Default approach of a firewall. When it doubt, block it. But IT has really outdone itself and grew to something that could be the largest threat to an open internet.
The same could happen to mail, where you can only use "certified provider" or you will just be filtered out. Spam and phishing are a problem, sure, but recent IT strategies are highly questionable in this regard.
Considering the landscape of spam, phishing, and malicious actors poking around what's your alternative solution to how firewall rules (and category lists generated and maintained by companies like Palo Alto) are currently applied? The IT side of things has limited tools (and budget) with which to control and secure the internal environment.
IMO there's also a failure of government here to both ensure an open internet and to come down on people abusing the system. A related example might be the phone spam calls everyone in the US gets - it's an administrative, legal, and regulatory problem, not a technical one.
My context may be a bit skewed though since I'm a sysadmin turned cybersecurity and I've seen the large numbers of people clicking on the absolute stupidest things. Given the "average" computer use that IT has to deal with I'm much more sympathetic to their plight.
but recent IT strategies are highly questionable in this regard.
I think it of as a result of high profile hacks. Either a company is hacked once and they go way overboard trying to ensure it doesn't happen again. Or, some high profile company gets hacked, some C*O's see it, overreact and decide they're not going to be next.
The same could happen to mail, where you can only use "certified provider" or you will just be filtered out. Spam and phishing are a problem, sure, but recent IT strategies are highly questionable in this regard.