Secure traffic can still be sniffed by anyone who knows what they are doing by simply creating their own certificate to match "securitymail". Unless the internet standard changes, email will not be secure. Heck, even if the internet changes, I don't think it will get any more secure. The reason the banks use a phone or in person corespondence is because it is much easier to catch someone who is tapping your phone line or impersonating you than it is to catch someone who spoofed a certificate that you are foolish enough to accept. Plus, who would tap a phone line these days, when people are so vulnerable on the internet?

Re comment by timeelf. I would see this as a public/private key thing. Although packets can be sniffed, has anyone managed to crack PGP for instance?

I like the idea, and it wouldn't require the massive amounts of user education that have kept PKI from mattering for 15 years?

Bit of a chicken-and-egg problem with getting users and institutions, and you'll be a huge target, but might work.

http://s-mail.com/ among others offer essentially the same service.

In addition to s-mail, the product Freenigma (www.freenigma.com ) comes as a browser plug-in for Firefox which works with Yahoo!, Gmail, Hotmail and other webmail accounts.

Take a look and let me know if you envision "Security Email" to be significantly different, I would like to learn more.

I like the idea, but hate to say it my bank (and insurance company) has that already. I get a note saying I have a message ready. I log in and read it then reply etc. I have done a loan processing and a insurance claim this way.

Yeah, secure electronic mail has been done (within the existing email framework) via PGP. But its not used by everyone because no everyone uses it (chicken-and-egg). So I think with your idea you get the WORST of both worlds because you're proposing yet another standard for people to switch to (which would start with zero adopters). You'd be logging into Security Mail to check email from your bank and security minded pals, and your old email system to talk to everyone else.

If it doesn't exist, I'd think an encryption system that ties into gmail (so not even Google can read the mail) as a rich client would be the easiest way to expand the use of encrypted emails.

PGP has been around for mail forever, all kinds of security and authenticity options there, if your friends are geek enough to set it up to work with you.

There are all ready sites that offer anonymous and encrypted email. Also, this would still not be as secure.

In fact I tend to stay away from any online bank transactions. They all are not secure.

I'm not sure but I'm reading this differently than other commenters.

In this setup, the bank would actually log directly into the customers mail-server (https) and leave not as much as a mail but a note written directly from the Bank PC over standard secure SSL/H. That would be the same as when you log into your netbank-account to do transactions, where the "padlock" sign in your browser is "on".

Surely if people are confident with the "padlock" level, such mailnote-response could be a good thing. Exisiting mail-server software could add a mailnote-option at their log-in screen, making it easy to expand such a service.

It sounds counter-intuitive to let outsiders "log-in" to your own mail, but this is certainly possible to implement by mailserver-software access-levels.

A customer could write in the bank's feedback-form; "please respond securely by mailnote at 'www.mymailnoteserver-com/username' with onetime-accesscode '1234' " or similar.

I like this idea alot 4 points, and let me know if you need help :)

Best
Torgrot

I think the solutions should be sought not in https, but by using PGP/GPG encryption software. You could create a easy-to-use web interface for this which allows people to easily send encrypted e-mail, but this is largely what s-mail.com is currently offering.