i want to highlight a point made in jakob’s alertbox –

Security as default: …no email should exist in an unencrypted state unless it’s being read or written.

a hearty AMEN! from head to toe, email is badly designed, and it’s a shame that it’s been in use this long in its broken state. Was just listening about how the creator of the MTP (predecessor of SMTP) admits that email was not built with security in mind…and with (somewhat) good reason — back in the day, email was not nearly as ubiquitous as today, and its usage was, for the most part, not as “important” as it is today. There are folk who store extremely important, extremely sensitive info in emails. The transport isn’t encrypted by default, nor does it offer decent protection (without being an SMTP wiz) from UCE.

as far as the storage–on most standard systems (unix, MS i’m familiar with), it is not stored encrypted, it is not sent encrypted by default. To add encryption to a standard email client (on Windows, at least) is so stinking annoying and not worth many non-powerusers’ time. The more i think about this the more ridiculous it sounds, that email is in a bad state.

Yeah, I’m aware of “better” transports (although i don’t know of the ability of any publicly available ones that offer easy to configure filtering and encryption options), and better clients, but apparently they ain’t in place, ‘cos we have these virii spreading. what the deal?

i guess i shouldn’t expect much, though. at more than one of my previous jobs it was expected that people on my team have my personal login info. Coming from a Unix Sys Admin background, that just ain’t right.