Yes, unfortunately if the server that converts the plain text mails to some encrypted something (an smtp) is not in your control, you have trust involved. And it there is trust, you need reputation to have some "punishment". I would be gladly not having trust though. Maybe the other idea helps a bit, but I have to design that to see how it is possible.