Starting today, we're offering GPG signing for every email sent on LearntEmail. GPG is an email signing and encryption package, probably the defacto standard on the net. Other than Facebook, it is very hard to get marketing/application email sent in a way that is encrypted. But we're happy to change that.
PGP is the defacto standard for email encryption. There is lots of exciting development in the PGP ecosystem, from Keybase to clients like Mailpile. We're excited to be part of the PGP community.
PGP is pretty good, as per the name. Sure, some people have issues with PGP. But perfect is the enemy of good. It isn't good that pgp software is hard to use, or that pgp doesn't support forward secrecy. But it is good that we have protection for emails.
First, find the latest email you've gotten from LearntEmail. You can use the box below to get one sent to you:
Follow the instructions in the email, and you should find the "manage delivery" page:
There you can select your favourite option (sign or encrypt) and hit save. If you are selecting the encrypt mode, make sure to add a public key. You can copy and paste the output from the commandline:
$ gpg2 --export -a [email protected]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQINBFbXTo8BEAC5hDbWSAIZ6sHJHMsi5MVCg+NMDcoGukNVpoFPf5U/MfdbkFm2
...
CbxU7Eoqa5Xp823tb7qIAw==
=/xEI
-----END PGP PUBLIC KEY BLOCK-----
Then you're done! All future email send via any LearntEmail user will be encrypted or signed as per your preferences.
Make sure to note our public key is 7063 0DDE 9BAB 6342 FA58 A8C3 7033 B9B9 6CEA CDD3
or follow us on Keybase.
When we send encrypted email to you, we need to know your public keys. Currently, this means you need to copy and paste them into our "manage delivery" page
Sadly, linking an email address to a GPG key is hard! There is no way to publicly attest that you own an email, since email is not a publishing platform. This means that awesome tools Keybase can't support searching based on emails, since that would require us to trust Keybase isn't lying about what emails it received.
We use a simple solution to the problem at LearntEmail. We already deal with verifying email addresses on a daily basis; it is a core part of email marketing. We leverage that infrastructure to offer a way for you to upload keys. Easy and simple!
Email encryption is more and more important as we face threats from the likes of the NSA. Supporting GPG across our network is LerantEmail's first step towards making email encryption more accessible to everybody.
Every email should be sign or encrypted. Even marketing email.
I hope you enjoyed this article. Contact me if you have any thoughts or questions.
© 2015—2024 Sam Parkinson