In Macworld's July article on protecting email data they did not mention the easiest, free, and highly secure method of protecting email by using digital certificates. Apple's Mail tool, Entourage, Windows Outlook and many others, all allow you to use digital certificates to digitally sign and encrypt email. Thawte, a division of VeriSign, offers free personal email certificates. Their is no need to send a password by telephone, fax or iChat, all three being totally insecure unless you're using an encrypted iChat session with another dot Mac subscriber.
A digitally signed email accomplishes two things. One, it assures the recipient that the email is actually from the person owning the email address (not an email spoof or someone phishing). Two, it sends a public key contained in the digital certificate which allows the recipient to encrypt email sent to you. Once the two people exchange digitally signed emails, all email traffic between them can be encrypted without any effort at all.
Using Thawte's Web-of-Trust, or a similar service, you can get your email identity trusted, whereby a recipient can be assured that not only are you the owner of the email address, but that the email is actually from the person by name. If you receive a email that's a spoof, you it will know it right away because it won't be digitally signed, or the signature will be invalid. Even if you try to reply to the spoof's email, most likely the email client will inform you that it cannot encrypt the email to the untrusted email address.
[robg adds: We discussed Mail and self-created certificates in this hint.]
Mac OS X Hints
http://hints.macworld.com/article.php?story=20060622065236111