[bjpbakker]

> the author prefers dubious advantages to real improved security

Encrypting the data transfer doesn’t improve any of the HTML email security issues. So I fail to see how that would be “real improved security”.

But I do share the authors sentiment on the failure to not using open standards of both Protonmail and Tutanota. So maybe I’m biased.

[knd775]

The data in a protonmail account is encrypted with your own key. How is protonmail supposed to encrypt an email if they receive it unencrypted over SMTP?

[bjpbakker]

There are various ways. One would be to use standard imap and decrypt the message on the client. Their bridge sort of does that but with proprietary protocol.

Either way, that has absolutely nothing to do with the security issues of html email. Eg phishing and tracking still works when you decrypt the message and open it.