A primary and persistent drawback of native email encryption is the lack of interoperability. Email ecosystems are fragmented, with different vendors and software packages implementing various encryption standards (e.g., S/MIME, OpenPGP) or proprietary, closed-system methods. For encryption to function, both the sender and the recipient must use compatible systems. If a user on a platform using one encryption method sends a message to a user on a different, incompatible platform, they cannot communicate securely. This requirement for a shared standard or vendor "domain" severely limits the universal applicability and seamless use of email encryption, creating a significant barrier to widespread adoption.

A. Most modern email encryption standards, such as S/MIME and PGP, are specifically designed to encrypt the entire message payload, which includes any attachments.

C. Current email encryption standards and their implementations support robust, industry-accepted algorithms and key lengths (e.g., AES-256, RSA-4096), which are considered sufficient.

D. While not universal, many enterprise-focused email encryption solutions incorporate key recovery or key escrow mechanisms as a critical feature to prevent data loss.

---

1. National Institute of Standards and Technology (NIST) Special Publication 800-45 Version 2

Guidelines on Electronic Mail Security.

Reference: Section 3.4

"Interoperability

" page 16.

Quote: "Interoperability is a key issue for secure messaging. There are many different secure messaging standards and products available

and they are often incompatible. If two users wish to exchange secure mail

but their mail clients use different

incompatible security mechanisms

they will be unable to do so." This directly supports the chosen answer that lack of interoperability across product domains is a major drawback.

2. Ruoti

S.

O'Neill

J.

& Seamons

K. E. (2016). Why we need to rethink email encryption. In 2016 APWG Symposium on Electronic Crime Research (eCrime).

Reference: Section II.A

"The Network Effect".

Paraphrased Content: The paper explains that the value of a communication tool increases with the number of users. For email encryption

this "network effect" is a major hurdle. A user can only send an encrypted email to someone who also has a compatible encryption setup. This fragmentation and lack of a universal

interoperable standard means users often cannot communicate securely outside of their specific "domain" or group of users with compatible software.

3. Herzberg

A. (2017). A Threat Model for E-Mail End-to-End Encryption. Bar-Ilan University.

Reference: Section 2

"Background: E-mail and E2E Encryption

" page 3.

Paraphrased Content: The document discusses the two main standards for end-to-end email encryption

OpenPGP and S/MIME. It notes their different trust models and technical implementations

highlighting that they are not interoperable. This division in the ecosystem forces organizations and users to choose one standard

limiting their ability to communicate securely with those who have chosen the other

reinforcing the problem of non-interoperability across domains.