1. Introduction
Email security lacks transparency for users. If users do not employ end-to-end-encryption (with PGP or S/MIME), they normally do not know whether emails are transmitted protected or not [1]. This is due to the use of opportunistic transport encryption: The sending mail transfer agent (MTA) tries to establish a secure TLS connection to the receiving MTA using STARTTLS to protect the email to be transmitted. However, if anything goes wrong (e.g., if the receiving MTA does not support TLS or a MITM attacker downgrades the connection), the email is transmitted without any protection [2]. Around 90% of emails are transmitted TLS-protected via Gmail servers, according to Google [3], for example-leaving 10% to be transmitted unprotected. The problem with email security is that users do not know if their emails fall into the 90% or the 10%. [4]