Resources
External references we trust for encrypted email — standards, independent analysis, and communities. Curated, not exhaustive.
Standards & Specifications
- RFC 9580 — OpenPGP
The current OpenPGP specification. The authoritative source behind PGP claims we make about email encryption.
#standards - DMARC.org
Primary reference for SPF/DKIM/DMARC anti-spoofing — the transport-layer side that complements message encryption.
#standards - EFF — Surveillance Self-Defense: Email
Clear, threat-model-driven guidance on PGP and email privacy. Aligns with our 'secure relative to a threat model' framing.
#guidance
Independent Analysis
- Privacy Guides — Email Services
Criteria-driven, vendor-neutral provider recommendations consistent with an architecture-first evaluation.
#analysis - Latacora — The PGP Problem
A well-argued critique of PGP's limitations. We cite it for an honest view of forward secrecy and metadata, not as a verdict.
#analysis - Internet.nl Mail Test
Independent checker for a domain's email security posture (SPF/DKIM/DMARC/TLS/MTA-STS).
#verification
Communities
- r/privacy
Broad privacy discussion including email. Cross-check provider claims against standards, not popularity.
#community - r/ProtonMail
Provider-specific behavior, PGP interop, and bridge/IMAP setup. Verify security advice against official docs.
#community - r/pgp
Focused PGP key-management and verification discussion for going beyond a managed provider.
#community