Actually, I'd recommend having completely separate accounts for sudo (only used off-site in emergencies, otherwise on-site only), with RSA authentication only. Keep the email on a separate, private, non-privileged account.

--isotope
http://www.skylab.org/~isotope/