Re: Nowhere to hide - re: content free emails
" what if email processing is outsourced to an organisation which has a financial interest in collating what drugs you are taking"
There's a simple answer to that. DON'T DO IT.
Apart from any immediate security issues there's the longer term one. If email purports to come from one organisation but actually comes from another you're training recipients to blindly trust that what it purports to be. In short, you're training them to be phished.
We really need to have signing as a required part of the email protocols. No wonder email isn't secure.