Starting from a research paper of 2001, we show how OpenPGP encryption of emails is fundamentally broken. We show how an attacker can get hold of sensitive email content by tampering with email data that the user would expect to be protected. We apply this attack against PGP-enabled email addresses used to report vulnerabilities to software vendors – and we get more than 50% of the submitted reports. Based on currently available information, we believe that recent End-to-End secure email projects still suffer from these same known issues.