Client-side post-encrypt emails
Encrypt important emails locally or on an IMAP server using mutt (gnupg / openpgp)
2020-12-25
A few years ago I have moved out from googlemail for keeping my communications and online shopping transactions private. The provider of my main mailbox encrypts every incoming mail with openpgp on the server. In the same time, to keep the main mailbox clean, I am also using a few less important mail addresses for receiving and sending mails which do not need to reflect my official identity. For those less important mailboxes, I also own the domains in order to be provider-independent, in case if I would not accept the provider's user agreement or the provider locks me out for any reason (maybe just due to a trade war?).

There are some non-data-harvesting (at least what they claim) providers for low or no cost (like the blackfriday deals or zoho free-tier before 2018) which can be considered for the host of those less important mailboxes. Such providers are usually not in the country I am living and it will get complicated if sh*t happens. Therefore, I consider those mailboxes less trustable and do not store critical content there. Even in this situation, it is still worth to minimize the information leakage. For instance, the mail provider I am with or moving to can read or scan all history of my mail contents, or run any algorithm on my mail storage any time they want; a person guessed or cracked my login password can read all conversation details.

The fundamental trust problem does not need to be (neither can be) solved. However, an encryption of mails, even just from the client side, reduces the leak of the privacy at least in the situations mentioned above. Besides, copying these post-encrypted mails between IMAP servers does not reveal the mail body to the target server anymore. Time to merge the university emails during my bachelor/master from an offline backup (since the university accounts have been expired) to my current main IMAP box, so that they become searchable again.

I am using mutt since 2007. Its searching function, batch operations and customizability are much better than the others; while having all features, it is still simple and fast. Especially, it became the only acceptable mail client in the last 13 years whenever my PC hardware was outdated, on a remote machine or when a precise control of the mails is needed. Mutt has decrypt-save and decrypt-save commands, but no encryption of an existing mail is possible. After digging in GitHub, I found the script gpgit.pl by Mike Cardwell and modified it for my purpose. The mutt configuration is as follows: