You don't want to be on the bleeding edge of cryptography; you want to be on the calm, boring and stuffy edge. [snip]
I'd absolutely agree with everything Bill said, but would add the following: Based on your question, what you're asking about is how to secure SMTP traffic. This doesn't really even equate to needing a current crypto reading list. Rather, what you need (in addition to hiring a professional) is a good understanding of the fundamentals of information security, of which cryptography is only one small part. (Bill hinted at this but I wanted to make sure it was very explicit.)
The classic reading list on crypto starts with Bruce Schneier's Applied Cryptography, plus however much of it's 1000+ item bibliography makes sense for you.
Still true today. However, for someone trying to gain an understanding of information security (risk assessment, threat analysis, countermeasures, etc.), his most recent book is probably more suitable (and equally indispensable). Anyone who doesn't *thoroughly* understand the principles outlined in _Secrets_and_Lies_ is *not* a security professional. P.S. Get off the toad node. /jonathan