mrfrosty I spend most of my working day enforcing security (so I should do as CISO 😃 ) yet it’s difficult - people click things they shouldn’t. You spend millions of dollars / pounds annually on a security budget for someone to send n email internally that says “hey, click this link…” - and, like lemmings…. the rest is history (and obvious). The point here is that because the sender is someone inside the firm, the trust is intrinsic. However, how does the recipient know that the link is actually safe ? They dont.