An interesting tidbit in the September Information Security Bulletin is the claim from MessageLabs that only .005% of the mail they saw in 2002 is encrypted, up from .003% in 2000. (MessageLabs is an outsourcing email anti-virus company.) At this thrilling rate of growth, it will be on the order of between 30 and 40 years before we see most email being encrypted. And about 10 years before we start to see any real hope of a "fax effect." Lets be sure to consider that the PGP model is working. After all, thats faster than the adoption of the, ummm, well, I'm sure someone can take comfort from it. Maybe even someone other than the eavesdroppers. Now, it may be that they have a unusual sampling because only a nutcase company would send all its email through a 3rd party processor. But I don't believe that to be true. Most companies send their email unencrypted through a single ISP. Messagelabs only has it slightly easier when it comes to eavesdropping. Last month, about 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted, and about 25% SSH encrypted to people on the same mail server, where POP and IMAP only function via SSH. I'd be interested to hear how often email content is protected by any form of crypto, including IPsec, Starttls, ssh delivery, or PGP or SMIME. There's probably an interesting paper in going out and looking at this. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume