Despite the frequent refrain that email is dead, it continues to be the most common method for controlling access to online accounts. Especially since most password resets are performed via email. This session presents case studies from PayPal that illustrate the current state of email security and discusses specific steps to harden email against abuse.