Comment by darkwater
5 months ago
How so? You get an email with a link from a GSuite user, you need to put your, I guess, own mail provider user and password and get redirected to a mini-gmail website where you can see the email sent, that can be blocked for copying or removed by the sender as admins can already do in GSuite?
What do you mean, how so?
This is a feature for the sending org, not the receiving org.
It's not something that could be done previously.
How can this be critical for compliance. It's not real E2EE because there are no keys exchanged, and when the other party downloads the attachment, it can be stolen almost the same way an email attachment could. It also open the doors to yet another phishing attack
I mean, it just is. I'm not the one coming up with compliance rules.
But it can't be intercepted with any kind of MITM, it can't be read in case of a data leak, and it can't be forwarded accidentally. These matter.
It doesn't matter if it's "true" E2EE (which has different requirements in enterprise anyways), or that the other party can still take a photo of the email or whatever. It still provides tangible benefits.
And it doesn't open up anything new in phishing. I already get emails like this from health care providers, asking me to open the email contents on their site. Obviously you need to figure out if the URL is legitimate, the same way you always have.
1 reply →