GpgOL: Unencrypted drafts on server even if draft encryption is on
Open, HighPublic

Description

Unencrypted drafts can be recovered by using the "recover recently deleted items" feature from Outlook / Exchange.

This can mean an unintended plaintext leak to the server when a user wants to encrypt and had added enabled draft encryption.
As we marked draft encryption as no longer experimental with GpgOL-2.4.6 this gets high priority.

Details

Further analysis shows that this only happens when async crypt is enabled.

So as a workaround users can enable the "Block Outlook during encrypt / sign" option.
Due to T4131 this is always the case when attachments are part of a mail. So this also only happens for mails without attachments.