Hi Gregg Bell,

Just email them and talk about the things which interest you. If the discussion turns to subjects you don't want to talk about, then don't. If they persist, then block them.

A point of perspective, I and my peers deal with email contacts from all over the world because we contract stuff to be built in China, or other parts of the world, plus we order components from all over the world.

I'll stick by my recommendation that e-mail encryption and/or digital signing is an appropriate solution – no matter what mail servers are involved in the exchange. Any SMTP e-mail will pass through an unknown number of "mail transfer agents" on its way from here to there – not just Yahoo and mail.ru, and any of them could both intercept the message, tamper with the message, or inject a fraudulent message.

SMTP is not, and was never designed to be, a secure communications protocol.

The only way to effectively prevent this is to secure the one-and-only thing that you can secure: "the message itself."

If you do this, then upon receipt "that message from your friend" is positively identified as actually having come from your friend. Furthermore, you know that it is, bit for bit, the exact message that your friend sent. (And this is true whether-or-not you decide to conceal your messages from prying eyes.)

All of my messages are digitally signed such that they can be verified using public keys that can be downloaded from any trusted key-server. And, all of the recipients with whom I converse with regularly by email – whether for business or pleasure – have done the same. Exactly once, so far, I received a truly forged message, and my software instantly recognized and quarantined it. (Although I do continue to periodically receive marketing messages from my dead aunt. )

The quarantine message didn't have to guess about the content: the message was unsigned.

It utterly baffles me why corporations have not routinely done the same thing, and why important web-mail clients such as Google Mail do not always provide this service. (So that, "that e-mail from Southwest Airlines" is verified to be "from Southwest Airlines, and intact.") Why https: is "the new normal," but this is not, is something that I simply do not comprehend. "We have the technology ..."

I don't have to "think about" the process of signing messages and checking message signatures – "it just happens, every time." Email clients for Windows, Linux, OS/X, Android and iPhone can very routinely provide this service ... using GPG and/or S/MIME ... so, why isn't this universal by now, given that it is every bit as important (if not more so) than securing web-pages?