EFAIL: how to detect you are being attacked?

In an earlier blog, we discussed some implications of the newly found EFAIL attack on PGP and S/MIME. We concluded that CipherMail gateway was not directly vulnerable because the gateway does not load remote content from the email. The email only gets decrypted, validated and then forwarded.

The EFAIL paper describes two types of attack. The "Direct exfiltration" attack and the "Generic exfiltration" attack.