Comment Adoption depends entirely on one's correspondents (Score 1) 601
The answer to the anonymous reader's first question is mercifully short: No, I don't encrypt my email, but I sign all email sent using my primary personal email address. Answering their second question requires greater detail, because it turns on how I and (more importantly) the people with whom I communicate use email.
I don't sign all email sent using any one of my personal email addresses (one mailbox with multiple aliases) because that would require issuing a unique certificate for each and every address. While that's possible, my PKI doesn't make it easy to create or manage that type and amount of keying material. (I'm not sure any PKI does.) I don't know if it's possible to include multiple email addresses in a single X.509 certificate, whether by directly including multiple email addresses in the certificate's DN or by some mechanism similar to the Subject Alternative Name extension, but even if it were, I add new email aliases to my personal email on a regular basis, which would require re-issuing my user certificate each time. Re-issuing my user certificate isn't practical, because to do it right, I think that I'd have to revoke the old version of the certificate even if I used the same keying material. I operate my own CA, so I wouldn't have to pay to re-issue the certificate (which would be the other way to solve this problem), but I wouldn't ask my correspondents to trust my CA certificate - too risky. Instead, each correspondent would have to decide (again, every time I add a new email alias) to trust my new certificate, which isn't really practical especially for correspondents who don't know me personally. I will cheerfully admit that signing my email is purely an intellectual exercise on my part because I doubt that any of my correspondents verify my digital signatures, never mind the fact that everyone I write on a regular basis uses web-based email clients that do not support S/MIME.
I don't encrypt my personal email because none of my correspondents publish certificates. I don't sign/encrypt my email at work even though my client issues its employees and contractors X.509 certificates, both because none of my correspondents outside the client publish certificates and because up until very recently I didn't have a smartcard reader (so I couldn't use the certificates that were issued to me). I can't sign/encrypt my corporate email because my employer doesn't issue certificates. Whenever one of my employers or clients has tried to deploy email encryption as part of a service provided to its customers, it's had to assume that almost none of its customers are even capable of standards-based email encryption (e.g., S/MIME), hence the proliferation of solutions like ZixMail.
I'd love it if I could encrypt every single bit of correspondence, but it just isn't practical.