Don't most mail providers use TLS encryption at least? Yes, this means your mail provider can read your mails but ...
That's also the case if you have a conversation with someone from another provider afaict.
For example, if a non-Proton user sends a mail to a Proton user, it also uses TLS but the mail is stored using "zero-access encryption". But if you send a message to them, it uses TLS encryption so their mail provider can read your mail:

Emails from Proton Mail users to non-Proton Mail users

  • End-to-end encrypted if the Password-protected Emails feature is selected.
  • Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over. This is not possible if you use Password-protected Emails, which enable Proton Mail’s end-to-end encryption.
So I think using SMTP for confidential data is just a lost battle.
Use other services.
Encrypted email is essentially harm-reductive. This is why when choosing a provider I just consider what the provider would do with my information rather than concerns about the email system itself. I have a big issue with Proton's marketing because of that, the way they explain it makes it appear like a perfect system when in fact you need to read in the lines or on privacy policies / support articles.
These posts, while focused on PGP (another annoying system I wish I could use less), It makes a lot of the points and problems 'encrypted' email providers have.
reply
100 sats \ 1 reply \ @ek 24 Jun 2023
LARP security
lol, but well said. "Encrypted mail services" give a false sense of security.
I think everyone using these mail services (and even paying for them) should read these articles
reply
I like to believe LARP security also boils down to having security that only exists to be shown off rather than having any major benefit. Kind of like Proton's entire "THE SECURE EMAIL™ BASED IN SWITZERLAND™" marketing shtick, and with PGP users showing off their keys everywhere.
As a customer, they're better as an alternative or ethical service - It's the closest bridge to mainstream email service that isn't completely piled on Google or Microsoft.
reply
Thanks for the articles!
reply