E-mail has become an irreplaceable mean of communication in the era of Internet age. Yet, since the early days, when e-mails were exchanged as normal text files without any safety mechanism, safety and privacy has always been a crucial agenda for e-mail exchanges. This paper, with modern cryptography, would discuss an e-mail protocol for better safety and privacy, as one of the key issues for e-mail security is to assure the identity of the destined recipient. In such a forward secrecy protocol, PGP (pretty Good Privacy) encryption is not included because of its high system demand for calculation capacity, and instead of session keys, passwords play the main part of identity verification; so the protocol discussed here would be suitable for mobile devices. As for the security issue, such protocol would be built on discreet logarithms so that attackers do not have access to the user privacy in the public information. Secondary, there are more and more services that can be obtained from servers with easy access, which means such accesses are opened for attacked, such as user privacy, attacks and hacks on server, and consequently brought the disruption to such services. This paper would discuss an efficient key agreement protocol that requires the user to use password, or finger-print recognition system to obtain mutual authentication with the server, and the session key. For its security measure, this forward-secrecy protocol can resist against stolen-verifier attack, Denial of Service DoS, and known-key attack, so the users can obtain services from servers via the internet securely.