Please make a PGP key for `support@` and `contact@`

[impurify]

Besides all of the other reasons to enable E2EE contact with support, a public key has many other practical uses. For example, in #262, I could’ve pinged @ScottPeterJohnson with the terse note, “The server rejects my mail to support with an SMTP 5yz status message saying to contact support,” and included in the public ticket a PGP-encrypted copy of a message that I can’t send to support@purelymail.

To authenticate the message, of course, I would sign it with the key that I already provided to support. PGP is not only about encryption! PGP-signed git commits help to protect the software supply chain and prevent horror stories; this is supported by Github. Many free software package managers automagically use GnuPG to verify the integrity of packages. On a low level, unnoticed by most users, the security of the entire Internet is dependent on PGP authentication.

All around, PGP is a good idea (when private keys are not exposed to Purelymail’s server—yikes, good call on that one).

With my thanks for running a service that focuses on Internet mail, I hope that you will reconsider this to take a stand for mail security—and to improve the flexibility of contact methods, in case a user can’t send mail!