The sender would setup a unique password for a recipient user (or a secure email) that CANNOT be retrieved by email. The Passcode would be provided only via phone or in person. When the receiver receives a secure email, he/she clicks on the link and is asked for the unique passcode before the secure email can be viewed. Im suggesting this idea as the current system is not really secure as it relies on a trust factor. The sender is trusting that the recipients email account is not compromised, shared, or that it is receiving/sending emails via a secure protocol (TLS/SSL).