If a person gets fooled in responding to email from another account then I'm not sure they'll be protected by pgp. What's really needed is for email clients to clearly say who the email is from - is it a new account, have they got email from the same domain etc.
Yeah, it seems clients are lagging behind with this. Visually marking emails which are from new domains or addresses is a nice idea.
The From header should be much more prominent too.
For example, perhaps a user should be presented with the email address in large text and explicitly asked to “trust” it before viewing emails for that address (similar to SSH).
People would probably get fatigued of that and click through though, of course (similar to SSH... although it’s much easier to quickly check whether an email address is as expected compared to a SSH fingerprint).
The client doesn't have to implement it, you can write a plugin for most clients and charge $$$ for businesses to install it. The fact that it's not been done yet is just a missed business opportunity.
