On the other hand, email is the single largest causes of cyber attacks.
The communication is not E2E encrypted (apart from a few GPG/SMIME users), no forward secrecy and barely any signature checks. Even if outlook, thunderbird maybe supports it, goodluck getting all the mobile versions to support it too.
The clients used to view emails suffer from the same problem with browsers so are subject to all the HTML/JS/CSS privacy attacks.
I wish all companies would move to something centralized solution where communication is guaranteed to only come from those within the same service. This way Sharon from HR won't open every link, download every crypto/ransomeware.
Maybe my IT could also save 150k a year by not having to send me phishing 'training' emails and instead deal with some decent forms of signature checking. Heck billions of dollars a year are wasted because of phishing, spam, crypto attacks because of email.
From my perspective, email is a shitty legacy tech from 1990s that should be moved to a modern solution that enables E2E encryption or signature checks at a minimum.
> I wish all companies would move to something centralized solution where communication is guaranteed to only come from those within the same service. This way Sharon from HR won't open every link, download every crypto/ransomeware.
It's totally possible to set up 'email' for intranet purposes only, using your own DNS setup, standards compliant smtpd and imap daemons over TLS. The persons using it just need to know it can't send or receive emails from outside of the organization.
The communication is not E2E encrypted (apart from a few GPG/SMIME users), no forward secrecy and barely any signature checks. Even if outlook, thunderbird maybe supports it, goodluck getting all the mobile versions to support it too.
The clients used to view emails suffer from the same problem with browsers so are subject to all the HTML/JS/CSS privacy attacks.
I wish all companies would move to something centralized solution where communication is guaranteed to only come from those within the same service. This way Sharon from HR won't open every link, download every crypto/ransomeware.
Maybe my IT could also save 150k a year by not having to send me phishing 'training' emails and instead deal with some decent forms of signature checking. Heck billions of dollars a year are wasted because of phishing, spam, crypto attacks because of email.
From my perspective, email is a shitty legacy tech from 1990s that should be moved to a modern solution that enables E2E encryption or signature checks at a minimum.