Comment by crazygringo
5 months ago
What do you mean, how so?
This is a feature for the sending org, not the receiving org.
It's not something that could be done previously.
5 months ago
What do you mean, how so?
This is a feature for the sending org, not the receiving org.
It's not something that could be done previously.
How can this be critical for compliance. It's not real E2EE because there are no keys exchanged, and when the other party downloads the attachment, it can be stolen almost the same way an email attachment could. It also open the doors to yet another phishing attack
I mean, it just is. I'm not the one coming up with compliance rules.
But it can't be intercepted with any kind of MITM, it can't be read in case of a data leak, and it can't be forwarded accidentally. These matter.
It doesn't matter if it's "true" E2EE (which has different requirements in enterprise anyways), or that the other party can still take a photo of the email or whatever. It still provides tangible benefits.
And it doesn't open up anything new in phishing. I already get emails like this from health care providers, asking me to open the email contents on their site. Obviously you need to figure out if the URL is legitimate, the same way you always have.
> And it doesn't open up anything new in phishing. I already get emails like this from health care providers, asking me to open the email contents on their site. Obviously you need to figure out if the URL is legitimate, the same way you always have.
Yes it does. If sending an almost empty mail with a link to somewhere else becomes the norm, a link that must be clicked because it's most probably going to contain an important message, you are just making it much more of a routine to open links like that. And those could be phished (yeah, like everything else, that's obvious)