Chad Perrin at TechRepublic has some excellent tips...
There is a lot of information out there about securing your email. Much of it is advanced, and doesn’t apply to the typical end user. The following is a short list of some important security tips that apply to all email users...
1. Never allow an email client to fully render HTML or XHTML emails without careful thought.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve email. This means avoiding the use of Web based email services such as GMail, Hotmail, and Yahoo! Mail for email you wish to keep private for any reason.
3. It is always a good idea to ensure that your email authentication process is encrypted, even if the email itself is not. (lazy man's email encryption)
4. Digitally sign your emails. As long as you observe good security practices with email in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of email, but it is still a possibility. (What is a digital signature?)
5. If, for some reason, you absolutely positively must access an email account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.
Be aware of both your virtual and physical surroundings when communicating via email. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.
Your email security does not just affect you; it affects others, as well, if your email account is compromised. (full article with greater tip detail)