• Diotima@kbin.social
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    9 months ago

    Fair question!

    If an email address is being used for fraud, they don’t need to see the encrypted copy; they can see the copy sent out to other people from that address. So if I send you a message from my Protonmail to your Gmail, the following is true:

    Copy @ Protonmail: E2EE.
    Copy @ Gmail: NOT E2EE.

    There are other, circumstantial ways to tell as well. If you’re trying to scam people with DudeBro Cryptocurrency, you necessarily reveal the address you use when you send our your spam or scams. If I send malware from notactuallydiotima@proton.me, the proof that I sent the malware does not require you to see my server stored mail; you can just look at your own copy to see.

    Does that make sense?

      • baseless_discourse@mander.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        9 months ago

        Yes, the “to address” cannot be encrypted as it is necessary to deliver the mail, the “from address” are needed to send a notification when the “to address” doesn’t exist.

        Technically, the “from address” probably can be encrypted, like in signal; but I think it is required in the current email standard.

    • jkrtn
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Surely Proton also receives the mails in plaintext? There’s no E2EE about it. You have to take their word that they encrypt it and discard the plaintext data.