
Ask HN: Why big email providers don't sign the email? - ddalex
I completely understand the resistance of Gmail and the likes to full end-to-end email encryption.<p>What I don&#x27;t understand is the resistance of cryptographically sign the outbound email and discard incoming spoofed emails that don&#x27;t have proper signatures. This simple move would create a high barrier for phishing emails since they don&#x27;t have valid signatures for the organization that supposedly sent them.<p>Do you have any insight in this scheme ?
======
Piskvorrr
Signing without encryption is worse than useless by providing a false sense of
security (see e.g. [http://th.informatik.uni-
mannheim.de/people/lucks/HashCollis...](http://th.informatik.uni-
mannheim.de/people/lucks/HashCollisions/) , MD5 used as an example); and costs
to start signing are virtually identical to encrypt-and-sign (not just
financial costs to providers: most of all time-and-effort for everyone,
including users).

