E-mail-based communications are not secure by default. When not properly secured by way of techniques like public key cryptography, messages can potentially be read, deleted, and modified by other users, and the identity of senders can easily be falsified. As such, e-mail security techniques like encryption and digital signatures should always be used to protect message contents and verify the identities of message senders. Keep the following points in mind when it comes to e-mail security:
Obtain and install a personal e-mail certificate.
Encrypt all sensitive messages using the recipient's public key.
Digitally sign all e-mail messages you send to prove your identity (and distribute your certificate and public key) to users you correspond with.
Always ensure that your private key is suitably protected.
Create and securely store a backup of your personal certificate and private key.
In cases where using a CA-based public key cryptographic system isn't viable, consider using alternative methods (like PGP) to protect your e-mail correspondence.