simple scheme to have perfect forward secrecy in emails.

It’s frustrating that no one has solved this yet. I worked on an email CA product in 1998 and it had exactly the same obstacles with key and cert management. It’s hard enough for users to manage passwords and 2FA (not really their fault, the tech & infrastructure are terrible); imagine the nightmare of them losing their private keys on a regular basis.

Autocrypt is a decent standard

This would be potentially nice, but the big ones won’t play along. As usual.