The US government has released an update guide to securing email by way of the National Institute of Standards and Technology (NIST). This is the first time the guide has been updated in about ten years, and it's probably safe to say it's about time. The 81 page PDF draft document is available here.
Key among the pieces of advice comes the simple note: don't just use a username and password with unencrypted TCP for email. Those days are long gone and the approach is "strongly discouraged." If you're using IMAP or POP3, TLS is a must.
TheRegisterInstead, it's time to build out a cryptographic key management system (CKMS) and use keys to protect email sessions.