[emptysongglass]

I had to double take here because that just isn't true. I can't even remember when the last time was that I sent an email over the wire without encryption and if you're using one of the big free providers (most are) you can be absolutely certain those emails are encrypted at rest.

[jjav]

SMTP connections tend to be opportunistically encrypted, but intercepting the connection via MITM is much easier than for e.g. a HTTPS connection.

So while it's true that most SMTP connections are encrypted, that doesn't mean anything unless the endpoints are enforcing trust on each other which mostly they're not.

[orev]

The more we assume that everyone is using the big email providers, the more it becomes a reality. And everyone agrees that a centralized Internet controlled by only a few companies is one of the worst case scenarios.

I have no certainty at all that any of those free providers use encryption at rest. How would they mine the messages for data to sell? And, cloud compute is expensive, and disk encryption takes more CPU cycles. Why would they spend that money? SMTP connections are more visible so it makes sense to use that from a marketing standpoint.

[prash_murali21]

Yeah the big providers will not be encrypting at rest for sure. Even if so, the encryption keys would lie with the provider and not the end user, which kind of defeats the purpose.