Enigmail, and Not Signing by Default

5267337900_1156156de0_qA few weeks ago, I added Enigmail to Thunderbird for signing and encrypting mails. Most of the time, though, I don’t really feel a need to sign or encrypt mails (or have a need to decrypt or check signatures). For most folks, the GPG signature is just more noise — sort of like the footers that say “for the environment, please don’t print this message” or the useless legalese footers about “this email and any attachments to it may be confidential, blah blah blah.”

Not wanting to inflict that on people unnecessarily, I looked high and low in the Enigmail preferences to find a setting to turn signing off unless wanted. No dice. I looked in the general preferences for Thunderbird. Also no dice.

Finally, this morning, I tried googling it (again) and found what I was looking for… it’s in the per-account settings (of course).

Under “OpenPGP Security” un-check the “Sign non-encrypted messages by default” and all’s well. You can still sign when needed (for instance, if you’re sending a message to a project’s announce list about something security related, folks might want a signed message…) but won’t clutter up your emails with the GPG signature otherwise.

(Icon credit to Flick user Live4Soccer(L4S).)

3 thoughts on “Enigmail, and Not Signing by Default

  1. It’s probably worth noting that signing all of your mail not only adds trust to your key but also makes it less likely that someone could pass off a message as you without signing it. By not signing all of your mail you’re actually allowing people to use this as a feature. “He only sometimes signs his messages so this one is probably from him too.”

    Perhaps using GPG/MIME is a better solution?

      • FWIW, I do inline for $dayjob where it’s more of a norm and PGP/MIME (I may have mis-said that earlier) for personal stuff where it’s more unusual.

Leave a Reply

Your email address will not be published. Required fields are marked *