Handling answers to encrypted mails better

I’m am part of a CERT team of a german university and we use Zammad for our ticket system. Naturally, we receive a decent amount of encrypted mails, it is great that Zammad supports S/MIME.

However, Zammad’s S/MIME implementation has a drawback: It allows answering encrypted mail without any encryption. This produces a significant risk of information leakage, especially as responding in a full-quote manner is Zammad’s default. The original email was probably encrypted for a reason and the body should not be exposed without encryption in an answer. It would therefore be great if Zammad had some kind of protection against this.

Thunderbird and Outlook solve this by enabling encryption by default, even if there is no available certificate for the receiver. If the mail is sent in this state, an error message is shown. This could be a feasible solution here.

An opt-in option to disallow replying to an encrypted mail without encryption altogether would also be a possibility.

This feature would help to protect against unintended information leakage for every user of Zammad’s S/MIME-Integration.