I’m glad there are authorities out there (like Google) that act as gatekeepers and track the worthiness of senders. Without that, there would just be no way to close the floodgates. Is Google the best company for that? It’s definitely one of the good ones for that.
No, you can’t forge emails easily as you say. Maybe DMARC isn’t perfect, but it works just fine. Attacks that bypass that are done on misconfigured systems, so human error, which can happen with any tech, the one from this post included.
Yes email is an old tech, but let’s not pretend like it hasn’t evolved. It’s not perfect, but it generally works. I don’t think you need to go fully decentralized, but some steps to have more than a single authority could be positive.
I understand how public-private keys work, and I understand why you’d want one. I just think this implementation of a register is bad. Not from a security risk, from a use case point of view; it’s for all intent and purposes an email which if ever compromised is forever compromised and non reusable. It’s an email that’s unrecoverable so not usable in many companies.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It’s not recoverable and permanently compromised if ever it is.
Also, even if someone was trying to impersonate you, you wouldn’t know it unless the recipient told you (which could also be done today with DMARCs, albeit at a domain level not an email level)