provided by: 
Originally published at Internet.comBy Kurt Seifried (seifried@securityportal.com) for SecurityPortal -----------------------------------
Email is probably my favorite Internet related service. It's also the one that causes me the most problems, with regard to security. People cannot live without email anymore. Email is probably the most convenient form of communication for most of us. It's an easy way to figure out whether the person you want to phone in Australia is awake or not. Email also allows us to easily send files, from simple text documents to spreadsheets - images to video clips. There are extremely few companies and organizations in the world that have an Internet connection but do not use email. Because of this, most Internet spam is now delivered by email, and more importantly, most viruses are now spread via email.
Why Email is Such a Pain
Email is such a pain because almost everyone online uses it, and the vast majority use Outlook or Outlook Express on a Microsoft platform, which has numerous security problems. Because of the lack of file permissions in Windows 9x, and the default permissions in NT and 2000, once an attacker gets code to execute on a target system, it can do pretty much anything. Add to this that most of the common mail packages (Outlook, Outlook Express, Netscape, Eudora, Pine, to name a few) have a substantial number of security holes (especially in older versions, which are all to common) that easily allow an attacker to send code that is run by the email client. The way users use email is also a problem. Very few people (almost none) sign email using PGP/GnuPG or X.509 certificates, and most users assume that if an email claims to have come from a friend, or from a recognizable email address, that it is legitimate and can be safely opened...
Read article at Internet.com site