unencrypted messages can be hijacked in transit and read or altered．if the mail is not digitally signed，you can’t be sure where it came from．
　　未加密的信息可能在传输中被截获、偷看或窜改。如果邮件不是数字签名的，你就不能肯定邮件是从哪里来的。
　　there are many options for securing e-mail，all with a few strengths and probably more weaknesses．
　　确保电子邮件的安全有多种选择，它们都有些长处，但有可能存在更多弱点。
　　let’s take care of the easy decisions．secure/multipurpose internet mail extensions(s/mime)should be the message encryption and digital signature format because it’s the accepted standard and is built into leading e-mail clients such as microsoft outlook 98/2000 and lotus notes r5．yet a standard such as s/mime only takes you so far．each vendor has implemented its own interpretation of s/mime，which makes interoperability problematic．this drawback is exacerbated by the emergence of s/mime version 3 in the newest e-mail clients，which again could create interoperability issues．
　　让我们先关注一下容易做的决定，安全/多用途因特网邮件扩展(s/mime)应该是信息加密和数字签名的格式，因为它是已被认可的标准，被做进了主要的电子邮件客户端软件中，如微软的outlook 98/2000和莲花公司的notes r5。迄今为止，你只能用s/mime一类的标准。每家供应商都有自己对s/mime的解释，这就引出 了互用性问题，最新的电子邮件客户端软件中s/mime三版的出现，加重了这个缺陷，它再次可能带来互用性问题。
　　the path of least resistance is to get an e-mail security gateway， which is analogous to a firewall for e-mail．every message going in or out pases through the gateway，allowing security policies to be enforced (where and when messages can be sent)，virus checking to be performed，and messages to be signed and encrypted． one drawback of the gateway approach is that it doesn’t provide user-based security．for example，the gateway encrypts outbound messages so recipients can verify they came from your company，but recipients can’t prove from whom they came．
　　阻力最小的道路就是采用电子邮件安全网关，它相当于电子邮件的防火墙。进出的每一条信息都要经过网关，网关可以实施安全政策(信息在何 时向何地发送)、执行病毒检查并给信息签名和加密。这种网关方法的一个缺陷就是它不 能提供基于用户的安全性。例如，网关对向外发的信息进行加密，因而接收方能验证它 们来自你的公司，但接收方不能证明它们来自哪个人。
　　client-based methods use your private key to sign messages(proving it came from you)，which is a more granular level of security，but they have weaknesses as well．they need to be configured on each desktop，which includes issuing a digital certificate to each user (for encryption and digital signature)，and ensuring that a proper security profile is configured within the e-mail client．
　　基于客户端的方法采用你私人密钥来签署信息(证明它出自于你)，这是更细化的安全等级，但它们也有弱点。它们需要配置到每个桌面系统，包括向每个用户发数字证书(用于加密和数字签名)，并确保在每个电子邮件客户端都配置了合适的安全配置文件。
　　there are also a number of web-based secure mail services that keep all messages within their environment at all times to ensure security．you use a secure site on the internet to compose a message．once you hit“send”，the site encrypts and stores the message on its site，and sends the recipient an e-mail notification that a secure message is waiting．the recipient links to the site， provides a shared secret for authentication，and accesses the message via secure sockets layer． unfortunately，this method does not work with existing enterprise e-mail systems．