Ever since I first dove down into the many protocol specifications of a typical email-setup. I noticed that there is very little (no) privacy, and (absolutely) no security.
Sure, most protocols can be “tunneled” through SSL/TLS in the Session and Presentation Layer. But how can you guarantee message integrity when it relays off to another server? In between datacenters and so on? And to think every message is stored in anything but cleartext, is wishful thinking.
Most clients support S/MIME, but is embarrassingly uncommon and terrible at presenting (attachment galore). GPG/PGP is in my opinion, albeit a little tricky, the ultimate privacy solution.
What about mobile clients you ask? One simple and very easy to use app for sending GPG/PGP signed email is Privacy PGP Messenger for iOS. It fetches the public key associated with the email address from a public keyserver (probably MIT), signs your message and uses your existing account in the Mail app to send.
It is generally recommended with GPG/PGP software that the private key associated with your email-address is kept Private. Preferably only one copy and stored offline. Therefore, this app is not a solution for Receiving signed email.
Happy Signing!
