The primary purpose of secure email is to avoid the disclosure of the message being transmitted. No one other than the intended recipient should be able to read the message. It is also important that the recipient can verify that the sender is who he says he is and that no one has tampered with the message.
In some cases, it is also desirable to hide from third parties the fact that messages are even being exchanged between two particular individuals.
Secure email should employed whenever confidential information is being exchanged. Examples include client-attorney and doctor-patient communications, and sensitive communications between business partners. Secure email is also a component in the fight against industrial espionage. In these examples only the content of the messages is private.
Secure email may also be required for discussion of senstive topics such as business mergers and acquisitions. In this case, even the fact that discussions are taking place is sensitive. An email system such Novo Ordo's NoName, that can thwart signal analysis should be used.
Several threats to your email privacy may exist:
Your emails may be read from your own computer.
Your emails may be read from your email server or the sender's server. If the email servers at either end belong to a corporation, the messages may be read by the IT staff and they are probably archived and saved for regulatory purposes. Archived email is routinely required to be produced during the discovery phase of legal proceedings.
Your emails may be counterfitted by someone pretending to be you. This might be done to get information or action from someone who trusts you or to damage your reputation. Likewise, you may receive counterfit emails.
Your emails may be intercepted during transmission. This suggests you are being watched by a hacker, a well funded organization or, a three letter agency.
For each threat above, there are one or more actions you can take to reduce your risk:
Control physical acess to your computer. Laptops are particularly vulnerable. However, desktops can be compromised by anyone with normal access to the room they sit in. They have also been tampered with by criminals and law enforcement agencies. Besides reading your emails, someone could install spyware, such as a keylogger, on your system.
The other precaution you should take is to use an email encryption system. Enigmail is freely available and integrates with many popular email clients. Once you receive encrypted email, if you store messages on your computer, only store them in their encrypted form.
In addition to encrypting your emails, also cryptographically sign them. (This is easier done than said.) This proves to the recipeint that your email has not been forged or tampered with.
Never use your corporate email account, or a free account, for sensitive messages. Your best bet is to use a special secure account on a special secure email server. See our products page for a partial list of commercial providers. Also see our services page for our own offerings in this area.
If you are concered with your government getting hold of your email, make sure you pick a server in a different (and not too friendly) legal jurisdiction.
If, in addition to keeping the message secret, you need to keep the communication secret, use a service that offers a remailer as an option for sending secure email. Remailers are normally used for anonymous email but are also good for obfuscating who you are communicating with.