Since the first email message was sent nearly 40 years ago, people have acted as if email were secure while bemoaning the fact that it isn't. Despite decades of efforts and dozens of different kinds of countermeasures, all of the old problems persist to varying degrees: impersonated identities, eavesdropped content, sabotaged reliability, and email-based attacks. Yet we still find email far too useful to live without. In this talk I will review the history of email security threats and the various attempts at solutions and countermeasures, with a particular focus on why those countermeasures have almost universally failed to solve the problems. In a world where PGP and S/MIME have been available for over a decade, why are so few messages signed or encrypted, and what would it take to change the situation? Why have 15 years and untold millions of dollars failed to halt the spam and phishing problems? I will conclude with a discussion of the prospects for acceptable solutions in the future. New technologies and better educated users will help with some of the problems, as will more reasonable user expectations on the part of technologists. But I will also discuss those aspects of email security about which we must simply, and with apologies to Stanley Kubrick, "stop worrying and learn to love the mail bomb."