[earenndil]

See now, this is the part I don't get. Assuming that you don't encrypt your email with pgp (reasonable, if you're emailing someone who isn't very techy) and aren't emailing someone else who also uses protonmail, there's nothing stopping them from making an unencrypted copy of every email they receive.

[teekert]

The decryption only takes place on your local machine. Of course, you'd either have to check the source or, trust them. It very often comes down to trust.

[zeta0134]

I was trying to do some research to refute this claim, and my ignorance of email standards has once again reared its ugly head. I thought DKIM was for encryption, but it's apparently just for verification? Email is still primarily sent in the clear?

I'm at a loss. What a mess.

[simon_acca]

Email is not primarily sent in the clear these days, most providers implement SMTP over SSL/TLS, here you can find some nice stats of such traffic that passes trough google[0].

Of course this means that emails are only encrypted "in transit", that is, in the transmission from server to server, so you have to trust your provider.

On the contrary, PGP gives you end-to-end encryption, so you only have to trust your machine and your correspondent 's.

0: https://www.google.com/transparencyreport/saferemail/

[johnp_]

DKIM solves authenticity and integrity, but not privacy.

[DKnoll]

Domain Keys Identified Mail. ;)