Email is an important attack vector. Now in the post-Snowden era that we all are discussing how to make computers more secure I think it's time to make crypto more useful.

On high security level systems it should be possible to disable the handling of such emails completely (OK except for showing the header data which isn't signed anyway) which do not have a valid PGP/MIME signature by a key which has been explicitly marked trustworthy for this security level (no matter if the email is encrypted or not). This may be done by creating a separate keyring and call gpg with --no-default-keyring or by checking the normal gpg result against a fingerprint whitelist.

Instead of the mail content a message like "The KMail configuration requires all emails to be signed by a key from the secure keys list. This email is not opened because it lacks a valid signature / has a correct signature but from a key which is not on the secure keys list."

Such a configuration probably makes sense only as a global option. But it may make sense to have a secure keys list per mailbox.

This may be a nice feature from the admin perspective (even more if the user cannot disable it and cannot modify the secure keys list) because it limits the users possibilities to make mistakes. These signatures could also be made by antivirus software so this feature could as a side effect ensure that only such email is read which has been checked.

Reproducible: Always