No point in signing the mail if no one verifies it.

It’s pretty common knowledge that I tend to be something of a nut about security.

For the past several years, I’ve been using GnuPG to cryptographically sign all of my outgoing email. The digital signature was attached to every outgoing message, as a way of verifying that I was the one who originally wrote the message. Adding GnuPG support to my emails wasn’t hard; mutt had GnuPG support built-in, while Mozilla Thunderbird could get support via the Enigmail extension. However, after using it for several years, I decided this weekend to stop automatically signing all outgoing email.

The first reason for doing so is the fact that for a couple of years now, I’ve been accessing my email via my iPhone. It doesn’t support GnuPG or any sort of PGP natively, so of course I wouldn’t be able to send out signed emails. The second – and more important – reason is the fact that really… outside of me, no one cares. Most people I know use either a webmail of some sorts or Outlook to access their email, so to them my digital signature looks like a weird text attachment. They pretty much figure the message must have come from me anyway, and aren’t concerned about it. Also, most (if not all) emails aren’t even important enough to worry about signing; I’d been signing my emails pretty much out of sheer habit. For the most part, there isn’t anything that would require me to later on prove that I actually sent it.

So, I’ve decided to stop digitally signing my emails, so those friends of mine I do send emails to won’t have to wonder about those weird text attachments on them. For the most part, I’m sure they won’t care, and I really am not going to lose any sleep over it.

Though, I will admit, it’ll be nice not having to type in the encryption passphrase with every email sent anymore. :-)