[avmich]

So this doesn't unfortunately work with a man in the middle?

That is, how email exchange can be guaranteed to work properly, and MITM won't insert his email in the middle of the process?

[spekcular]

Yes, exactly. This is why real-world systems additionally include some kind of authentication protocol.

Reference: https://en.wikipedia.org/wiki/Man-in-the-middle_attack#Authe...

[boris1]

The check digits solve the MITM problem. You should compare them by another channel than email, such as text message. This is called "Short Authentication String" (SAS).