When an e-mail arrive into a mailbox without GPG encryption the mail provide will have access to the content of that e-mail, however the processing of the e-mail is rarely real time, and mailbox content is also infrequently duplicated, hence having a GPG key being assigned to an account could be used to encrypt the content of the e-mail on the mail server itself, this way the convince of the synchronization remain functional, and post processing of the content is prevented. Implementation wise the e-mail filters and gpg module together can achieve the desired outcome in the following steps: - IMAP reports a new e-mail - Validate that there is a GPG key assigned to the account AND that e-mail is not GPG encrypted - Download the e-mail to client side - Encrypt the e-mail on for the key assigned for the account - Delete the original remote e-mail via IMAP - Upload the encrypted version of the e-mail Currently the same can be only achieved with having the gpg key both in TB and in OS level keystore, using external Add-on (FiltaQuilla) and a bunch of custom scripts and temp folders. My suggestion would be to include this into the core TB account specific "End-To-End Encryption" "Advance settings" section, as "Encrypt remote inbox" same way as the "Store draft messages in encrypted format". Thunderbird
... View more