Peter N. M. Hansteen asks the question, "Does Your Email Provider Know What A "Joejob" Is?" in his blog and provides some data and discussion. He provides anecdotal evidence which seems to indicate that Google and possibly other mail service providers are either quite ignorant of history when it comes to email and spam, or are applying unsavory tactics to capture market dominance.
[Ed Note: I had to look up "joe job" to find out what it is. According to wikipedia:
A joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against them (see also e-mail spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages.
]
(Score: 1, Informative) by Anonymous Coward on Monday April 25 2016, @02:13AM
Except that every client on the planet, short of webmail, does S/MIME, which is GPG for grownups (the DOD uses it). Your smartphone can do S/MIME. kMail and Thunderbird did S/MIME since forever. Outlook, Apple Mail, hell even Alpine and Mutt do S/MIME. Nothing special about it, nothing needed beyond what you have, unless you're reading your mail on a webmail client, in which case your privacy was fucked from the start. Except for webmail, i.e. the power of Google's Gmail, there's absolutely no excuse for all mail not already being end-to-end clientside encrypted: the tech is already in place. Google is what's standing in the way.
(Score: 3, Interesting) by TheRaven on Monday April 25 2016, @08:35AM
The problem with S/MIME is similar to that of GPG. If you're using it for signing, it's trivial to strip the signature and then modify the message. How many users will notice that the signature is not there? Most mail clients have a UI that prominently displays when a signature is present (though I notice Apple Mail has made that less visible in recent versions), but when it's not present they display nothing. Unless you train users to actively look for the signature, it doesn't help. Ideally, mail clients should recognise senders and warn when you get messages from someone who normally signs mail but hasn't this time.
If you're using it for encryption, then you are back to the key distribution problem. You need to get the recipient's public key to be able to encrypt the message and that then ensures that no one other than the recipient can read it (so no mailing lists, for example - though it would be nice if the list software could have its own key pair for the list, decrypt and then encrypt with each list member's public key).
sudo mod me up
(Score: 0) by Anonymous Coward on Monday April 25 2016, @06:41PM
S/MIME already works with mailing lists. See https://www.sympa.org/manual/x509 [sympa.org].