How do you think compromises happen?
Email is the primary source of compromise for personal and enterprise machines, hands down. Sure, some businesses get whacked by injection vulnerabilities in their public web apps, and some places get pwned because they're using WEP on an enterprise access point -- those are slivers on the pie chart of compromise. By fixing attribution in email, users would not have to worry quite so much about having their machines compromised. The attackers would have to go back to the bad-old-days of attacking the machine instead of the user.
The solutions described in this article won't solve stupidity, but with the interweaving of attribution (by way of digital signatures) and monitoring the history a sender (by way of heuristic algorithms), email will be better. These technologies haven't been adopted because all the points in between source and destination have to use the same security standards and that is HARD TO COORDINATE. Plus, when something is working "well enough" admins are loathe to change it.
For all the people who say going back to text is the way to go... stop it. You're not thinking through the problem well enough. (I know that wasn't you, McMoo)
Biting the hand that feeds IT
