The very nature of the internet means that email is both insecure (easily forged by the unscrupulous) and public (easily read by anyone). We have all learned from the spammers and virus authors how easy it is to forge or fake an email. As to privacy, the rule I normally follow is to assume that all your emails will end up indexed and available on Google. There is an alternative that will keep your email both secure and private, a program called PGP which stands for Pretty Good Privacy. I sign all my e-mail with a PGP signature.
PGP is a secure public key encryption system that was created by Phil Zimmerman in 1991. It is the same software system that the US Computer Emergency Readiness Team (US-CERT) uses to sign their email alerts. The primary US source for the software is the PGP Corporation which follows Zimmerman's original open source model for the source code. They sell commercial versions of PGP and offer a freeware version for individual use. I use their PGP Personal Desktop. There is also an informal international site for PGP where you can download various versions for several different platforms. A GNU version is available as the GNU Privacy Guard (GnuPG). GNU software is all open source and is aimed primarily at the Unix/Linux world. The PGP community has formed The OpenPGP Alliance to support international (RFC 2440) PGP standards.
PGP can be used in two distinct ways, signatures and encryption. I normally use PGP to sign my email using my private key. If the recipient has PGP software and my public key they can verify that I was the sender and that the content is exactly what I sent including the time-date stamp. The signature cannot be forged. PGP can also be used to encrypt emails. This requires the recipient to have created and published their own public key. The sender encrypts the email using the recipient's public key. When the email is received the recipient uses their own private key to decrypt the messageb. Of course, once they have decrypted it they can save it and send it to the world. But that’s similar to the risk of having a letter you send Xeroxed by its recipient and distributed. At the moment PGP encryption cannot be broken, even by the NSA (which is why there was a ten-year battle by the Feds to prevent the software from being exported}. There is consensus within the international cryptographic community on the security of PGP.
My public key is available here or from a PGP Public Key Server such as the one at Massachusetts Institute of Technology. The properties of my key are:
Key ID: 0x0DDE5A7C Key Type: DH/DSS Created: 2/27/1998 Expires: Never Key Size: 2048/1024 Cypher: CAST Key fingerprint: 48B1 1153 7500 43A5 710F A5F4 57B6 FEB7 0DDE 5A7C UserID: flory@fdu.edu
You should verify that the key properties match these after you have downloaded the key. In particular, you should always verify the key's fingerprint.