I’m in the process of ditching Gmail for another solution but I’m wary of the security implications in doing so. Notably in terms of scanning for malicious links or attachments. I came accross this reddit comment Reddit - The heart of the internet highlightling the fact that if it’s E2EE it cannot do so.
Does that means that if I switch for one of the 3 recommended email providers I will be more at risk in this area?
I don’t know what scanning features the recommended email providers provide if any, though I imagine it’s possible. With E2EE, no third party can do the scanning for you. In such cases, you would need to do the scanning yourself. In all cases, links contained in emails should be checked before clicking.
If you trust the sender not to send you malware or malicious links, there is nothing to worry about. In this case, E2EE usually means emails are signed, and the signatures provide protection: end-to-end cryptographic verifiability (integrity and authenticity) the email including links and attachments were not tampered with in transit by any email server or anything in between. When I use email I worry more when I receive attachments to emails that were not E2EE.
Edit to add: Even with the top 3 PG recommendations, realistically you won’t be using E2EE most of the time. Most people do not bother with PGP or Tuta’s encryption when using email.
You’d have to ask to be sure. It’s possible that they do client-side scanning of some sort, but I’m only aware of them providing optional hash-based malware detection in Proton Drive. Of course they also use spam filtering for their email service which helps filter out wide-net phishing/malware campaigns.
Assuming they’re unable to adequately scan for malicious files or URLs (which is still unknown to me), an important thing to consider is that you won’t really need it as much if you make good use of email aliasing. Ideally, every account and contact has their own unique email address which they use to contact you. You can then use that to help determine if you’re being contacted by someone legitimate or not, based on the nature of the email and their email address. If you used a particular alias for a video game, a “bank” emailing that alias doesn’t make sense and can be discarded.