Should I sign outgoing messages when contacts are not using OpenPGP?

We believe, signing emails by default is a good idea. Even though your contact may not be using OpenPGP (yet), adding a signature to your message will allow to verify if the message has been tampered with and check if it is indeed coming from you or an imposter.

Both aspects may not be obvious to a recipient unfamiliar with OpenPGP. But since a signature of a message will not vanish, integrity of the message as well as verifying who signed the message are possible at any giving later point in time, should the recipient decide to make use of secure email communication and install OpenPGP on their system.

To summarise, a signature adds value and trust to your messages and does no harm. Consider adding a disclaimer to your signed messages, to let your peers know, that if they want, they can verify your message:

This messages is OpenPGP signed. To verify the signature and integrity of this message, consider installing OpenPGP on your system.

GPG Mail not installed signed_email_no_GPG_Mail.png

GPG Mail installed signed_email_GPG_Mail.png