Effective October 11, 2025, the marketplace has made PGP key submission and message signing mandatory for all vendor accounts. Previously, PGP was strongly encouraged but not technically enforced at the platform level — vendors could choose to communicate without encryption. This policy change closes that gap, ensuring every vendor on the platform uses cryptographic messaging.
Under the new system, vendors who have not submitted a verified PGP public key will have their listings automatically suspended until they complete the verification process. The verification requires generating a PGP key pair, uploading the public key to their vendor profile, and proving key ownership by signing a platform-generated challenge message with the corresponding private key.
For buyers, this change means that encryption of sensitive communications is now universally available for all vendors on the platform. The system flags unencrypted messages containing patterns resembling physical addresses and prompts users to encrypt before sending. According to forum reports, approximately 87 percent of existing vendors had already submitted PGP keys prior to the mandate, making the transition relatively smooth for most of the vendor community.
The policy was announced two weeks before taking effect, giving vendors adequate time to comply. For guidance on using PGP encryption for marketplace communications, visit our OPSEC guide.