Ask HN: Why big email providers don't sign the email?

3 points by ddalex ↗ HN
I completely understand the resistance of Gmail and the likes to full end-to-end email encryption.

What I don't understand is the resistance of cryptographically sign the outbound email and discard incoming spoofed emails that don't have proper signatures. This simple move would create a high barrier for phishing emails since they don't have valid signatures for the organization that supposedly sent them.

Do you have any insight in this scheme ?

1 comment

[ 2.9 ms ] story [ 18.0 ms ] thread
Signing without encryption is worse than useless by providing a false sense of security (see e.g. http://th.informatik.uni-mannheim.de/people/lucks/HashCollis... , MD5 used as an example); and costs to start signing are virtually identical to encrypt-and-sign (not just financial costs to providers: most of all time-and-effort for everyone, including users).