January 7, 2026

Inbox Wars: Postcards vs Padlocks

Article URL →HN comments →

Everything You Need to Know About Email Encryption in 2026

Furry blog says email is a postcard; commenters feud: use Signal, send PDFs, or fix the pipes

TLDR: A new explainer warns email is basically a postcard and points to fresh PGP flaws as proof encrypted email keeps stumbling. Commenters brawl over solutions: ditch email for Signal, send passworded PDFs, or trust big providers’ stricter delivery rules—turning it into a fix-it or replace-it showdown.

Forget math, bring receipts: a furry cryptography blog just called email a postcard, then dropped a gpg.fail bomb from Chaos Congress exposing holes in old-school PGP tools. The crowd went feral. Signal stans charged in first: hulitu cheered end-to-end chat because “no plaintext mode” means you can’t accidentally spill secrets. But instantly, a reality check—“We were talking about email”—cue record scratch.

Pragmatists piled on with hacks for the real world: jmclnx waved the office flag—just send password-protected PDFs, grandma can handle that. Purists winced, memeing “Why Johnny Can’t Encrypt” like it’s 2010. Meanwhile, infrastructure nerds disputed the doom: 3r7j6qzi9jvnve says big inboxes like Apple and Gmail increasingly dump messages that aren’t sent over encrypted pipes (TLS), so the mail truck isn’t open anymore.

Still, the thread’s villain is human error: the dreaded Reply All in the clear. The vibe is part tech autopsy, part group therapy. Key-signing parties were roasted as cosplay for cryptographers; FTP-with-zips got side-eye; and everyone agrees that email “security” dies the moment someone forgets a step. Verdict? Email encryption isn’t dead—just perpetually slipping on the same banana peel—while internet argues whether to fix the stairs or move to Signal. Yes, furry blog owned the room.

Key Points

  • Late-2025 disclosures revealed severe vulnerabilities in GnuPG/OpenPGP, published at gpg.fail, reigniting debate on encrypted email.
  • The article argues that cryptographers and security engineers have largely abandoned efforts to make encrypted email practical.
  • Legacy standards like PGP and S/MIME face both security and usability challenges, exemplified by EFAIL and usability research.
  • Common human-error failure modes (e.g., plaintext “Reply All”) can negate the benefits of encrypted email, even with correct setup.
  • Despite needs for confidentiality, many organizations in 2026 still use FTP to exchange encrypted ZIP files as a workaround.

Hottest takes

“there is no plaintext mode to accidentally use” — hulitu
“just send out an attachment with an encrypted pdf” — jmclnx
“Major players like apple now automatically trash mail … without TLS” — 3r7j6qzi9jvnve

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.