Most email encryption on the Internet is performative, done as a status signal or show of solidarity. Ordinary people don't exchange email messages that any powerful adversary would bother to read, and for those people, encrypted email is LARP security. It doesn't matter whether or not these emails are safe, which is why they're encrypted so shoddily. [...]
Every long term secret will eventually leak. [...] Different tools do better and worse jobs of forward secrecy, but nothing does worse than encrypted Internet email, which not only demands of users that they keep a single long-term key, but begs them to publish those keys in public ledgers. Every new device a user of these systems buys and every backup they take is another opportunity for total compromise. Users are encouraged to rotate their PGP keys in the same way that LARPers are encouraged to sharpen their play swords: not only does nobody do it, but the whole system would probably fall apart if everyone did.
Latacora: Stop Using Encrypted Email