I am not intimately familiar with the finances of PayPal, Google, Facebook, or Amazon.com, but I suspect they may be able to afford an S/MIME certificate. Perhaps even two or three!

> Webmail (which a lot of people use) is also not ideal for dealing with certicates. You more or less have to trust the mail provider with your private keys. There are just countless attack vectors.

You are already trusting the email provider with everything. What's so bad with trusting them to verify a signature, too?

We're not communicating state secrets over encrypted email here; we're just verifying the signature on "PayPal sent you a message, click here to view it"-kind of emails.

But the signature doesn't tell you the sender is the org they claim to be, because how would the verification system know who the sender says they are?

In my country anyone can get a free certificate from the Royal Mint. But few people uses them for email due to lack of support from webmail providers, as you say.

Which country is this and do you have a link? sounds interesting.

Spain, here's the website of the Royal Mint, some of it is in English: https://www.sede.fnmt.gob.es/en/certificados/persona-fisica

In addition there's the ID card which is issued to every citizen and has certificates embedded (also accessible through NFC): https://www.dnielectronico.es/PortalDNIe/PRF1_Cons02.action?...

And finally your regional government may have a CA that offers citizen certificates as well, in my case: https://www.accv.es/ciudadanos/

As you see, there's no excuse for not having one!

That is awesome!