Ability to Select Addresses for "Attach Public PGP Key"
The Attach Public PGP Key should allow you to select which addresses you attach the public key to. As a minimum, it should allow you to select at least 1 address to exclude from having the PGP key attached.
I use the "SimpleLogin" functionality with my proton account to generate random aliases in order to protect my email address. Whenever I reply to an email via the reverse alias the system adds my public PGP key giving away my true address.
If I could select which addresses had the key attached or, alternatively, could specify 1 "catch all address" for my reverse aliases that did not have the key attached that would help.
Thanks
![](https://secure.gravatar.com/avatar/9e37bd9480464bc520b3408466d9ab58?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
-
w6yx5 commented
I sign all outgoing mails by default, so for some exceptions (like the SimpleLogin alias addresses) I have to go into the settings and disable the option to sign my mails by default. Only then can I send my mails unsigned.... I also have to make sure that the PGP key is not sent in the attachments.
So the problem is:
-> PGP key is also sent (if activated in the settings)
-> Outgoing e-mail is signed with your own e-mail signature, which the recipient who receives the e-mail via the alias service can still see... -
stewSquared commented
At the very least, if Proton isn't giving us more functionality, it should warn or prevent us from accidentally doxxing ourselves with SimpleLogin.
-
stewSquared commented
I have multiple addresses and domains. For some of them, it doesn't make sense to automatically attach my public key or sign messages.
In particular, when I respond to a SimpleLogin reverse alias, I don't want to be attaching the public key with my mailbox address right in the filename. I'm sure people have already done that accidentally.
-
Golliwog commented
This is critical. Proton should be conducting extra checks (eg. like the email missing attachments feature) to check for leaked email addresses.