An interesting perspective on "encrypted email" in this article. It is not so much concerned with the strength of encryption, but with the systemic insecurity inherent to the system of email as a by-default open and interoperable system:
You can reasonably want email to be secure. Pray for a true peace in space! And we don’t object to email security features, like hop-by-hop TLS encryption and MTA-STS, that make the system more resistant to dragnet surveillance. But email cannot promise security, and so shouldn’t pretend to offer it. We need clarity about what kinds of systems are worthy of carrying secrets and which aren’t, or we end up with expert-run news publications with mail spools full of archived messages, many presumably from sources, along with a roadmap to all the people who sent those messages and upon whose operational security competence their safety depends. And that’s the best case.
In a nutshell, the argument is that email has so many points of failure (from accidental "unencrypted reply" to no control over archived copies on the receiving end etc.) that "encrypting" messages suggests a security that isn't there.
Reminds me a bit of the "private browsing" mode in web browsers that may also suggest more security than it actually provides:
DuckDuckGo, the provider of a search engine that doesn't track its users (see my earlier blog post), did a study about how users believe the "Private browsing" feature of their browser works:
Despite Private Browsing being one of the most commonly known and used privacy features, we find that most people misunderstand the privacy protections it provides.
Once again a reminder* how the digital literacy of the average user may be at a far lower level than commonly anticipated in design processes.
(*even when taken with the proverbial grain of salt, given the marketing-related motivation and methodological limitations mentioned in the PDF)
via WDRL