Unsecure
It still doesn't cure the flaw that email transport is still allowed in unencrypted format.
Sure you can send securely to your upstream server, but no guarantees after that.
On top of that there is no easy way to genuinely ID the sender. PGP is too tricky for many.
Had a good friend recently scammed by someone intercepting mail and she generously sent them $105k. Banks don't care because they are not at fault, and police don't have the resources to chase it.
Apparently, from a good friend at the pointy end of banking security, this is an increasing problem, house purchasing being a particular favourite with solicitors being intercepted.
Yes I'm sure the spooks don't want everyone using encrypted mail, hence the efforts on login security rather than transport security and ID authentication.
Something needs to change, badly.
Biting the hand that feeds IT
