Most of the secure email programs use public key encryption. The receiver posts their encryption key somewhere public, somewhere that potential senders can locate it. The sender uses that key to encrypt the message, thus ensuring that only the receiver can decrypt it.
This works fairly well, but has the disadvantage that if your receiver isn't using a secure email program, or doesn't have a posted public key, you can't send encrypted mail to them.
Authentication is not a problem for secure email - provided the receiver has kept their private key secure, noone can easily decrypt the transmission.