If you can't secure your email, why would you be surprised when your servers dissapop?

I understand that there should have been more layers beyond this and all, but really, what is the point if you're vulnerable across several OpSec levels?