Since the transport is insecure, armor the message. See gpg (or the like) as one possible way to assist. It could be set up so that only a validly signed message from an allowed user can pass through.

I am not saying you have to go this route, just pointing out some weaknesses in the area of security, and this will probably be the last I say on this particular thread.

Unless I am wrong, gpg protects the content of the mail, the so called body not the header sometimes called the envelope. Accordingly all header fields can be spoofed. Just imagine I spoof the Reply To: field of a mail. Depending on the case, you would respond to me and not to the sender of the email. Gpg will not protect you against this. It will just prevent me to read the message.

My best knowledge of this matter is: IPV6 is designed to protect email traffic. It supports encryption and certificates at protocol layer level. Unfortunately the only implementation of IPV6 I have seen until now are at Internet-backbone level. Most of the mail server still use IPV4 and do not implement encryption and certificates for a simple reason: you partially close your inbox if you do and so you might miss some emails of potential clients.

The best medicine against depression is a cold beer!

No, GPG does more than that.

By using public/private keys, GPG is able to tell who the message is actually from (assuming private keys were not stolen). The incoming message would be signed (encryption of the message isn't necessary) by the user's private key, and you'd then use that person's public key to verify that it was actually sent by that person.

Thus, by using GPG, you don't need to implicitly trust the headers, you can verify if the header has been spoofed or not.

-Scott