Some thoughts on PGPMailer

Here are a few thoughts on the PGPMailer, a contact for websites.

From reading the documentation, it looks like it uses GnuPG to encrypt the message on the server, before it sends it to the recipient (the contact form owner).

A couple of options for the contact form –

Issue: User awareness of security

If the contact form owner wants to communicate to the sender that their message will be sent securely this message could be added.

Option 1

pgpwebmailer-1

Option 2

pgpwebmailer-2

When I sent a test message to Samir, he replied with an encrypted mail. Since I did not have his public key, my mail client was unable to decrypt it –

Inbox_—_ei8fdb__227_messages__144_unread_

Issue: Recipient not knowing public key

If the contact form owner is going to send an encrypted reply, the sender may need to be informed about this so they can find the public key of the contact form owner.

Option 3

pgpwebmailer-with-pubkey-3

I hope this helps.