Skip to content

Instantly share code, notes, and snippets.

@itsuki-hayashi

itsuki-hayashi/proton-mail-enforce-pgp.sieve

Last active January 24, 2025 00:40
Show Gist options
  • Save itsuki-hayashi/8b33adfdde43970322d224874155d45a to your computer and use it in GitHub Desktop.
Save itsuki-hayashi/8b33adfdde43970322d224874155d45a to your computer and use it in GitHub Desktop.
Download ZIP
Proton Mail Sieve to enforce PGP encryption on all incoming emails
Raw
proton-mail-enforce-pgp.sieve
require ["reject", "imap4flags", "envelope", "extlists"];
if anyof (
# Domains for our addresses that we don't want to receive unencrypted emails.
envelope :domain "to" "protonmail.com",
envelope :domain "to" "proton.me",
envelope :domain "to" "pm.me",
envelope :domain "to" "protonmail.ch"
) {
if allof (
# Reject unencrypted emails.
not header :matches "X-Pm-Content-Encryption" "end-to-end",
# Whitelist emails from my own addresses
not header :list "from" ":addrbook:myself",
# Whitelist emails in my allow list
not header :list "from" ":incomingdefaults:inbox",
# Whitelist emails in my contacts
not header :list "from" ":addrbook:personal",
# Whitelist emails in my organization's contacts
not header :list "from" ":addrbook:organization",
# As this sieve script will check your whitelist a.k.a ":incomingdefaults:inbox", you can mark domain as `Not Spam` which will whitelist the domain and all its subdomains.
# For example, whitelist apple.com will also allow you to receive non-PGP encrypted emails from @email.apple.com and @id.apple.com, however not including emails from @itunes.com.
) {
reject "Sorry, this email address only accepts PGP-encrypted emails. You can use Proton Mail (https://proton.me) or refer to the following link on how to use GnuPG to encrypt your email: https://ssd.eff.org/en/module-categories/tool-guides";
}
}
@D0LLYNH0
Copy link

D0LLYNH0 commented Jan 24, 2025
edited
Loading 

require ["envelope", "extlists", "reject"];

if allof (
  # Domains for our addresses that we don't want to receive unencrypted emails
  envelope :domain :is "To" [
    "pm.me",
    "proton.me",
    "protonmail.ch",
    "protonmail.com"
  ],
  allof (
    # Reject unencrypted emails
    not header :is "X-Pm-Content-Encryption" "end-to-end",
    # Check my email whitelists
    not address :all :list "From" [
      ":addrbook:myself",       # Whitelist emails from my own addresses
      ":addrbook:personal",     # Whitelist emails in my contacts
      ":addrbook:organization", # Whitelist emails in my organization's contacts
      ":incomingdefaults:inbox" # Whitelist emails in my allow list
    ]
    # As this sieve script will check your whitelist a.k.a ":incomingdefaults:inbox", you can mark domain as `Not Spam` which will whitelist the domain and all its subdomains.
    # For example, whitelist apple.com will also allow you to receive non-PGP encrypted emails from @email.apple.com and @id.apple.com, however not including emails from @itunes.com.
  )
) {
  reject "Sorry, this email address only accepts PGP-encrypted emails. You can use Proton Mail (https://proton.me) or refer to the following link on how to use GnuPG to encrypt your email: https://ssd.eff.org/en/module-categories/tool-guides";
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment