Comment on E-Mail with own domain
activistPnk@slrpnk.net 2 days agoPM’s apps perform the encryption on your own device because it’s your device that runs the apps. That is e2ee, but still only in the two scenarios I mention and even then it’s also vulnerable to targeted attack. PM could ship malcious j/s if it wanted (the likely case being to comply with a court order). It’s better if your own non-j/s FOSS MUA handles the crypto, which is actually easier if you don’t use PM.
If mailbox.org works the way anonaddy works, then that’s not e2ee. The msg payload is seen by the server that does the encryption, in the very least. The sender’s ESP would have already seen the msg.
berber@feddit.org 1 day ago
so in both cases, proton and mailbox, you have “less” snoopability, in the sense that they wouldn’t be able to snoop your stored mail retroactively. i am (in some sense naively) assuming “good” conditions here, such as that they don’t keep copies somewhere.
of course without actual e2ee there is always a way for a provider to snoop any incoming email if they wanted to.