(I wrote this post for ReadWriteEnterprise, where I work. But I wanted to share it with you too.)

Well, this week marks the tenth anniversary of identity-based message encryption with more than a billion secure messages being exchanged annually, according to Voltage, one of the leaders in this space.

This is certainly a surprise. Who knew so many messages were being encrypted? Have you gotten an encrypted email in the past week? How about one that was digitally signed, so you knew for certain the sender’s identity? (like the one pictured below)

Okay, how about in the past year? Let’s see — I can remember just one. Yes, from one of the encrypted email vendors! Doesn’t count. I guess someone else is receiving more of my share of the bounty.

Encrypted email should be the norm, not the once-in-a-lifetime event. We all know that we should use it. Haven’t we all been schooled that sending emails is like having a post card plastered to the wall of your local coffee bar? Haven’t all the various exploits with stolen credit cards and easily guessed passwords of Sarah Palin’s Yahoo account been warning enough? Apparently not.

Well, we have come a long way, baby, to reach that billion burgers being served number. Back in March 1998, I penned this post from work that Marshall Rose and I did on our Internet Messaging epic book. We said:

The state of secure Internet email standards and products is best described as a sucking chest wound. Think that characterization is unprofessional? It is actually quite detached considering the amount of culpability enjoyed by the principals of the Internet’s secure email debacle. There are no technologies that are multi-vendor; interoperable; and, approved or endorsed by the Internet’s standardization body.

(If you want to jump into your wayback machine, here is the link to my column written back then.)

Rose, for those of you that don’t know him, was one of the authors of the POP protocol, among other Internet standards. He was one of the truly delightful characters that got this whole Internet thing going back in the days before others starting taking credit for its creation. (We won’t mention any names of former vice-presidents here.)

Things today are better

True, things have gotten better since then, at least from the technology side of the house. We have some standards, we have some multi-vendor interoperability, and we have some products that don’t require a PhD in cryptography to install and use (Voltage is one of them, RPost that I wrote about earlier this week is another, and Proofpoint, seen below, is a third, click to enlarge.)

But why is secure email still virtually unused to this day? I can think of five reasons:

First, plain Jane unencrypted email works mostly well for 99.9% of the time that we use it. Yes, people still hit “reply all” when they don’t mean to, and just this week a flustered PR flack tried to send me email at RWW.com, a domain that I have nothing to do with. And return receipts would be nice (Google is working on it). But most of the time messages go out over the pipes and Inter-tubes and arrive at the intended recipient.

Second, many IT admins are still under the mistaken impression that securing their email is either expensive, cumbersome, or requires a symmetric solution for both recipients and senders. None of these are true today, although they were for many years. I guess these admins didn’t get the message that all is well in email land now. Maybe because it was encrypted. Some products even have Outlook plug-ins like Mimecast as we are showing here, how much easier could it be, really?

Third, email is no longer the lifeblood of business communications that it once was, sad to say. (Hey, I wrote the book, I am allowed to mourn for a few more years.) More stuff get sent via text and IM or lives inside Facebook or internal social networks such as Yammer, SocialText et al. Email is, shall we put this delicately, too slow for the modern era. Of course, IM is even more insecure than email, and we won’t even get started with Facebook and security.

Fourth, spammers didn’t help matters either. More messages are spam than real, and most corporations would quickly fill those Intertubes up if they didn’t cut off spam at the source. Yes, some big wig spammers have been taken down, but there are many waiting in the wings, being trained in middle school it seems now in some former Soviet republic, to take their place.

Finally, much of our communications isn’t one-to-one anymore. Never gonna happen, the horse is out of that barn forever. We have group discussions and chat rooms: imagine trying to get all that parsed into a series of email messages? Why do I need to send an email when I can just click on the “like” button or send a smiley face and make my feelings known to my entire MyFaceTwitverse?

So celebrate the billion-man message march towards encryption, why not? And do share some of your favorite email memories: soon our children will be reading about this technology like they look upon phones with dials, faxes, and the pony express.

Have we reached the point where email’s influence over our electronic lives is waning? It is hard to imagine, especially for those of us who grew up in the minicomputer/PC era. For two generations,  email was the killer application. It delivered information reliably and within a few minutes.

But today the properties that made email so attractive for so long are now a liabiliity. “A few minutes” for a response is so last year, driven in no small part by texting and cell phone ubiquity. At the same time this was happening, wikis, blogs and social networks have begun to erode email’s document exchange role. The notion of sharing photos or a slide presentation using email attachments is becoming quaint.

Now, the Internets have gotten faster, and seconds matter. Amazon offers same-day deliveries in a few cities. Motorola’s new Cliq Android phone aggregates all your messages together. And email just can’t keep up.

Jessica Vascellaro’s WSJ article about “Why Email No Longer Rules” cites that more people are on Facebook and other social networking sites than use email (it is a questionable statistic, to be sure). She claims that email is losing out to the immediacy of the real-time nature of social networks feeds and presence-aware apps like Twitter. Even Instant Messaging isn’t instant or capable enough, since it was designed for one-to-one chats. Today, the real-time Internet means that conversations need to happen with multiple people and happen quickly. The fact that this constant stream of presence information is being collected and sold, eroding one of the few aspects of privacy we control is lost on this generation, apparently.

