I'm using PGP with all my friends, as well as we have secured our normal SMTP transport with SMTPS and SSL certificate pinning. So everything is now double encrypted. Of course PGP key finger prints as well as SMTPS SSL fingerprints have been verified using alternate communication channel & personal verification. Many people think that SMTP is problematic, but SMTPS with certpin is actually quite good. Messages are only delivered over secure encrypted channel, and only to server which got right SSL cert. So even fake CA attacks won't help in this case, you'll need to have cert with exactly right fingerprint. Uh, yeah, don't use MD5 fingerprints.
