While I agree pretty much entirely with everything you've expressed, there is another force in the world quietly chugging away to make sure that email privacy remains largely hypothetical...and that is: cloud computing. A lot of people have outsourced their mail service to cloud operations, so even if the mail servers on both ends do everything "right", which (to your point) might include a refusal to transmit messages unless an over-the-wire encryption method is agreed on, messages thus sent are available in plaintext on both sides of the transmission and thus can be inspected/collected/etc. at will by the operators of the cloud [1]. Or by anyone who's penetrated the cloud. Note that while use of PGP/similar to encrypt the message itself helps with this, that doesn't stop traffic analysis on either side of the transmission. ---rsk [1] Which includes the people working there and working for them, as well as the people working there and not working for them.