I asked my friend Dave Piscitello to help collaborate on this article, and we agreed to share our thoughts and come up with the overall piece.

We have begun to notice in the past month or so more of our network is responding to our respective publications – weekly email Web Informants and the SecuritySkeptic.com blog – via Facebook and not via email. Adapting to the needs of our audience, we have both begun “pushing” our publications using email, Friendfeed, Facebook, and occasionally Twitter. We’ve experimented with podcasting, webcasting, and video too.

This is admittedly a shotgun approach to publishing, and begs the question of which of these communications tools, if any, are the right one for publishing? It also begs whether any of these alone are sufficient, and if not, what combinations can be used effectively? More importantly, how do we measure influence and reach, given that people can reach our blogs, Tweetstreams and FaceLinkedNingSpace networks, text or IM us, or heaven forbid, actually speak to us using a phone!

We honestly don’t know for sure, but we asked ourselves some questions and share them here for you to consider for your situation:

If you send out a weekly email newsletter, is it better to have the CEO as a subscriber or have four or five direct reports on a subscriber list who will send the same email to the CEO to act on when we touch a topic near and dear? The former puts your name on the CEO’s radar *if* he makes time to read enough of your messages, while the latter puts the decision of what is near and dear in the hands of a (presumably trusted) underling.

Is it better to post something to our FaceLinkedNingSpace pages, because that post provides personal context, starts conversation that the rest of our friends can follow along and helps you steadily build an audience over time; to blog amid a topic-based community, where a your post may “go viral” on the blogosphere and get thousands of “one time” hits and trackbacks; or is it worth the effort to use blogging and social networks in combination by drawing the attention of your friends and followers to your blog via a post and URL from your social network pages?

Is the link you embed in a Tweet going to pull audiences to your content? If you get 10% clickthrough when the industry average is a couple of percent, what can you learn and leverage from that Tweet or all Tweeted content? Is the viral effect of reTweeting or Tweetstreaming useful in growing your audience or will you disenfranchise long time followers who have become accustomed to receiving email responses “in a few minutes”?

We have a lot more questions than these, and are still searching for ways to meet our individual needs and aspirations. We both agree on how to answer the question at the top of this post: we don’t think email is dying, it’s merely settling into the roles it was always best suited to play. Email is not being replaced entirely for notification, messaging, and collaboration by these other technologies, nor will any of the newcomer applications succeed email as the single killer application. For the moment, there *is* no killer application. We need to experiment more with the existing and emergent set of applications going forward to get a better handle how we all interact online.

In the meantime, please share your thoughts with us both, using whatever technology is appropriate.

If you are about to be unemployed, take a moment to follow Strom’s rules for appropriate email names:

1. Avoid use of Hotmail, MSN, AOL, Juno and Yahoo addresses. Get a Gmail address, or better yet, pony up the cash to get your own domain and let Google host your email for you. We are talking about $10 a year to do this properly, and the level of IT skills isn’t onerous to do so.

2. If you must use a free account, try to not use names that aren’t professional, such as ones that include cartoon characters, sexual or religious references, or other things that are best left to your personal side. This isn’t a matter of free expression or taste. Ideally, it should be some combination of your first and last name. Sometimes you might not realize what your name implies: one Kentucky woman was using “kygirl@aol.com” — stick with your name!

3. Pick something that is easy to hear and understand. If you have to spell it out when you are on the phone, use something else. You are going to be giving out your email address a lot, and this can get tiring.

4. Don’t use punctuation marks or numbers in your name. Why? See point #3. I know many corporate emails use dots or underscores, but that doesn’t mean you have to use them.

5. Make sure you use one address for all of your job-related activities: resume, Facebook, LinkedIn, Twitter, Monster, Craigslist, etc. Set up these services to send you notifications when people post messages on them, so you can stay up to date. Remember, it is your brand, or it will be soon enough. You don’t want to have to check lots of different email addresses during your search.

6. Speaking of checking email, please remember to do so at least twice a day. Respond to any inquiries quickly. You want to show that you are on top of things.

7. Start putting your connections (what some of us used to call our Rolodex) in your email address book. You just need first and last name, a title or some other thing to remember the contact by, a phone number and an email address. Gmail can auto-populate your address book to help things.

8. Remember that email addresses aren’t case-sensitive, so David@strom.com and david@strom.com and dAvId@Strom.com are all the same mailbox.

9. Put your email address on your own business cards, along with your phone, LinkedIn address, and other identifying information. You can get inexpensive but good looking cards printed at OvernightPrints.com, too.

Good luck with your job search!

 You probably know by now that any e-mail that isn’t encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience. So what are you doing to protect your company’s sensitive e-mail?

The right way is to encrypt e-mail messages in their entire path from sender to receiver. You also need to digitally sign them, to ensure that no one else has tampered with them in transit.

In today’s Computerworld, I review three solutions: Hush Communications’ Hushmail for Business, Voltage Security Inc.’s Voltage Secure Network and Connected Gateway and PGP Corp.’s Universal Server.