Email security is flawed, relying on outdated protocols like SMTP, which lacks encryption by default. Various solutions like STARTTLS, SMTPS, and end-to-end encryption via PGP and S/MIME attempt to improve security but face usability and trust issues. Authentication mechanisms (SPF, DKIM, DMARC) help but are vulnerable due to DNS weaknesses. The future calls for enhanced E2EE, adoption of DNSSEC, and overall improvements in protocols to strengthen email as a secure communication tool, moving away from its role in account recovery and toward focused communication purposes.
Email Security: Where We Are and What the Future Holds

