[laughing_man]

Getting from here to there is going to be tough, but I agree 100%. Not only should email be E2EE, but it should include a certificate scheme such that you know the person purporting to be the sender is actually the sender.

[wvh]

PGP had the right idea, but the system is too hard for the average person.

With "system" I refer to building a web (or multiple!) of trust, based on parameters that you decide upon.

[fc417fc802]

Given that the cryptography would necessarily be asymmetric verifying the sender on a TOFU basis seems like a trivial addition (just sign something). I doubt you can do better than TOFU though unless you tie it to an external ID system (corporate or government or etc issued hardware tokens or similar).