[jdabney]

Another question along the same lines is the question of email signing. As a sysadmin I receive large amounts of email asking me to change something on various systems and almost none of them are signed. How am I to know that the real person wants some configuration change or not? I see it as a big security problem. Doesn't mater how much I complain, no-one changes their ways.

[jodrellblank]

How are you to know I didn't sit at someone elses PC and send an email automatically signed as them?

[RK]

That usually requires your signing password, which, done securely, shouldn't stay in memory for more than a few minutes. Of course a lot of people probably just check the "remember indefinitely" box.