When receiving a mail with attached PGP key(s), KMail should ask the user to import those keys. Don't auto-import those keys! That would be a (small) security problem. But especially for inexperienced users it would be pretty helpful, if KMail would tell them that the attached file(s) are actually PGP keys and ask the user if they should be imported. And, to do it the totally right way, KMail should not just say: "There are PGP keys attached, should they be imported?" but KMail should ask (imagine a popup window) ======================================== There are the following PGP keys attached. Please give those keys a mark that you want to import: -------- [ ] john@example.com [x] alice@wonderland.net [x] bob@test.org [ ] eve@evil.tk -------- Cancel OK ======================================== Reproducible: Always