EFAIL is a set of attacks used to exploit vulnerabilities in email clients that decrypt and display PGP and
S/MIME encrypted messages by coercing them into sending the decrypted text of the emails to an
attacker. Properly implemented, Direct is NOT vulnerable. However, we recommend that if you are
exchanging with anyone outside of the DirectTrust Network, you will want to understand at a
reasonable depth how their implementation protects against EFAIL.
Click here to read the full statement.