I think you could still hack around it, but in a way that would make non-secure emails come across as gibberish to those that weren't using a special email client.
For subject line, locally you could encrypt it via the same key that you encrypt the message body, so that it would look like gibberish until the end client decrypted it.
For send time, nothing you can do there. If you wanted to hide the sender address, you could likewise obfuscate that by proxying based on a secret key, but at that point you need a custom email server.
I guess I'm thinking that it would be useful to have an email client can:
- do it's own custom security thing (probably not even on SMTP protocol) if the receiver is also using secure mail
- send a normal email if the receiver is not using secure mail
At that point, I'd guess you probably wouldn't call it "secure email" though :)
For subject line, locally you could encrypt it via the same key that you encrypt the message body, so that it would look like gibberish until the end client decrypted it.
For send time, nothing you can do there. If you wanted to hide the sender address, you could likewise obfuscate that by proxying based on a secret key, but at that point you need a custom email server.
I guess I'm thinking that it would be useful to have an email client can:
At that point, I'd guess you probably wouldn't call it "secure email" though :)